SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
IoT: Productivity boost or Pandora’s Box of security issues?
Thu, 24th Jan 2019
FYI, this story is more than a year old

Article by HCL Technologies engineering and research and development services president GH Rao

The Internet of Things promises to deliver significant productivity improvements across a range of industries in Australia – provided enterprises can rise to the challenge of protecting the extraordinarily decentralised ICT infrastructure the model demands.

The term IoT refers to an array of digital or computing devices, such as microchips, transponders and in-built sensors, which transfer data via a network or the internet.

Organisations have begun using the technology to track assets, improve efficiency, boost customer service and gain greater insight into their operations.

Australasian consultancy IoT Stream lists a gamut of local use cases: the refrigeration supplier that monitors temperatures remotely to ensure its equipment complies with health and safety regulations; the resources company which is improving its asset management process by using sensors to record remote engine hours for its fleet of heavy vehicles; and the adventure tourism business that's deployed an IoT solution to keep track of its kayaks when they're on the water.

A 2018 report produced for the Australian Computer Society by management consultancy PwC identified construction, mining, healthcare, agriculture and manufacturing as the local industries which had most to gain from broad take-up of IoT technology.

Australia may be able to “leapfrog the productivity gap through the intelligent use of the IoT” and for some sectors it may represent the opportunity to “undergo radical transformation and make a fresh start”, the report notes.

Embracing the IoT could add hundreds of millions to GDP, boost productivity and make exports more competitive, as well as putting individual businesses which deploy the technology on stronger footing.

Smart – but is it safe?

The benefits of IoT adoption are compelling – but only if enterprises are able to ensure the security of the infrastructure they deploy and the integrity of the data it transmits.

The challenges differ significantly from those which arise from more conventional technology infrastructures and understanding and planning for them is key to the success of every IoT project roll-out.

Traditional security strategies don't work when organisations are managing dozens, hundreds or tens of thousands of small devices dispersed across a large area.

IoT breaches have the potential to result in more than just data compromise. In some instances, a security incident may have implications for human safety.

Key challenges

IoT security is a challenge which continues to compound, as more devices are added to networks, at home and abroad.

Gartner estimates around 26 billion devices will be connected by 2020; creating an attack surface of considerable complexity and almost infinite scope.

Before embarking on an IoT roll-out, organisations should consider the following security risks and determine whether they can be addressed or mitigated adequately.

Security of devices

Networks are only as secure as their endpoints and because of the way they operate, IoT devices can be more vulnerable than traditional computing devices.

They come with a unique set of security challenges:

  • IoT devices can't be ringfenced in the same way as traditional devices because they're connected continuously but may only transmit data periodically
  • Devices typically have limited computational and data storage capacity, which makes them unsuitable candidates for the installation of security tools
  • A high volume of connected devices, coupled with irregular communication patterns, can overwhelm many security systems. Data patterns which might indicate a compromise or attack in a conventional IT setting can represent Business As Usual in an IoT setting.

It's vital for enterprises to ensure each IoT device they deploy does only what it is intended to do and has no scope to be infiltrated or reprogrammed by hackers or cyber-criminals. Large sections of code may need to be protected through encryption or access control.  While it's essential for speed and efficiency, Over the Air (OTA) update capabilities for software and firmware updates can compromise the security of an IoT system.

Security of communications

Securing network protocols can be a significant challenge, given IoT communications can occur over a combination of public, private, industrial and IT networks.

Many IoT devices have a paucity of computing power, which means the burden of providing data and network-based encryption typically falls to gateways.

In addition to supporting multiple types of connections and device architectures, these must be robust enough to secure vast amounts of structured and unstructured data.

Security of the cloud or data center

Data from IoT installations typically feeds into applications and the cloud.

Application interfaces are likely to feature open source libraries and technologies; making them vulnerable to infiltration.

In addition, all types of IoT devices and users connect to the cloud remotely and protecting each and every one of these connections is vital to the security of the whole.