About IoT- Businesses are increasingly part of a highly connected world. The PCs and mobiles used by employees, suppliers and customers to communicate with your enterprise are just the tip of the iceberg. Now, industrial machines, power generators, medical equipment, vehicles and buildings are hooking up with IT systems online, remotely sending and receiving data and commands.
As part of a team focused on online security, I can say that internet of things (IoT) security can be a much bigger deal than PC or mobile security. If a hacker breaks into a mobile phone and compromises a bank account, it may wreck the phone owner’s day. But when a hacker gets into relays for a power grid or the controls of a hospital dialysis machine, entire populations can be put at risk and lives can be threatened.
Start With An Application And A Threat Model
Devices and machines on the IoT are driven by software applications. Each application can be described in terms of its top-level functionality. For instance, pumps at an oil well might be remotely monitored, activated at different levels and shut down. IoT security threats to the pumps might then include attackers stealing data, preventing the pumps from working or forcing them to work at the wrong speed.
There are different models for assessing security threats, several of which apply naturally to the IoT context. These models have their own strengths and weaknesses. Often, the best results are obtained by working with multiple models. These correspond to multiple different ways of thinking about security and possible attacks, giving you a better chance of seeing things as a hacker would and therefore of putting more effective security in place.
Use STRIDE for assessing IoT security threats.
STRIDE is an acronym for the following threat categories:
• Spoofing. Attackers pretend to be someone or something they are not. To continue our example of oil well pumps, an attacker might mimic a command and authorization from a central system to dangerously accelerate pump speeds.
• Tampering. The attacker changes the data that is being transmitted, such as changing a pump status code to read “broken” instead of operational, to force the pump owner to send out a repair person.
• Repudiation. An action happens but the perpetrator then claims not to have done it. Perhaps a third-party maintenance company sends a command to stop an operational pump — deliberately or not — then denies having sent it.