#Belfast2016: Current IT Security Will Not Work for IoT
The Internet of Things (IoT) is a concept that has snowballed in recent years to become one of the hottest topics of the digital age. Companies and individuals alike rely on connected networks and devices now more than ever, something that is not only becoming more common but also a way of life.
Research by cybersecurity specialist Webroot and data center organization IO recently found that 2016 is going to be a very busy year for IoT in the workplace, with 87% of polled CEOs and senior decision makers saying they plan to introduce IoT-focused strategies into their companies this year. Similarly, more than half of UK businesses intend to employ a chief IoT officer in 2016, signifying just how big an issue it has become.
However, speaking at the CSIT World Cyber Security Technology Research Summit 2016, Dr Ulf Lindqvist, Program Director of SRI International said current IT security techniques will not work for IoT services, suggesting there is a lot of work to do to secure the IoT.
Dr Lindqvist argued a key factor in this is a lack of clarity regarding who is responsible for governing IoT devices.
“Depending on what kind of device it is we don’t know if it’s the manufacturer that’s supposed to manage it; if it’s the person you sold it to, the vendor, whether it’s the organization or person that deployed it, if it’s the provider of the cloud or back-end communication services, or if it’s the user – who is it really?”
Dr Lindqvist explained his experience in the industry has taught him that good IT security is about separation – chiefly keeping the good things (authorized users) separate from the bad (unauthorized users).
“I learned a long time ago that there are three types of separation that still hold well,” he added. “These are physical, logical and cryptographic.”
The problem with this is that users see a lot of value in connecting things, the driving force behind the concept of the IoT, which counteracts the security needs of keeping things separate and creates the challenges we are now facing.
“If we look at what we are doing today to keep IT systems secure, it turns out that many of those things will not work for the Internet of Things,” Dr Lindqvist said.
“Today we do frequent patching and updates of our IT systems, we rely on secure configurations and we have all kinds of add-on security products which keep the cybersecurity industry alive and well,” but all of these can be very difficult to implement for a large distributed network of various devices.
“There’s some urgency here,” he continued. “The time is now to do something about this, and the reason for that is IT security in the cloud is really critical because it will soon impact everyone all of the time.”
Dr Lindqvist said to tackle the issue we must address the fact that IoT developers and integrators currently lack the knowledge, experience, standards and tools to provide security and privacy.
“We feel that we need to fill that gap and bring the best of security to developers so they can get hands-on tools to use in their daily work,” he added.
After all, “Today’s future tech is tomorrow’s legacy” and it’s something we have to protect.
Source: Information Security Magazine