The IoT Security Foundation is an international, non-profit organization founded to help establish best practices and guidance for securing a connected world. This collaborative group bridges the gap between having no security standards and universal ones. In a world where information moves at the speed of thought, having more robust cybersecurity practices is critical for individuals, businesses, and governments.
The availability and relatively low cost of IoT devices — combined with the advent of 5G technology — opens up a veritable Pandora’s box of heightened risk. It will take a concerted effort by some of the world’s leading technology and security experts to stay a step ahead of cybercriminals and to put more secure devices in the hands of consumers. Here’s everything you need to know about the IoT Security Foundation.
The Evolution of IoT
The Internet of Things (IoT) refers to the network of internet-connected smart devices that receive and transmit instructions without a keyboard or screen. Examples vary from smart appliances to voice-activated Alexa or Google Home devices to sensors that power factories, hospitals, and even entire cities. These devices communicate with little to no human intervention once configured and play many roles, depending upon where and how they are used.
According to Network World, the first IoT device was a Carnegie Mellon vending machine that was connected to ARPANET in 1970, although the term was not used until 1999. That vending machine was purported to have been the precursor of the modern devices of today. Finding a way to connect devices was slow and difficult until RFID tags came into widespread use in the early 2000s. They were portable, lightweight, inexpensive to implement, and took advantage of WiFi and 4G technology.
Fast forward to the present day, and you can find smart devices virtually everywhere:
This includes climate control systems, drilling systems for oil and gas, growing and yield data for agriculture, and targeted mobile ads in retail stores.
These devices include doorbell cameras, smart appliances, thermostats, lighting, and more.
This category includes fitness trackers, thermometers, and home assistants like Google Home or Alexa.
This sector includes traffic monitoring and roadway access, public transit, lighting, security cameras, and public safety, utilities, and more.
However, with convenience comes risk. The existing and emerging threats are numerous and multifaceted, and there is little guidance on how to mitigate it.
Why We Need More Security
First and foremost, in-depth security testing tends to take a back seat to market in the computer and electronics industry. The basic answer to why we need more security is that we haven’t done enough so far to safeguard the devices before they are released. A few facts to keep in mind:
- In 2020, there were approximately 50 billion IoT devices worldwide, and they are easy targets for cybercriminals.
- Now consider what those same bad actors could achieve when the devices are connected to a 5G network that is up to 100 times faster than 4G, with the potential for even faster speeds.
- That means that every bit of malware introduced at any point along the route is speeding like a missile throughout the Internet of Things.
- Not only will it go faster, but there are more opportunities to introduce it when the expanded bandwidth of 5G allows even more devices to be supported at one time.
New legislation seeks to provide more accountability for manufacturers and suppliers of government IoT electronics, which is a good start, but it fails to address the remediation of existing vulnerabilities. With increasing numbers of devices available at more reasonable prices to consumers worldwide, we must find a way to secure our devices, networks, protocols, and data.
Emerging Cybersecurity Issues
Some cyberthreats to watch for in 2021 include but are far from limited to:
Many of the current IoT devices have not been tested adequately for security vulnerabilities. They also lack the ability for even basic security measures like encryption. The proliferation of these IoT devices is expected to top 75.44 billion by the end of 2025.
A recent IoT World Today survey reports that 57% of respondents will monitor performance using artificial intelligence and machine learning. AI has been used maliciously to mimic chat functions to gain access to computers. The rise in AI threat is partially due to the widespread availability of tools for building AI systems. However, since AI is used in many industries all along the supply chain, the results of attacks could be catastrophic.
Images, video, or audio spoofed with the use of AI are called deepfakes. Since many cybersecurity tools aren’t able to filter out spoofed audio or video, cybercriminals could create deepfakes that solicit money, purportedly at the prompting of a respected individual, such as one uncovered in a 2019 Europol investigation. In an even darker possibility, dark fakes featuring heads of government could lead to civil unrest, sedition, or even a world war.
The lure of even more financial gain will lead to more sophisticated, coordinated attacks. Specialties can and will evolve, focusing on specific targets like bitcoin mining, ransomware, and others. It will become increasingly harder to discern criminal activity from state-sponsored attacks.
There is no magic bullet or easy answer to how to secure the IoT. It isn’t a problem that can be solved by one person, one industry, or even one country. So how do we move the needle in the right direction?
What Is the IoT Security Foundation?
The Internet of Things Security Foundation (IoTSF) was formed in response to the encroaching threats from cybercriminals seeking to benefit from the existing and emerging vulnerabilities in the IoT. The consortium of IoT, hardware, and software professionals, network providers, retailers, distributors, security experts, government agencies, and others are attempting to improve safety so that we can realize the advantages and leverage the conveniences of a hyperconnected world.
The IoTSF’s Mission
- Aiding adoption of secure solutions
- Influencing future regulation, including IoT procurement by governments
- Increasing IoT security expertise in the industry
- Delivering business value with an international IoT security framework
The Organization’s Goals
- Create and sustain a comprehensive compliance framework to secure IoT products and services
- Originate and champion security best practice guidance
- Promote the adoption of the compliance framework
- Coordinate assurance procedures to indicate conformance with the IoTSF compliance framework
The organization leverages some of the best and brightest minds from all over the world. They are at the forefront of technology and security, with a full understanding of the costs of not addressing the vulnerabilities. So, how will they do that?
3 Impacts of the IoT Security Foundation
If you look at the IoT like the California gold rush of the mid-1800s, you can see a comparison where honest, hardworking people saw the potential to improve their lives — and so did thieves. It was the Wild West, a whole new world with virtually no laws and criminals literally waiting for someone to discover a fortune so they could steal it.
That rush to mine gold is very similar to the rapid adoption of insecure IoT devices in homes, businesses, and government agencies all over the world, with an honest desire to improve convenience, communication, and more with no universal standards or comprehensive legislation to secure it. The IoTSF is trying to remedy that gap with a concentration in several areas.
One of the stumbling blocks to more robust cybersecurity is ignorance of the threats. It is very difficult to secure your corporate or personal assets if you do not fully understand what vulnerabilities exist. One of the primary efforts of the IoTSF is to establish best practices to not only educate users but to inform manufacturers. Working groups help to advance that work.
To prioritize the issues facing the IoT, the IoTSF has established several working groups. The goal is to build an Internet of Trust through shared knowledge and cooperation in establishing best practices. Each working group will have its own executive board champion to represent its efforts to the IoTSF executive board. Current working groups include:
- Compliance framework
- Best practices
- Supply chain
- Smart buildings
To illustrate how the working groups drill down on specific priorities, let’s look at how one is impacting smart building development.
Smart Building Development
The Smart Buildings Working Group is tasked with establishing guidelines that safeguard the enterprise domain. The comprehensive recommendations for digital security extend all along the supply chain to “procure, install, integrate, operate, and maintain IoT securely in buildings.” Equipment and controls in smart buildings like lighting, building security, fire, and HVAC systems are common examples. Their goal is to make these guidelines globally available and easily incorporated into existing processes by encouraging communication.
While these efforts are encouraging, what should we expect in the meantime? It is not reasonable to expect that everyone will disconnect their smart devices, nor is it ideal to simply wait for the inevitable attack. With incomplete or inconsistent advice on how to implement safeguards, how do business owners know which cybersecurity technologies they should invest in?
Securing Your Future in a Hyperconnected World
The Internet of Things is changing our world, but not without risk. Guidance, best practices, and legislation has not kept up so far with the proliferation of IoT devices, not to mention the advent of 5G technology. Billions of insecure devices are already in use, including vulnerabilities from associated software, firmware, APIs, network protocols, and more. The Internet of Things Security Foundation is an international collaborative group of professionals and experts in IoT security and technology that is working to fill the gap, educate, guide, and influence legislation for more robust cybersecurity.
To learn more about cybersecurity investment, contact Option3Ventures today to speak with an expert.