Imagine a future where attacks on IoT infrastructure could bring down power supplies of entire cities, tamper the manufacturing process in a factory, stop a Tesla in the middle of the highway, overflow tanks in an oil rig, shut down a ventilator in ICU or even tamper cardiac implants.
While this might be the future nobody wants, there are already signs of heavy duty IoT devices based attacks. Take for example when few months ago, 500,000 IoT devices including the likes of video cameras and digital video recorders connected to the internet were compromised by ‘Mirai’ malware to create a huge network of botnets which hacked the servers of DYN, a web service provider resulting in disruption in services of popular sites like Twitter, Netflix and Amazon alike.
Not only this, a HP labs study of 10 popular IoT devices (thermostat, garage door opener, smart door lock etc) found an average of 25 vulnerabilities on each device. The report even pointed out that 70% of such devices are vulnerable.
Most of the devices are plug-n-play, sell-and-forget. Botnet harvesters identify firmware vulnerability and proceed to locate and exploit all the devices deploying the same firmware and with analysts firms like Gartner predicting the availability of 20.8 billion connected devices by 2020 cyber security becomes extremely critical for IoT devices across consumer and enterprise platforms.
Considering how big the IoT market is going to become, legacy vendors and startups in particular have been bullish in creating secure IoT devices and solutions.
Legacy Vendor’s IoT Push
Arti Anant Pande, Lead Technologist of Software design and consulting company ThoughtWorks talks about their technology radar which encourages teams to incorporate penetration testing into their continuous delivery pipeline and consider threat modelling to better understand their security needs. The radar also advices teams against anti-patterns that are likely to give them a false sense of security.
They are exploring hybrid, scalable, practical solutions that can handle security requirements of IoT devices throughout their lifetime which will become useful when majority of such devices are owned by end users with none or moderate technical skills.
While Manish Gupta, Director & General Manager, Infrastructure Solutions Group, Dell EMC points out that prior to implementation of an IoT device or solution at a customer’s end, they review the end customers security and strengthen their IT security and management practices to prepare them for additional risk exposure following which they establish and defend the functional integrity at the edge with smarter architectural components such as a IoT gateway and firewall to enable protection from risks of less capable connected devices and legacy equipment.
Legacy vendor, Microsoft even has a Windows’10 IoT OS for devices at end points which enable collection and streaming of real time data but in order to avoid IoT based botnet attacks at the software level.
Peter Gartenberg, GM, Enterprise and Partner Group, Microsoft India says, “We secure the IoT device while it is being deployed in the wild by enabling device level provisioning and authentication and at the same time we ensure that all data transmitted between the IoT device and IoT hub is confidential and tamper-proof by facilitating a secure, encrypted channel for the data communication between the device and the cloud.”
Even enterprise communication technologies player, Tata communications at their security operations centres has a team of skilled engineers who monitor attacks close to the botnet and DDoS heat map. “The attack is broken down in manageable chunks rather than tackled when it has gathered too much momentum particularly when it comes to IoT roll outs and adding more IP-enabled devices to networks, we make security a consideration at a device and application level as well as for the network,” says VS Shridhar, Senior Vice President & Head, Internet of Things, Tata Communications.
Moreover, NetApp which helps companies manage and secure information from connected devices across storage platforms. The storage vendor addresses the security issues by securing the data at device end point level. Deepak Visweswaraiah, Vice President & Managing Director, NetApp India explains their usage of Data Fabric strategy to enable companies to process large volumes of data from a variety of IoT sources with the visibility and quick performance .
The NetApp Data Fabric collects, analyses, secures data and help close the time gap between when the data is compromised and when the breach is discovered, so that the data is not stolen or destroyed by attackers.
Startups IoT game plan
For Full Story, Please click here.