Are There Sufficient Security Mechanisms In Place For IoT

by David Morris, Aug 2020

Applications of the Internet of Things (IoT) and the wireless devices they use should consider a new proposal by the Trump administration aimed at reducing cyber-security threats from botnets and other automated, distributed attacks, lawyers said this week. In August 2017, Congress introduced the IoT Cybersecurity Improvement Act, which requires all IoT devices sold to the US government that do not use standard passwords, have known vulnerabilities, or offer a mechanism for patching devices. Companies that produce home security cameras, smart thermostats, and home security systems have begun preparations for the new law, the National Security Agency’s Cyber Security Improvement and Protection Act of 2017 (CISPA), which takes effect on January 1, 2020. [Sources: 1, 3, 8]

To prevent insider attacks in the IoT, all IoT nodes that become part of an IoT network must be authorized with the same security measures that are required for IPv4. IoT is envisaged, manufacturers will continue to develop devices with poor security due to the lack of a universal IoT security standard. This means that the more variations of IoT devices we see out there, and the more diverse the security concerns that the physical world brings to the Internet, the more complex the security problems that IoT poses. [Sources: 6, 12]

To stem the tide of unsafe IoT devices and address all of the above risks, the industry must work to develop and implement the necessary standards to ensure that all connected devices are sufficiently secure. [Sources: 14]

IoT security mechanisms should be equally specialized and prevent targeted attacks, which are often unique to the functioning of each device. Fourth, the implementation of security policies at the physical level has a long history, as IoT devices and sensors used in IoT platforms need to be efficiently secured. Fifthly, it is important to ensure that security technology personnel are used for the proper monitoring and management of IoT devices. [Sources: 7, 10, 15]

I devices that have an impact on user safety should continue to operate in separate operation to protect consumer safety. NIST argues that a key aspect of IoT security is to identify security events before they escalate into an incident. IoT systems must be able to maintain their functionality in such adverse conditions when there is a security event, “says NIST. [Sources: 4, 9]

We need to hold the providers of products on the Internet of Things to account to ensure that they have put in place strong safeguards and allow us to add them if we so wish. If you are worried about DDoS attacks, are a potential target, or are concerned that your IoT device may be compromised and bots are recruited, Fuzzing can help you proactively improve the security and robustness of your software. Software errors are inevitable and should be minimized, but they are inevitable. IoT providers should have well-defined procedures to receive reports of vulnerabilities in their products and services. Should IoT devices be automated? [Sources: 2, 9, 11, 14]

A well-designed end-to-end IoT platform can help ensure that users can continue to be confident that the IoT devices and applications they use do not compromise their privacy. IoT providers do not generally implement reasonable security measures or undertake to ensure the security of their IoT device. However, the simple introduction of an IoT security framework can be helpful; tools and checklists have been provided to help companies develop and deploy IOT devices. [Sources: 1, 5, 14]

The challenges in the area of IoT security can be divided into two main categories: security of devices and services and user privacy. IoT devices or services and provide a comprehensive overview of the security challenges surrounding them. [Sources: 6, 13]

I devices should have robust hardware – authentication-based identities, implement secure booting and whitelisting to prevent malicious code, and follow best practices in security and cryptography. IoT providers should consider strict security controls in their products and design them in such a way that they take into account the intended and expected lifetime of the device and the user’s privacy. BITAG recommends that manufacturers of IoT devices secure communication by means of a combination of robust security protocols and robust authentication mechanisms. Communication in the IoT can be secured by a light security protocol in a restricted environment, a novel security protocol that meets the specific requirements of the IoT, or by an established security protocol that already exists on the Internet. [Sources: 6, 9, 14, 15]

Modern companies are digital beehives of networked objects that lack security and offer an attractive gateway for cyber attackers, “says Dr. Jürgen Schulz, CEO of BitAG. Many IoT devices are developed by companies that have no experience in securing devices on the Internet, which can lead to data leaks and security breaches. Businesses that have an IoT device must select the protocols they are connected to the network to implement robust security. [Sources: 15]

I offer capability-based access control mechanisms to ensure the security of an enormous number of elements in Malisa14. IoT authentication methods are necessary to secure IoT devices, and there are several ways to achieve this goal. [Sources: 0, 7]

Sources:
[0]: https://blog.ipswitch.com/internet-of-things-101-iot-device-authentication-explained
[1]: https://internetofthingsagenda.techtarget.com/definition/IoT-security-Internet-of-Things-security
[2]: https://www.synopsys.com/blogs/software-security/protect-iot-devices-from-ddos-attacks/
[3]: https://www.mintz.com/insights-center/viewpoints/2826/2018-06-25-trump-administration-botnet-report-will-impact-iot
[4]: https://fedtechmagazine.com/article/2018/07/how-feds-can-manage-iot-security-issues-perfcon
[5]: https://www.embedded-computing.com/embedded-computing-design/an-end-to-end-approach-is-needed-for-iot-device-security
[6]: https://www.hindawi.com/journals/jcnc/2019/9629381/
[7]: https://www.cse.wustl.edu/~jain/cse570-15/ftp/iot_sec/index.html
[8]: https://www.darkreading.com/iot/californias-iot-security-law-causing-confusion/d/d-id/1335863
[9]: https://www.bitag.org/report-internet-of-things-security-privacy-recommendations.php
[10]: https://www.iot-now.com/2017/05/31/62543-new-formula-iot-security-risk-equals-probability-multiplied-loss/
[11]: https://blogs.sap.com/2017/12/04/5-ways-to-overcome-iot-security-challenges/
[12]: https://www.intellectsoft.net/blog/biggest-iot-security-issues/
[13]: https://www.riverpublishers.com/journal_read_html_article.php?j=JCSM/4/1/4
[14]: https://www.cablelabs.com/insights/vision-secure-iot
[15]: https://www.techrepublic.com/article/iot-hidden-security-risks-how-businesses-and-telecommuters-can-protect-themselves/