Internet of Things (IoT) solutions are becoming increasingly common for both consumers and businesses. While consumers explore Internet-connected refrigerators and webcams, in the business world IoT solutions include:
While these IoT solutions offer real benefits, they also introduce new security risks, like the risk of data being intercepted or compromised. Companies need to recognize these potential threats and make informed security decisions regarding an IoT solution for their organization. To accomplish this, it's helpful to think in terms of a "threat model." In security parlance, a threat model summarizes: 1) potential attack objectives, 2) the ways in which a system might be compromised, and 3) security countermeasures. Supply chain leaders need to take each of these considerations into account as they build an accurate threat model for their particular IoT solution and environment, since different IoT solutions and environments have different threat models.
As you begin to develop a threat model for your IoT application, start by identifying plausible attack objectives. An attacker may have many objectives, but the following are some of the most common worth considering:
Once you have identified the objective for a potential attack, it is helpful to prioritize which ones you should focus on preventing. For each potential attack scenario, it is useful to ask yourself, "What are the consequences?" to determine the severity of the attack and prioritize concerns. For example, the threat of losing IoT data for one hour due to a bad actor jamming a communications signal is probably less serious than the risk of damage to a facility. Next, consider what reasons an attacker might have to pursue the potential attack goals you've outlined. A scenario with a clear benefit to the attacker is often a bigger concern than one without any clear motivation to act on it. Prioritize threats with a known or conceivable motivation.
Once you've considered what could happen, next ask, "How likely is it to occur?" Consider potential attack pathways and the security weaknesses that might enable them. IoT vulnerabilities might include configuration errors (for example, neglecting to change a default password) or misuse of access privileges (for example, if a user copies and exports data).
Another key consideration is the potential avenue of attack presented by your IoT device's communications network protocol. This will vary widely based on the network you use:
In addition to the potential attack pathway, there are a number of other factors that you need to take into account in order to determine whether or not your IoT solution is secure. Consider, for example, whether an attacker needs physical access to the IoT device, and if so, how secure those devices are. A device on the outside of a building in a remote area may be more of a risk than a device inside a locked container, for example. Also consider the device itself—what skill set, tools, and time are required to tamper with it, and would the ends justify the means? Finally, consider whether attackers might achieve their objectives by abusing access granted to an authorized individual. What capabilities would the attacker have in this scenario? What safeguards should be established to counter this risk?
Evaluating the ways in which different IoT systems can be compromised will help you to build an accurate threat model of your particular environment. In turn, this careful consideration and evaluation will help you to determine the appropriate IoT solution for a given application.
What countermeasures can you employ?
After identifying the potential attack scenarios, consider the countermeasures that are built in to protect the IoT solution. One level is physical countermeasures—things that prevent or mitigate direct access to the device. Is the device easily accessible? Does the device have ethernet or USB ports that can be used to access the firmware? Is the firmware secured? Consider options for "hardening" the IoT device itself.
Second, consider the communications network (as discussed above). Weigh the tradeoffs of cost, ease, and security to make sure the method you've chosen meets your needs. Make sure that you are employing the safeguards available with your chosen technology.
IoT systems can also employ active countermeasures, such as scanning for unauthorized or unusual access and alerting administrators or security staff, similar to other enterprise systems. Finally, user accounts can be restricted to limit misuse, and the system as a whole can be built to maintain security even if a specific sensor has been compromised.
Making the final call
IoT is creating amazing opportunities for organizations to process data and automate environmental interactions in new ways. But as with all advances, IoT comes with risks. By applying a threat model framework and analyzing the possible attack objectives, security weaknesses, and possible countermeasures, organizations can apply a familiar security framework to this new technology. Organizations that are clear-eyed about evaluating these risks will find and deploy IoT solutions to derive enormous value while maintaining appropriate security.
1. For more on the limitations of wired solutions, see Bryan Hughes' article, "Building Real-World IoT Solutions," IOT AgendaÂ (Feb. 7, 2018),Â https://internetofthingsagenda.techtarget.com/blog/IoT-Agenda/Building-real-world-IoT-systems-Using-SMS-to-connect-sensors-in-the-wild
2. Parikshit Joshi, "Introduction to BLE security for IoT," Simform LLC (July 4, 2017),Â https://www.simform.com/iot-bluetooth-security-vulnerabilities/
3. For greater detail on these complications, see Peter Thornycroft, "Wi-Fi Access for the Internet of Things Can Be Complicated," Network WorldÂ (March 21, 2016), Â https://www.networkworld.com/article/3046132/internet-of-things/wi-fi-access-for-the-internet-of-things-can-be-complicated.html
4. See, for example, "GSMA Security Guidelines and Assessment," GSMA (Groupe Speciale Mobile Association), https://www.gsma.com/iot/iot-security/iot-security-guidelines/