IOT

Best of both worlds: Why an IoT that is both open and secure should be a right, not a privilege

IFSECInsider-Logo-Square-23

Author Bio ▼

IFSEC Insider, formerly IFSEC Global, is the leading online community and news platform for security and fire safety professionals.
July 24, 2017

Download

Whitepaper: Enhancing security, resilience and efficiency across a range of industries

Brian McGuigan, Sales Director (Europe) of smart city solutions at Silver Spring Networks, talks about delivering security at a city-wide scale, the merits of an open, adaptable and future-fit network and your right to best-in-class IoT.

A recent report by SAS and the Centre for Economics and Business Research estimated that by 2020, big data and the internet of things (IoT) will be worth £322bn to the UK economy, and account for 2.7% of GDP.

Gartner forecasts that IoT endpoints will reach a global installed base of 20.4 billion units by 2020.

IoT networks are already critical to global public and private sector infrastructure, delivering ever expanding capacities and potential benefits. However, among the many pressures that are rising from the growth of IoT, two are becoming critical: throttled growth of new applications caused by non-interoperative, proprietary technology; and a widening field of security vulnerabilities, only growing more pressing as IoT permeates modern life.

As IoT networks connect more and more services throughout our cities, business and homes they are rapidly becoming one of the most critical technologies underpinning our daily lives. Yet we see a great discrepancy in the requirements and demands of cities, utilities and enterprises on the network operators. Does this mean they are not taking their role as seriously as they should, or instead that the essential requirements are not yet well understood?

It might seem like wishful thinking to expect that IoT networks should be both open to future development and secure against attack. It isn’t. In fact, demanding the best in both these areas is utterly essential.

IoT is moving beyond its roots, where devices were predominantly single-ownership/ single-use solutions. They are now able to connect to several different domains and work best when they have open and equal access to data, controllers and platforms simultaneously. At the same time, security standards are being agreed to ensure that all devices are insulated against and able to respond to breaches.

At Silver Spring Networks, we felt it was time that the buyers of IoT Networks understood how important – and achievable – balancing security and openness has become.

Delivering security at a city-wide scale

Persistent detection and safeguards from unauthorised access are two of the most important rights that all IoT network providers should confidently demand. Many IoT network platforms have only the most introductory and basic security measures which, given the interconnected nature of most networks, permits serious vulnerabilities to develop.

The 2016 DDOS attack on Dyn, one of the companies running the internet’s domain name system, provides an example of the repercussions of insufficiently secured IoT devices: disrupting of the connection of thousands of internet users from big online retailers and other popular sites. Shortly after this attack, a tech industry veteran demonstrated the vulnerability of unsecured IoT devices even further. By connecting a $55 IoT security camera to the internet, it was discovered that a full penetration cyber-attack could be carried out in just 98 seconds.

IoT networks are large and are often very complex, with multiple points of entry and multiple touchpoints. Furthermore, when compared to computers, tablets and phones they typically have simplified user interfaces to reduce cost and simplify installation. However, the assumption that large IoT networks cannot be made secure is wrong.

Best in class IoT networks harness top-tier, military grade security, including features such as automated, asymmetric key exchange and rotation; hardened crypto processors used in key generation and storage; AES encryption to protect data in transit; and authentication via certificates at multiple layers, including prior to network enrolment.

The ability to deploy formware upgrades swiftly and reliably to all nodes in a network is also an essential feature to ensure that networks remain secure across coming decades.

Organisations working with IoT networks should be able to confirm that this level of security is present across their entire network, and address any segments where those standards are not or cannot be met.

Ensuring an open, adaptable and future-fit network

Cyber-attacks will always present a significant and costly liability to IoT networks, but they are not the only threat to consider. We live in a world where technology is evolving at a break-neck pace and new applications are emerging constantly. Networks which are locked into a single vendor’s products or proprietary platform, which can’t easily adapt to innovation, will also be the cause to painful costs down the line.

The best insurance against this future is to deploy a solution based on proper industry standards. Proprietary technologies posing as standards (LoRaWAN, for example) effectively lock in to an ecosystem built around a single chipset. This threatens interoperability down the line, which leads to massive and costly technical iteration and system integration efforts, all while capping the network’s ultimate functionality.

The best way to ensure a diverse ecosystem is to implement open, standards-based technologies that are demonstrated to be interoperable at every level of the system. The Wireless Smart Ubiquitous Network (Wi-SUN) standard is set up on this principle.

Wi-SUN was designed to underpin the operation and deployment on next-generation star, mesh and hybrid networks. These networks are designed to capitalise on many connected paths, to deliver fast, reliable and city-scale coverage.

Each node relays data for the network to provide strong and stable connectivity. Wi-SUN is maintained by a third-party organisation that constantly tests to certify that the IoT equipment is both conformant to the standard and interoperable with other certified networks, fostering a diverse ecosystem.

Open standards allow a far greater number of providers to develop solutions, which are tested for interoperability, ensuring those solutions can work together.

The best new IoT software, whether it be for management of Smart Grid applications (smart metering, real time grid balancing, renewable management etc.), management of city services (Smart street lighting, traffic flow optimisation, flood monitoring and management, Smart parking optimisation etc.), smart logistics, smart agriculture or many others – the best and most effective functionality will only be unlocked through comprehensive, integrated end-to-end solutions. Networks built around an industry standard that emphasises openness and development is essential to delivering this.

Your right to best-in-class IoT

At Silver Spring Networks, we think that its past time that IoT network providers were held to standards which reflect the incredible impact of IoT technology on society, now and into the future. We have set out the lessons we have delivering 26 million IoT devices across five continents into a bill of 10 ‘rights’ IoT customers must be empowered to demand be enshrined in any IoT network services agreement. Security and openness are just two of these.

IoT’s potential to provide an incredible uplift to society across the world has only just begun to unfold. The buyers of IoT networks have the means to steer this future, by arming themselves with the information and courage to demand nothing less than the absolute best from their providers.

Listen to the IFSEC Insider podcast!

Each month, the IFSEC Insider (formerly IFSEC Global) Security in Focus podcast brings you conversations with leading figures in the physical security industry. Covering everything from risk management principles and building a security culture, to the key trends ahead in tech and initiatives on diversity and inclusivity, the podcast keeps security professionals up to date with the latest hot topics in the sector.

Available online, and on Spotify, Apple Podcasts and Google Podcasts, tune in for an easy way to remain up to date on the issues affecting your role.

IFSECInsiderPodcastLogo

Related Topics

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments