Internet of Things is a revolution that has suddenly captured our imagination. According to Markets and Markets, the IoT market size is estimated to grow from $157.05 billion in 2016 to $661.74 billion by 2021, at a CAGR of 33.3 percent from 2016 to 2021.
The report further underlines that all industry verticals are undergoing a huge transformation in a bid to move toward affordable, accessible, and quality services to their customers. New applications and use cases, a result of cutting edge technology innovations, are being developed to address the changing industry needs. IoT, in combination with cloud computing and big data, is creating lucrative opportunities for organizations.
“However, the ubiquitous use of a technology in wide ranging areas brings forth risks that range from significant to catastrophic. Nuclear facilities can be damaged overnight by compromising the IoT infrastructure. We have already seen an early avatar of this in the form of Stuxnet,” said Vinod Vasudevan, Co-founder and CTO, Paladion. “Similarly, nation state attacks are expected to target IoT used in power grids and other utilities. Smart Cities can get paralysed in minutes if the IoT infrastructure that automates the processes here gets compromised. IoT risks are complex since IoT technology stack has many new components including IoT sensors, protocols, gateways, and management platforms.”
Thus, IoT security includes many new risk areas that cybersecurity industry is still learning to resolve including cloud and mobility. As an example, there are many IOT protocols in the market today including Zigbee, CoAP, Advanced Message Queuing Protocol (AMQP), Digital Data service (DDS), and Message Queue Telemetry Transport (MQTT). These protocols are either new or derived for IOT from an earlier version used for generic purposes. As a result, they are vulnerable unless special effort is taken to secure them.
“In addition, IOT management platforms have web interfaces and related protocols enabled. Therefore, they are exposed to common web application attacks. The impact of such web based attacks on IoT management platform is high since it can be used to subvert millions of sensors for a malicious purpose. Imagine impact of power grid sensors taken off the grid with a successful web based attack on the IoT management platform,” added Vasudevan.
There are three key challenges for the future of IoT. This includes ubiquitous data collection, potential for unexpected uses of consumer data, and heightened security risks. Hence, companies need to enhance privacy and build secure IoT devices by adopting a security-focused approach, reducing the amount of data collected by IoT devices, and increasing transparency and providing consumers with a choice to opt-out of data collection.
Vasudevan highlighted that securing IOT infrastructure requires collaboration between industry, and academia, government for “secure by design” roll out of IOT protocols. Such initiatives are still at nascent stages but have started. “There should be certification of the safety of IoT products and components from central authorities backed by government. This can be treated very similar to car safety and certification that we are all used to. IoT security movement has started but there is still a long way to go. Good news is that we can still do things to enhance the barrier to attacks while we wait for industry to accelerate the act,” he said.