A 2020 Business Insider Intelligence research report predicts there will be more than 41 billion Internet of Things (IoT) devices by 2027, up from about 8 billion in 2019. This accounts of a rise of more than 500% in less than a decade. With so many “things” coming online, businesses across the world must act to ensure their IoT breach detection and mitigation capabilities are as effective as possible. Why is it so hard to detect an IoT breach? Network monitoring is the typical method for attempting to detect threats surrounding network-attached devices, including IoT devices. Most mid to large-sized companies have implemented a sufficiently effective security program around their IT operations. The OT side of the house, however, is still playing catch-up, largely because the threat monitoring tools for industrial and other IoT devices are inadequate. In addition, traditional asset discovery and tracking tools often overlook or can’t detect IoT devices, and thus they aren’t registered in asset inventories. Monitoring tools developed for the IT side of the network don’t work well in OT environments due to incompatible systems, proprietary operating systems and insufficient sensors. Network monitoring looks for suspicious behaviors and activities on the network, but it can’t detect these characteristics on the IoT devices themselves. Dangerous or threatening activity can occur on the IoT devices where network monitoring can’t detect changes to controller code, firmware or device configurations. IoT devices must be protected from the inside Once an attacker gets inside perimeter defenses and onto an OT network, there is little protection for IoT devices. Many if not most of them are inherently insecure because they were built without internal defensive mechanisms or the means to repel attacks. Consumer-oriented IoT devices are typically built with low cost, ease of use and convenience as priorities over security. Commercial or industrial IoT devices often lack inherent security because manufacturers considered they would be “secured through obscurity” and not exposed to threats on the Internet or private networks. For the most part, IoT manufacturers operate without the benefit of security standards, regulation or even industry oversight—although that is beginning to change. Manufacturers need to adopt a new mindset on security. If they are protecting their devices from the inside (as opposed to building a security perimeter around them), they can remove threats without affecting the normal operation of the devices. What does it mean to “protect a device from the inside”? It means that security should be given a high priority throughout a device’s lifecycle. Manufacturers should be building the requisite cybersecurity defenses into their devices to ensure they ship without vulnerabilities, are resistant to attack, can facilitate critical updates, and can be actively monitored for signs of software failures and other serious conditions. This effort requires protecting network-enabled IoT devices throughout all phases of their lifecycle; for example, by: - Securing new devices prior to deployment to ensure they are without vulnerabilities,
- Monitoring the cyber health and acceptable behavior of the devices once they are deployed,
- Protecting devices on the network from threats, and
- Patching devices by orchestrating the distribution of updated firmware when needed.
As the threat surface from IoT devices grows ever larger, these lifecycle protection features are “must-haves” and not simply “nice to haves.” Such features allow customers and end-users to benefit from the value of connected devices and equipment without increasing their risk profile, and device manufacturers benefit from being able to use onboard device security as a key competitive differentiator.