When referring to the Internet of Things (IoT), everything from Wi-Fi-enabled cars and Bluetooth-enabled fitness bands to streaming devices and smartphones come to mind. There are countless devices connected to the internet; the question is whether these are secure IoT devices? Security tends to be overlooked by some companies until there is a breach. A breach can be devastating.
Factor in the Industrial Internet of Things (IIoT), which interconnects critical manufacturing, utility infrastructure, and other complex machinery, and the need for good security and privacy is emphasized even more. This is because IIoT transmits sensor data, allows remote control of complex machines, and provides a gateway to private information. While the IIoT facilitates improved efficiency, cost reductions, and convenience, an IIoT security issue can introduce major problems.
The Key to Developing Secure IoT and IIoT Devices
To create secure IoT devices and machines, companies must define products and use cases that meet business goals while having the flexibility to block access for unintended uses. The definition and implementation of product requirements have been practiced for decades. Defining security requirements and identifying the countless ways a device can potentially be used in bad ways is more difficult, requires time, and therefore also requires commitments of money and schedule. This added time and money is often viewed as unproductive, until a problematic hack occurs that has a cost impact greater than or equal to what would have been required to implement security.
Factors to consider when defining IoT security needs include:
- How the device communicates over networks. Network interfaces include wired Ethernet, Wi-Fi, Bluetooth, ZigBee, cellular, Lora, and others. Wireless networks are often more vulnerable to discovery and hacking than wired ones.
- Amount and sensitivity of the data transferred. The more sensitive the data (meaning the more useful it is to a hacker), the more incentive there is for a hacker to intrude and therefore the more diligence in security that should be undertaken. For example, there is far more value in medical records, financial transactions, or power plant operational data than there is in bowling scores being transmitted around a bowling alley.
- Appropriate security measures to protect the IoT device and its data. Methods include the use of strong security keys, passwords, user access policies, access monitoring software, firewalls, and more.
When conceptualizing a new product, the underlying hardware should include sufficient capability to execute the intended application and security features while allowing for a growth path for future firmware updates. Without added capacity, unforeseen issues may not be resolvable via updating existing devices in the field, rendering them functionally obsolete and leading to high replacement costs.
IoT Security and Total Cost of Ownership
While Custom Engineering Services and product costs will likely increase when factoring in security, the total cost of ownership must be considered over the product’s useful life, including its service time in the field. An IoT security breach has a number of costs which must be factored: cost to resolve the breach (engineering time), cost to deploy the fix (especially if a device in the field must be hand-serviced to be upgraded), costs to recover from loss of data, and opportunity costs from any bad publicity resulting from publication of a breach. These costs can add up fast and can damage reputations.
The use of IoT and IIoT devices will grow exponentially over the foreseeable future. Enabling secure IoT devices is key to realizing the benefits of this trend over the long term.