In its annual Internet of Things (IoT) survey, Internet of Things World found an overwhelming majority of (85 per cent) believe that security concerns remain a major obstacle to the roll out of IoT. Almost two-thirds (64 per cent) of respondents said end-to-end IoT security is their top short-term priority, surpassing machine learning and artificial intelligence (AI).
With IoT potentially flooding wireless networks with billions of new connected devices, security must be a top priority for engineers and designers to keep up with the demands and to ensure that information travelling between devices with IoT connections remains secure. End users reported using more security software on average than the typical consumer, underscoring the complexity they face in protecting their existing communications networks.
If industrial companies are to push ahead with the introduction of IoT, they will be exposed to new security risks and need to protect themselves. The good news is that proven technologies such as token-based authentication and smart contracts suitable for IoT applications already exist that can mitigate the risk of security issues. Companies are still developing, learning from the risks and developing security management and insurance methods to protect their assets, industrial and otherwise, from security threats.
The internet has always been chaotic and will continue to be so in future but IoT has increased the potential for devastation. Companies developing industrial IoT applications face significant challenges, as many industrial devices have traditionally been designed in isolation. In 2016, the biggest hurdles to the introduction of IoT remained the same but were greatly outweighed by security.
IoT is extremely beneficial for commerce, education and society, and all are itching to invest more
In addition, large IT companies are continuously developing innovative solutions to ensure the security of IoT devices. Companies are rapidly expanding their risk, expanding to connect literally everything, and risking jeopardising their customers privacy, security and even livelihoods.
In 2016, Domain Name System (DNS) providers and major websites were crippled by distributed denial-of-service attacks carried out by IoT devices running Mirai malware. In May 2017, Junade Ali, a computer scientist at Cloudflare, found that native distributed denial-of-service (DDoS) vulnerabilities exist in over 70 per cent of the world’s IoT devices. The overall IoT security market grew by 27.9 per cent in 2016 due to growing infrastructure concerns, diversified usage and the adoption of smart home devices.
By the end of 2027, revenues are expected to reach nearly €15 billion, with revenues from smart grids. Network security remains the preferred solution for IoT security products, with network security solutions for smart grids, smart homes and smart city devices accounting for more than 50 per cent of the total IoT market in 2016. In addition, the global market for security and network management solutions in smart homes is predicted to expand at a faster rate at least up to 2027.
Most technical security issues are similar to those used in traditional servers, workstations and smartphones. In general, there are no significant differences in security levels between them and IoT devices.
Given that many surveys keep indicating that security keeps being the biggest concern, we can expect the supplier ecosystem to solve this problem once and for all. With the advent and massive deployment of IoT equipment coupled with the occasional breach of private data, companies are more cautious than ever, and rightly so.
IoT is extremely beneficial for commerce, education and society, and all are itching to invest more. The eSkills Malta Foundation therefore firmly believes it is time that sellers of IoT devices take a wider approach and carry out more research so that IoT devices are manufactured secure by default. In the meantime, it is highly recommended that such sellers offer a security implementation service to prospective customers.
This article was prepared by collating various publicly available online sources.
Claude Calleja, Executive, eSkills Malta Foundation