IoT Device Security
for the Future of Cyber Resilience

By: Dennis Mattoon

We are living in an increasingly digital world with the Internet of Things (IoT) playing a huge role in how we live and work. A wide range of IoT devices can be found in the home, from smart lightbulbs and refrigerators to doorbells and cameras, and in factory or office environments, too. In industrial settings, many machines and devices are connected to streamline processes, enable remote operation, and boost efficiency. But with IoT devices nearing 27.1 billion in 2021, according to Cisco, security must be a key consideration in their development and manufacturing.

Sophisticated attacks

In recent years, we have seen numerous attacks across many industries and environments, including critical infrastructure, which have caused significant damage. Attacks on the systems, assets, facilities, and networks that society relies upon for public health, safety, and security can cause widespread levels of disruption on a national or even global scale. If critical infrastructure is compromised or taken down, it does not take long for the impacts to be felt beyond governments and corporations to ordinary citizens. The attack on the Colonial Pipeline, the largest fuel pipeline in the U.S, is a recent example of this type of attack. The system was shut down for six days in response to a cyberattack, increasing average gasoline prices in affected areas.

The level of sophistication shown by cyber criminals is growing, while the rising number of connected devices implemented across industries is also opening the door to more attacks. The rise in IoT devices is often driven by industrial digital transformation and the benefits that come with it. Increasing automation, enabling remote operations, increasing efficiency, and streamlining operations are just a handful of benefits. Security is not usually a driving force here, as it can often be considered as an unnecessary added expense.

As all IoT devices need to be connected to a network to function, however, we need to view each connected device as an entry point, allowing access to that network and all the sensitive data generated, stored, and communicated. This is why security must be at the top of the agenda when these billions of devices are created on the factory floor: manufacturers and developers must start taking a security-first approach if we want to stay ahead of cyber criminals.

Proactive IoT device security solutions

We need to place an emphasis on security right at the start of a device’s creation. Security must be a key consideration as prevention methods built in at this stage will protect it throughout its entire lifecycle. It is important that a device has the ability to protect itself, respond to attacks, and recover. Cost is often used as a justification for not prioritizing and funding security measures properly but implementing the steps that allow a device to do this will actually save time, resources, and costs in the years to come.

For this to happen successfully and universally, the implementation of cyber resilient architectures is key. The three primary principles for resilience are: protecting updatable persistent code and configuration data, detecting when vulnerabilities are not patched or when corruption has occurred, and recovering reliably to a known good state even when the platform is compromised. When implemented correctly, a cyber resilient architecture allows for a device to be recovered, even after it has been compromised and hacked. If we compare this to today, recovering a badly compromised device usually involves manual intervention. For example, a new firmware or a new OS must be loaded from an external storage device or a second computer before a device can rejoin network services using passwords or other credentials. But with billions of IoT devices in use right now, it is extremely difficult to manually intervene when one has been compromised. Not only that, but IoT devices of


Latest Updates

Subscribe to our YouTube Channel