These vast networks of small, low-powered sensors and controllers are breathing new life into our utilities and cities by collecting data on infrastructure and helping us to control it more effectively.
Before we can enjoy the IoT’s benefits, though, we must pay close attention to how we secure it. Security is top-of-mind for IT professionals tasked with rolling out IoT networks.
Wi-SUN surveyed 350 organisations in the US, the UK, Denmark and Sweden to assess their views on IoT technology. Over half the respondents (59%) cited security concerns, tempering an otherwise healthy enthusiasm for this exciting new technology. IT professionals in the US and the UK were more worried than those elsewhere, with almost two-thirds raising it as an issue.
From a Wi-SUN global survey of 350 organisations
Why is security such a concern for IT decision makers?
Whereas traditional back office IT focuses mostly on manipulating information, IoT devices interact with physical infrastructure. They are an interface between digital control systems and the things that control everything from our power distribution to water supply or traffic flow. A successful attack on them could disrupt society in immediate and dangerous ways.
Second, IoT infrastructures contain many more devices than IT teams have ever had to manage before. Installations can run into millions of devices.
Ensuring that these devices are all legitimate and protecting the IoT network from attackers can be a daunting challenge.
In closely interconnected IoT infrastructures, attackers can infect not just one but many devices
In closely interconnected IoT infrastructures, attackers can gain access through improperly secured networks, infecting not just one, but many devices. In networks without adequate protection, hackers could disable large parts of the ecosystem or even to use vulnerable devices to mount other attacks.
We had seen this already when attackers infected millions of older routers and IP cameras with the Mirai botnet, using them to launch a denial of service attack on the Domain Name Service (DNS) system that underpins the web.
Conversely, poorly configured IoT networks can be vulnerable to denial of service attacks. Star networking topologies, where devices all connect to a central point, provide a single point of failure for network segments which makes them easier to physically disrupt.
These dangers should not deter us from embracing the IoT, but they should force us to take a close look at how we protect the infrastructure. The protections begin with the underlying wireless network used to control IoT devices.
When implemented using the proper technical protocols, wireless mesh networking provides a robust communications infrastructure for IoT security and reliability. Its topology offers the best of both worlds, avoiding service disruption with a high level of connectivity between devices while isolating compromised or rogue devices from the rest of the infrastructure.
Unlike the ‘hub and spoke’ arrangement in star network topologies, devices in mesh networks do not connect to a single point. Instead, they communicate with devices nearby, which in turn connect to other devices near them.
Mesh connections create a network of peered devices that can each relay traffic from the other. Because devices typically connect to more than one device near them, they have redundant links that help to make the network more reliable. An attacker physically or digitally incapacitating one device will not prevent other devices’ traffic from flowing.
How mesh-based field area networks (FANs) operate
The Wi-SUN Alliance publishes and certifies the Wi-SUN secure mesh networking specification, which mandates baseline security requirements for IoT device vendors in low-powered, field area industrial networks. It has several features that protect IoT networks from compromise.
One of the most critical features is device signing. Wi-SUN’s specification uses a digital certificate based on the well-established X.509 standard, which enables administrators to authenticate a device before it joins the network.
Alongside the strict device authentication procedure, Wi-SUN mesh networks also protect against data snooping of the network. When nodes communicate, they use frequency hopping technology to frequently change the radio channel.
Attackers would still be unable to read data transmitted over the air if each device sends its traffic in encrypted form
Even if an attacker tracks these channel changes, they would still not be able to read the data transmitted over the air, because each device sends its traffic in encrypted form.
Mesh networking is already established in smart city projects. In Glasgow for example, the City Council is using a mesh network to control lighting in selected areas of the city, sensing vehicular traffic and pedestrian footfall to control lighting levels based on street level activity.
The lights can also be controlled remotely in emergencies to provide up to 30% more lighting for rescue services. It all happens securely and reliably thanks to its mesh communications infrastructure.
As utilities and city councils alike realise the power of IoT, more will look to mesh networks for a secure, reliable deployment platform. Wireless mesh supports a whole new level of security in a hyperconnected constellation of connected things.
As the smart city dawns, it provides a secure foundation that will enable a thousand digital services to flourish.
Wi-SUN Field Area Networks deliver multi-vendor interoperable solutions to a broad variety of applications including streetlighting, parking systems and traffic management. Municipalities can install products from different suppliers confident that they will seamlessly interoperate. Wi-SUN solutions are used in a wide range of IoT applications, including agriculture, structural health monitoring and asset management. It provides wireless mesh solutions for Field Area Netowrks for applications such as Advanced Metering Infrastructure and Distribution Automation, and for Home Energy Management. Wi-SUN is a leading global industry alliance promoting interoperable wireless standards-based solutions for the Internet of Things.
