The Internet of Things is already there and brings new challenges. Long time ignored or minimized, security is now a concern throughout the industry. Driven by electronic and computing industries, the IoT Security Foundation was created last September in the UK and gathers various members including cybersecurity technology specialists and international companies such as IBM or British Telecom.
Its mission: help companies better secure their connected equipment from the smallest sensor to the bigger level. Among the major leads: isolation of the components’ softwares, implementation of cryptographic, unicity of the devices.
DirectIndustry e-magazine interviewed Haydn Povey from the Executive Steering Board. He explains how the sector should face the “storm that is coming.”
Executive Steering Board
DirectIndustry e-magazine: Why an IoT Security Foundation? Does this mean that securing the IoT has become crucial?
Haydn Povey: The Foundation is here to help implement good practices. Security is now the n°1 concern in the industry. Cyberwar is unfortunately a reality today. Nations are infecting each other’s’ critical infrastructures and industrial systems. Attacks can happen everywhere. Companies assume that their systems might be compromised. We have to protect every connected device, from the smallest sensors to the biggest level.
DirectIndustry e-magazine: Do you mean that with IoT the threat has changed?
Haydn Povey: Hacking is no longer about loss of information. Hacking a PC is annoying but we can handle it. Hacking the IoT is worse. We don’t deal with just data anymore, we deal with critical systems with impact on the real world. Nuclear power stations, energy grids, heating systems are some of the infrastructures that can been attacked with terrible consequences such as people dying or billions of dollars of damages. In the automotive industry, some carmakers did not secure the entry control unit that upgrades the cars. Hackers were able to change the settings of the acceleration!
DirectIndustry e-magazine: How can the industry avoid this?
Haydn Povey: First, there needs to be better separation of components between the software that runs the device and the software that does the communications. So if the communications is compromised, the device still works.
We also need to build better IoT infrastructures to ensure that attacked devices are unique. So if someone breaks into a light bulb or a heating system, it’s just that one and not all. This is not necessarily new technology but that can make systems more robust.
DirectIndustry e-magazine: What about cryptography?
Haydn Povey: You reduce the failure on your system when you introduce a set of keys. But cryptography is only as good as its implementation. Making sure that all the systems work together properly requires asymmetric encryption. ECC (Elliptic curve cryptography) and RSA are two strong asymmetric algorithms. But people do not implement them well enough.
AES (Advanced Encryption Standard) is a good encryption technology. It’s a simple but strong algorithm. Even if the hacker has all the information on a system and the physical device in its hands, the only thing he won’t get is the key. And without the key, he can’t do anything.
DirectIndustry e-magazine: What other shield do you recommend?
Haydn Povey: Imagination Technologies have recently introduced their Omni-Shield technology which allows for better isolation of devices. ARM and their mbed OS software offers better security for microcontrollers. Of course, you need to have people building the right chips, systems and software. It’s improving a lot and we might see more announcements around that over the next months.