5 reasons to update the enterprise IoT security roadmap

In order for widespread IoT adoption to take hold, the industry needs to mandate minimum levels of security measures that protect from cyber intrusion across the board

5 reasons to update the enterprise IoT security roadmap

The future is connected; and a secure future will require developers and manufacturers who fully appreciate the seriousness and interconnectedness of security

1. Security concerns have never been greater or higher profile.

As the ever-growing Internet of Things becomes a staple in households across America through smart, connected devices, the risk of security breaches is a concept brought to the average consumers’ (at times, actual) front door.

The growth in security concerns — ranging from the fear of an intruder virtually flipping a door lock to a hacker taking down a power grid — comes from increasing threats from obsolete systems and protocols that haven’t updated to meet the security requirements of the growing ecosystem of connected devices.

Weaknesses in platform security could push existing smart home owners to uproot their whole system for a new one, or it could even prevent potential consumers from entering the smart home revolution.

>See also: The Trojan horse: 2017 cyber security trends

With the media vociferously covering high-profile hacking (i.e. the largest cyber-attack ever at Dyn; hackers activating emergency sirens across Dallas, hackable cardiac devices; and the Trendnet webcam hack), it’s logical that consumer fears about security risks will only grow.

But that consumer fear can be productive, as it’s translated into accelerated motivation for developers and manufacturers to address security issues.

2. In an IoT ecosystem of many interconnected devices, the system may only be as secure as the weakest, least-secure device on the network.

According to IDC, by 2025, approximately 80 billion devices will be connected to the internet.

But with only some of these devices on a secured internet network, even when using security of the highest levels, can be vulnerable to exploitable holes or weaknesses on the other more vulnerable devices within the network.

Within an 80-billion-device ecosystem, a smart home system or device is only as secure as the weakest link. A connected door lock manufacturer may implement the highest level of security, while a company that manufactures a connected light switch may not feel take the same precautions, as it’s a seemingly less-risky device.

However, the security flaw within that light switch can be used to hack into the other, more compromising devices installed across the network and beyond. Hackers use these unsecure pathways to get themselves “inside a system” to attack.

>See also: How to protect business assets in 2017

For this reason, developers, companies, and manufacturers must plan for security beyond their individual devices and focus on the security of the entire network ecosystem, no matter what role they play in it. IoT security requires an end-to-end approach, and it’s always time for an update.

3. New security frameworks make updating security level simple and painless for manufacturers.

Within smart home protocols, previous security frameworks may have provided high-levels of security and encryption, but the choice to implement such measures was left up to manufacturers.

Understandably, manufacturers are not security experts nor do they often have dedicated staff to review and implement industry standard security measures, so connected products hit the market with varying levels of security depending on the manufacturer.

To avoid this, new security frameworks, such as Z-Wave Security 2 (S2), take the guesswork out of high-level security for manufacturers.

>See also: Hopes and predictions for Mobile World Congress 2017

Products that are Z-Wave certified will have this framework built-in from the chip; the S2 framework is so strong that it’s practically unhackable.

Z-Wave has always used AES-128 levels of encryption, a level the U.S. government considers safe enough for classified information up to the SECRET level used in embedded devices.

Combined with the S2 framework and nonce scrambling, there is no known method for overriding this protection — even using a supercomputer.

However, prior to S2, Z-Wave product developers utilised custom implementations and commands for secure devices, leaving the security implementation decision up to the individual manufacturers.

Now S2 eliminates the custom development by replacing it with a security solution integrated in the protocol and validated through certification, ensuring products from different vendors meet an equally high security standard.

Instead of saying: “Send command to this and this,” it says: “Send secure,” so that all transmissions are sent safely.

Hackers cannot circumvent the security application layer; the heavy lifting is built directly into the protocol and so manufacturers can focus on providing the best products, and not the security that’s outside of their expertise.

>See also: Gartner highlights 8 critical components of a digital workplace

Aside from Z-Wave devices themselves, the Z-Wave solution uses secure connection to other networks as well. DTLS secures the LAN, and TLS secures the WAN, which Z-Wave to IP gateway supports.

This implementation of best-in-class security technologies for each network type ensures optimal security-performance balance in solutions based on Z-Wave.

4. New security frameworks are stronger than ever, as they were developed hand-in-hand with security experts and hacker community.

Who knows better how to prevent crimes than those learned how to circumvent the rules? Hackers spend their lives figuring out how to bypass security, many for positive aims such as helping companies improve their own.

When developing the S2 framework, Sigma Designs partnered with the hacker community to ensure that no hacker, whether black or white hat, could circumvent the system.

Sigma opened up the code of S2 in its entirely to this community and that cooperation led to an unparalleled level of security.

In addition to the hacker community, Sigma worked closely with security architecture experts so that S2 includes secure communication for both individual devices and cloud communications.

>See also: How up-to-date is your software security training programme?

There’s a QR or PIN code requirement on each device when new local devices are added into the network, so there’s no window of unencrypted activity for hackers to exploit; and for cloud-accessible systems, S2 routes all communications through a secure transport layer security (TLS) tunnel.

5. Updating security doesn’t mean trading off battery life.

Sometimes, increased security means a trade-off on battery life, with large overheads for encryption and multiple transmissions for secure handshakes.

S2 is optimised for battery operation, running with minimum overhead, one-frame mode and nonce ensuring low power consumption with high security.

This results in industry-leading security and optimal battery performance with absolutely no negative affects to battery life on Z-Wave devices with S2.

The S2 framework is currently available for implementation and has been made mandatory on all devices submitted for Z-Wave certification. Existing devices will continue to be backwards compatible with the new S2 smart devices.

>See also: The cyber security industry is losing the cyber war

There’s no argument against updating your IoT Security Roadmap and certainly, many more than five reasons to do so … how about 80 billion?

The future is connected; and a secure future will require developers and manufacturers who fully appreciate the seriousness and interconnectedness of security.

 

Sourced by Johan Pedersen, Sigma Designs, product marketing manager, Z-Wave

 

The UK’s largest conference for tech leadershipTechLeaders Summit, returns on 14 September with 40+ top execs signed up to speak about the challenges and opportunities surrounding the most disruptive innovations facing the enterprise today. Secure your place at this prestigious summit by registering here

Comments (0)