A company’s computer network was once enclosed within its own four walls. Decades ago, the internet breached this physical perimeter to expand the networks to include computers around the world. Now, intelligence is being added to sensors and other small devices, thereby extending the reach of corporate and government networks to factories, farms, warehouses and other facilities, as well as to trucks, trains, cars, ships, airplanes and even people.
The Internet of Things (IoT) links many types of data-gathering sensors and other equipment that previously ran in isolation to existing computer networks. The connections range from heart implants in humans and biochip transponders in farm animals to sensor-enabled manufacturing equipment and vehicles of all types. IoT’s reach will continue to expand as the devices become smarter and more versatile.
However, as networks expand to far-flung locations and ever-more situations, the job of securing IoT networks becomes more complicated and network vulnerabilities potentially more damaging. Nothing highlights the challenges in securing IoT networks more than the SolarWinds attack of 2020 by the Russian intelligence service SVR, which compromised the networks of dozens of companies and government agencies.
Cyber criminals are increasingly targeting smart connected devices as entry points to corporate networks. Data security professionals now see cyber security for the Internet of Things as one of the most important aspects of their jobs. Degree programs such as a Master of Science in Cyber Security (MSCS) can help prepare students to qualify for positions responsible for securing IoT networks and other data assets.
Why Does the Internet of Things Pose a Security Threat?
IoT networks link diverse sensors embedded in computer and mechanical devices, including smartphones, wearable devices and manufacturing equipment. The resulting networks may have thousands of nodes that collect, process and communicate information. Each node creates a potential access point for malware purveyors and other computer criminals.
The danger of cyber security and the Internet of Things is a lack of visibility into potential threats of data loss, data theft or remote takeover of the connected devices. For example, smart lightbulbs contain the user’s Wi-Fi network information, which can be read by anyone who retrieves them after they’ve burned out and been thrown away. A hacker can use this information to access the home or office network, including its computers, security cameras and other network equipment.
Cyber Security and the Internet of Things: Identifying Vulnerabilities
One way cyber security professionals prevent attacks is by thinking like a cyber criminal who’s looking for a soft spot in a company’s defenses. Most such soft spots are located in unpatched or otherwise outdated software. To scan an organization’s IoT networks to ensure that all of the underlying software is patched and up to date, cyber security professionals take approaches such as tracking updates for all network software, penetration testing and intrusion detection.
Limitations of IoT Devices
The standard approaches to network security become more challenging to implement once IoT devices are linked to a network. Most of the endpoints for IoT connections are sensors that collect a specific type of data, such as temperature, pressure or weight, or they’re recording audio or video feeds.
- IoT devices typically are designed to run on low power and have limited processing and storage capacity, which limits the built-in security features they can include.
- Their relatively simple design also complicates the process of testing and updating their embedded software.
- In the past, IoT devices ran over low-bandwidth connections to the internet, but the recent arrival of 5G, LPWAN and other cellular technologies broaden the reach of IoT networks even further.
The Need to Automate IoT Vulnerability Testing
The size of IoT networks makes manual scanning for vulnerabilities impractical, so much attention is focused on using machine learning and other artificial intelligence techniques to automate vulnerability testing of IoT devices. Automated vulnerability testing of IoT networks processes the large amounts of data collected from remote network nodes in real time. The goal is to spot patterns in the system’s performance that indicate an attempted cyber attack.
The ability to predict when and where a network attack may occur sets AI-based security apart from other approaches. A survey conducted by Capgemini found that nearly three-quarters of executives believe the use of AI-based cyber security allows their organizations to respond faster when a breach is detected.
Benefits of Zero Trust Security
Companies are increasingly adopting Zero Trust security models to address cyber security for the Internet of Things. Zero Trust addresses the complexity of securing widely distributed computer networks by requiring that all devices and users on a network be authenticated before receiving access to network resources. Zero Trust network access creates a software-defined perimeter that verifies and authenticates all attempts to access any network-attached device.
The three tenets of Zero Trust security are:
- Continuous verification that treats all parties on the network as a potential source of a breach
- Breach assumption that takes a stronger defensive posture by assuming that a breach has already occurred
- Least privilege access that automatically applies the lowest level of access that is necessary for a specific communication session
Cyber Security and the Internet of Things: Locking Down IoT Networks
Security professionals have had to devise new approaches to cyber security for the Internet of Things. The evolving threat landscape requires that companies prepare for future attack scenarios.
Vet Potential IoT Security Vendors
Companies realize the importance of choosing IoT vendors that regularly update the software in their products and that support Simple Network Management Protocols (SNMP).
- In addition to the standard HTTP and WebSocket protocols, the most common IoT data protocols are Constrained Application Protocol (CoAP), Advanced Message Queuing Protocol (AMQP), Message Queuing Telemetry Transport (MQTT) and Data Distribution Service (DDS).
- IoT network protocols include Wi-Fi and Bluetooth, as well as Zigbee, Z-Wave and LoRaWan, which is a low-powered media access control (MAC) protocol.
Check Your Network Firewall Status
Firewalls remain the first line of defense for companies. The devices monitor all traffic to and from a network and block certain traffic based on its rules database. Next-generation firewalls feature advanced threat detection and remediation to respond automatically when a breach or potential breach is detected. Organizations must ensure that the firewalls built into network routers are enabled. They must also change the default password on all network devices.
Keep Your Network’s Software Updated
A key component of any IoT security plan is to identify and replace outdated operating systems, applications and devices on the IoT network. The operating systems embedded in IoT devices are usually updated via a Wi-Fi connection to an internet router. Often, the OS and applications embedded in the IoT device are outdated before they’re ever put into service. Also, vendors may be slow to update IoT apps and system software because of the time and expense required, so IT departments must take responsibility for updating the software.
Block Vulnerable Ports
Port scanners are vital network security tools that detect open or vulnerable network server connections by mapping a network’s IP addresses, hosts and ports. The scanner sends a Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) packet to network ports to determine their status. Techniques include ping scanning, TCP half-open port scanning, TCP connect scanning and stealth scanning. Restrict outbound port communication, especially Ports 80 and 443, which are the ports used to transmit plain text (HTTP) and encrypted text (HTTPS) over the internet, respectively.
Realizing the Benefits of IoT While Addressing the Risks
IoT networks benefit companies and their customers in many ways but only if companies can ensure that the far-reaching systems remain secure in light of escalating assaults on the networks. The University of North Dakota’s online Master of Science in Cyber Security (MSCS) program provides the skills required to qualify for in-demand careers in cyber security. In addition to earning a Cyber Security Analyst certificate, students can choose two of three stackable certificates — Ethical Hacking, Computer Forensics and Secure Networks — to customize their education.
Explore the University of North Dakota’s MSCS and start toward a career in cyber security.
Recommended Readings
What Is Vulnerability Analysis? Exploring an Important Cyber Security Concept
5 Blockchain Security Issues & Tips for Solving Them
Common Types of Cyber Attacks and Prevention Tactics
Sources:
Capgemini, “Reinventing Cybersecurity With Artificial Intelligence”
Cisco Systems, What Is a Firewall?
Fast Company, “Here’s What to We Can Expect to See in the IoT Industry in 2022”
Forbes, “The Five Biggest Cyber Security Trends in 2022”
Forbes, “How the Internet of Things Impacts Your Company’s Cybersecurity”
Nabto, “A Complete Guide to IoT Standards & Protocols in 2021”
Norton, “IoT Device Security: The Ultimate Guide for Securing Your New Tech”
National Public Radio, “A ‘Worst Nightmare’ Cyberattack: The Untold Story of the Solar Winds Hack”
SecuriWiser, “The 4 Important Things You Need to Know About Port Scanning”
StrongDM, “Zero Trust Explained: The Ultimate Guide to Zero Trust Security”
TechTarget, “5 Steps to Get IoT Cybersecurity and Third Parties in Sync”