More insights have been gained regarding the challenges around securing IoTs within smart cities, and how they can be overcome, by Information Age.
This follows a recent examination of the UK’s smart city developments.
IoT security is a complex issue for experts, with the UK government calling for tougher security for IoT devices earlier in 2018. Antivirus software can’t be installed on IoT devices, like they can on PC’s, which creates an added complication.
With this in mind, the task of securing smart cities that are heavily reliant on IoT will be more challenging, and company CTOs that utilise smart networks or plan on doing so in the future could see implementing a cybersecurity strategy for their network early on as a high priority.
“Two main aspects” of IoT security difficulty
Shahram Mossayebi, CEO of Crypto Quantique, says that before anyone can successfully figure out how to protect IoTs within smart cities, they must look at why it is so difficult in the first place.
“There are two main aspects to it,” Shahram explained. “One is that there are so many different parties involved in IoT’s. There are manufacturers, designers, component suppliers, and each of those players are facing different security attack vectors.
“The other aspect depends on what type of security solution you choose once you have a security-connected device inside your network. From a cybersecurity point of view, any connected device inside any type of network could act as an open window that can be exploited by a hacker, who can get inside the network, exploit other parts of the network and possibly even the whole network.”
While IoT devices, especially within homes, have been found to be easily detectable with the use of IoT search engines such as Shodan, a recent study has discovered that factory-set passwords for smart devices can also be found using a Google search within 30 minutes.
“No proper security plan”
With entire smart networks becoming more common at work as well as homes, this can be seen as an important matter when discussing the security of smart cities.
“The problem right now is there is no proper security plan,” said Crypto Quantique’s CEO. “People usually look at connected devices and think ‘I have a secure wifi, so my connected device should be fine.’
“In industry, they say ‘We have a secure gateway’. What we say is that the point from the connected device to the secure gateway and the point from the connected device to the secure router, isn’t really connected and isn’t really secure, and can be exploited by hackers.
“In order to get security right for IoT, you need end-to-end security. That’s a must, and this is pretty much what’s missing right now in industry.
“But then, having end-to-end security is not easy, because you’re talking about billions of connected devices.”
Cryptography to the rescue?
One method for applying end-to-end security to IoTs that Crypto Quantique is proposing utilises unique cryptographic keys for every device that is properly managed.
“In reality, given the sheer volume of connected devices, this would be a complex task,” admitted Shahram. “It’s very expensive, a lot of work ahead for our enterprises, and that makes a lot of people go around and say ‘Maybe we can get away with it with a default key for all devices’, for instance.”
The company says that it is building a full solution that provides the keys automatically without anyone knowing those keys, and without third parties getting involved.
Nominations are now open for the Women in IT Awards Ireland and Women in IT Awards Silicon Valley. Nominate yourself, a colleague or someone in your network now! The Women in IT Awards Series – organised by Information Age – aims to tackle this issue and redress the gender imbalance, by showcasing the achievements of women in the sector and identifying new role models