The challenge of IoT
We are already here. They may have passed us. Their spread is breathtaking, with an estimated population of 125 billion over the next decade. IoT devices are pioneers in the digital transformation of society and are expected to revolutionize the way we live, play and work.
But can we really control the explosive growth of internet-connected machines? And, from a security perspective, what does this huge machine mean for a machine network? From wearables to industrial control systems behind the grid, what are the threats and risks associated with IoT devices?
New malware threats
The past five years have been the arena for a new generation of malware targeting embedded devices and the Internet of Things. Slowly, while developing connected or "smart" devices, the world has realized the consequences of placing time to market and cost over any security considerations. Smart meters, smart homes, anything can be smart, and as their name implies, they are fragile. Now that the average time required to disrupt vulnerable IoT devices on the Internet has fallen to about five minutes, threat actors can launch targeted attacks within 24 hours to disrupt specific devices.
Many of these vulnerable IoT devices run online 24 hours a day, 7 days a week, and have a lot of available bandwidth. This not only makes them an attractive target for conquering distributed denial of service (DDoS) botnets, but also an innocent stepping stone that harms internal networks through their back-end connections. From ransomware to crypto mining, in every element of the threat landscape, IoT devices have the potential to act as gateways in home and corporate networks.
Technical challenges
There is no doubt that everyone is facing unprecedented technical challenges in managing IoT risks: the Internet-oriented IoT accounts for only 5% of the total number of existing devices; the remaining 95% constitute complex risks and IT service management issues:
The Internet of Things market is fragmented and there are multiple standards at work that require different tools for network monitoring and operations.
The hardware footprint of IoT devices is small, if not small, and the computing power is small, which makes them unable to use traditional agent-based endpoint security management tools.
IoT devices contain a large number of software stacks with proprietary technologies and formats, as well as open source software, which makes their maintenance a bit difficult, if not impossible.
Due to fierce competition and market urgency, IoT manufacturers have ignored engineering and security investments. As a result, devices often carry hard-coded usernames and passwords, enable unnecessary services, and remotely exploitable vulnerabilities that are rarely published.
Even if a software fix or new firmware is released for a device, its deployment is often impractical. For example, where is the device? Can I update it remotely? Do I need physical access and custom cables for upgrades?
5G is imminent
As 5G becomes a reality, billions of people and trillions of machines will have access to enhanced mobile broadband to enable a wide range of applications from mission-critical medical surgery to emergency services and augmented / virtual reality. What's worse, the long shelf life of the device exacerbates all of the above problems. Outdated and insecure IoT devices will continue to exist and will haunt us for many years.
As a large number of IoT devices pose risks individually or collectively, identification, regulatory and asset management functions will become more critical.
From an operational perspective, inferring the identity (what it is) and function (what it does) of IoT devices by monitoring network traffic is quickly becoming a necessity for all network operators. This will enable them to assess their level of risk and the nature of the risk so that they can be properly managed. But this is not easy. The visibility required across the network is both extensive and deep.
ISP asks for help
Internet service providers are already seeking the help of their trusted partners to provide them with the visibility and monitoring capabilities required by an evolving service infrastructure. With the ability to identify the type and location of IoT devices on their network, operators will be able to protect themselves and their customers from threats.
The Internet of Things has the potential to fundamentally change our lives. IoT devices are driving fundamental changes in technology and culture, changing our current IT landscape. Many applications that consumers have been waiting for a smarter future include ultra-fast transfer rates, enhanced user experience, and enhanced virtual reality.
However, as the Internet of Things begins to drive innovation in key sensitive industries (such as healthcare, transportation, and public utilities)-spawned the fourth industrial revolution-tomorrow's network will require effective security oversight of IoT devices to address the IoT Equipment availability and reliability. New services and consumer privacy and security.
