IoT Device Security – Cyber ​​Resilience | Pipeline magazine


By: Dennis Mattoon

We live in an increasingly digital world with the Internet of Things (IoT) playing a huge role in the way we live and work. A wide range of IoT devices can be found around the home, from smart light bulbs and refrigerators to doorbells and cameras, as well as in factory or office environments. In industrial environments, many machines and devices are connected to streamline processes, enable remote operation and increase efficiency. But with IoT devices approaching 27.1 billion in 2021, according to Cisco, security must be a key consideration in their development and manufacture.

In recent years, we have witnessed numerous attacks in many sectors and environments, including critical infrastructure, which have caused significant damage. Attacks on the systems, assets, facilities and networks that society relies on for public health, safety and security can cause widespread levels of disruption on a national or even global scale. If critical infrastructure is compromised or destroyed, it doesn’t take long for the impacts to be felt beyond governments and businesses to ordinary citizens. The attack on the Colonial Pipeline, the largest fuel pipeline in the United States, is a recent example of this type of attack. The system was shut down for six days in response to a cyberattack, increasing average gasoline prices in affected areas.

The level of sophistication exhibited by cybercriminals is increasing, while the growing number of connected devices being implemented across industries also opens the door to more attacks. The rise of IoT devices is often driven by industrial digital transformation and the resulting benefits. Increased automation, enabling remote operations, increasing efficiency and streamlining operations are just a few benefits. Security is generally not a driving force here, as it can often be viewed as an unnecessary added expense.

However, as all IoT devices must be connected to a network to function, we must consider each connected device as an entry point, allowing access to this network and all sensitive data generated, stored and communicated. That’s why security needs to be a priority when these billions of devices are built in the factory: manufacturers and developers need to start adopting a security-first approach if we want to stay ahead of cybercriminals.

We need to focus on safety from the very beginning of creating a device. Safety should be a key consideration as the prevention methods incorporated at this stage will protect it throughout its life cycle. It is important that a device has the ability to protect itself, respond to attacks, and recover. Cost is often used as a justification for not properly prioritizing and funding security measures, but implementing the steps that allow a device to do so will actually save time, resources, and cost in organizations. years to come.

For this to happen successfully and universally, the implementation of cyber-resilient architectures is essential. The three fundamentals of resiliency are: protect updatable persistent code and configuration data, detect when vulnerabilities are unpatched or when corruption has occurred, and reliably restore to a known good state even when the platform is compromised. When properly implemented, a cyber-resilient architecture allows a device to be recovered, even after it has been compromised and hacked. If we compare that to today, recovering a severely compromised device usually involves manual intervention. For example, new firmware or a new operating system must be loaded from an external storage device or a second computer before a device can join network services using passwords or other identifying information. But with billions of IoT devices in use, it’s extremely difficult to manually intervene when one has been compromised. Not only that, but IoT devices from


Comments are closed.