At the same time, MNOs who want to rule the M2M space must move quickly, as the ecosystem is broad and encompasses possible players in many industries, not the least of which are Internet-based companies like Google. "Ensuring end-to-end security is going to be [a] significant industry challenge, and those who move quickly will reap the greatest benefits," predicted Frost & Sullivan in a recent white paper. Closely examining the security challenges of M2M will enable MNOs to be the early birds and build safe, reliable, high-value M2M platforms.
On an abstract level, there are essentially three pillars to any digital security solution:
There are several reasons why M2M connections present unique security concerns compared to common computing or cellular security. First and foremost, M2M ostensibly removes one of the biggest security threats from the equation: the human end user. Network compromises caused by either accidental or intentional errors on the part of a human are arguably the most significant security threats. In the cellular network "most of the risk is the user," says MTS CIO Frederic Vanoosthuyze. A machine, on the other hand, is incredibly good at following its own security policies. But unlike a cellular phone or a tablet, machines are, for the most part, unattended, and present an easy opportunity for attack. Many analysts and academics point to the unattended nature of M2M communication as its biggest risk.
Second, a central tenet of security is that the more points of entry there are, the greater the risk. It’s simply a numbers game: Even if all the doors are made of steel, a house with 1 door is easier to defend than a house with 20. Likewise, managing a million devices — or attack points, depending on how pessimistic you are — is difficult, but ratchet that number up by a factor of 10 and you get an idea of the increased risk M2M presents.
Third, data in the M2M network isn’t inherently encrypted or managed like data in the cellular network because there are numerous providers and numerous transfer protocols. Machines will do a great deal of talking in the future over unregulated spectra like Wi-Fi. "Non-cellular will account for about half the market," says John Horn of Raco Wireless. "Wi-Fi needs a specific security solution."
Fourth, M2M security means different things to different parties. A simple home automation system might be designed with simple security — hardware-based security and software-based monitoring and control. Healthcare and financial institutions, on the other hand, are governed by strict confidentiality and security laws, so M2M security solutions in these industry verticals are much more robust. The TIA has drafted M2M standards, but the industry has yet to adopt a unified view of what constitutes M2M security. In fact Machina Research predicts that greater standardization is one of the top 10 drivers for the M2M revolution.
There are three elements that must be addressed to create a secure M2M platform: device-level security; data security in the network and gateway; and application security.
Device security
According to the TIA’s TR-50 standards committee, devices in the M2M ecosystem are vulnerable to six types of attacks, such as configuration attacks, data and identity attacks and protocol attacks. There’s a reason why so many attack scenarios