Demanding a Plan for Cyber Resilience in the IoT
Earlier this month, I wrote about the need for a holistic security strategy for the Internet of Things (IoT). It’s more than securing a ‘thing’ within the IoT – it’s about building resilience for the whole system. Cyber resilience is about managing risk; identifying potential risks, evaluating the likelihood of them occurring and their negative impact, and deciding the appropriate actions to take. The challenge is that organizations deploying connected things, or extensive IoT projects, are faced with multiple component vendors that utilize disparate security methods. These inconsistent approaches are giving cyber criminals more opportunity to compromise networks and systems and steal valuable data.
It is time. Customers need to demand resilience practices from their IoT vendors. More specifically, they need to set the bar for a core set of requirements that address critical security, data protection and privacy needs.
The key will be to build this in from the ground up, rather than an afterthought. The following practices will not entirely eliminate cyber risk; but when used together they create awareness to the risks and will build a formidable defensive posture to significantly reduce the impact of threats.
- Secure Development Lifecycle (SDL) – Building a trustworthy and secure product means starting at the design and development phase so that security does not get left behind in the wake of evolving business needs. A SDL gives engineers the processes and tools to detect, fix, mitigate and prevent design and code weaknesses that could become exploitable. It includes methods like threat modeling, to help understand and prioritize risk within a system. By following the flow of data through the system, it can identify trust boundaries where the data can be compromised. The SDL should also include penetration testing, proactive attempts to break into products and services to identify weaknesses and vulnerabilities in order to develop better protections against attack.
- Change Default or Weak Passwords – Attackers often use the simplest methods to penetrate a system. Default passwords provide easy entry for an attacker when scanning for targets. Lack of password complexity significantly reduces the search space when trying to guess user’s passwords, making brute-force attacks easier. For this reason, it is important to require all users, including administrator accounts, to have strong passwords. Ideally, multifactor authentication should be used to secure user credentials.
- Ensure Secure Firmware and the Latest OS Updates – Connected devices within the IoT contain firmware, embedded software that provides control, monitoring and data manipulation of products and systems (i.e. sensors, traffic lights and security cameras). It is crucial that each device in an IoT system has the latest and most secure firmware and OS updates. The method to accomplish the software and firmware updates must also be secure.
- Data Privacy – As data is a key enabler of IoT success, it must be planned for, managed and responsibly protected just as any other critical business asset. Privacy has to be viewed geopolitically. Each technology vendor needs to understand privacy laws and regulations within the countries in which they operate and make sure all of their products, services and staff comply with proper handling of that data. The SDL process should include “Privacy by Design” principles.
- Secure Communications and Authentication – As IoT project adoption accelerates, technology vendors need to carefully evaluate and streamline methods for device communication and authentication. One aspect of security is safeguarding the integrity and confidentiality of IoT data and the other is the authentication of each device placed within a network (i.e. verifies the security posture of the devices and authorization levels of the users before they are allowed access).
- Product Security Incident Response – While all of the above are important, inevitably security risks will arise that need to be mitigated after the fact. In this case, it is critical that every vendor in the IoT system must have a responsive, easily reachable product security incident process. This process must clearly communicate with impacted users, be responsive to security researchers and customers alike, and ensure timely, complete resolution to what are often complex security issues.
All of the above should be considered irrespective of IoT or not. It is the start of good security posture.
What do you think? Join the discussion with questions, comments and suggestions. We’ll continue the topic of resilience for the IoT in upcoming blogs. In the meantime, you can learn more about building trustworthy systems in our Trust and Transparency Center.