IoT Security: Industry Finally Waking Up To The Dangers - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Data Management // IoT
08:05 AM
Pablo Valerio
Pablo Valerio
Connect Directly

IoT Security: Industry Finally Waking Up To The Dangers

For the last several years, Internet of Things security has been one of the most hotly debated topics at Mobile World Congress. This year, however, IoT security took on a new sense of urgency as more devices are being connected and the technology turns mainstream.

8 IoT Operating Systems Powering The Future
8 IoT Operating Systems Powering The Future
(Click image for larger view and slideshow.)

For the past several years, the Internet of Things has been one of the most hotly debated topics at Mobile World Congress. However, looking back on this year's expo, the discussion moved from the lack of standards to a subject that industry is only now starting to debate: the security implications of having everything connected.

What caused this sudden concern? Certainly some of the headlines form the last year helped.

In 2015, news of hackers remotely killing a Jeep on the highway, which in turn triggered a recall of 1.4 million vehicles to upgrade their software, and the possibility of tampering with one of the most popular models of smart meters, demonstrated by two Spanish researchers, woke the industry up to the potential disasters and liabilities of IoT.

In turn, those keeping an eye on IoT became more proactive than reactive on security issues.

Healthcare connected devices, for example, are one of the most dangerous targets.

Panel at 'Securing The Internet of Things' session at Mobile World Congress 2016.
(Image: Pablo Valerio for InformationWeek)

Panel at "Securing The Internet of Things" session at Mobile World Congress 2016.

(Image: Pablo Valerio for InformationWeek)

In April 2014, Scott Erven and his team of security researchers released the results of a two-year study on the vulnerability of medical devices. They found that they could remotely manipulate devices, including those that controlled dosage levels for drug infusion pumps and connected defibrillators. He argued at a recent DefCon conference that "healthcare is 10 years behind other industries in addressing security."

The challenges of securing connectivity are also significant.

While most industrial connected devices have been using carrier-based machine-to-machine (M2M) technology based on either 2G or 3G cellular services, the security of these machines is being challenged by a switch to low-power wireless WAN technologies operating on unlicensed spectrum. These include standards such as Zigbee and WiFi 802.11ah.

While these new standards offer the possibility of connecting many more devices at lower cost, they pose bigger security challenges since anyone can access and exploit a device operating in these frequency bands.

I had the opportunity to talk with security experts from Gemalto, BlackBerry, and NXP about the present and future of securing the IoT. Most of them agree that "software cannot secure hardware" and that securing the supply chain is as critical as the final security of the device.

At MWC 2016, Gemalto, the Dutch digital security firm, announced a partnership with Jasper, a global IoT platform provider, to offer secure connections for IoT devices using Jasper's cloud-based technology. This offering will use Gemalto's advanced cryptographic software to support robust and scalable back-office platforms for authentication, encryption, and digital credential management.

In the past month, BlackBerry, which is now mostly focusing on security offerings, acquired UK firm Encription Limited, which will become part of its new Professional CyberSecurity Services practice -- a new business unit that will offer organizations consulting services, tools, and best practices.

Derek Kuhn, vice president of sales for BlackBerry IoT Division, said during a roundtable at MWC, that his company's IoT security offerings are present in over 60 million vehicles worldwide, which include everything from secured components to entire communication systems.

The automotive industry forecasts there will be 44 million automated vehicles on the roads by 2030. Many more vehicles already have some form of Internet connectivity.

NXP, the Dutch semiconductor company that helped develop NFC, demonstrated at the show the capabilities of its security technology for IoT.

[Read more about the future of connected cars and the view from MWC.]

This included the NFC Ring, which can be used for payment applications, secure identification, and transit applications. In addition, NXP is offering the i.MX 6Dual and i.MX 6Quad single-chip system module (SCM), which it calls the world's smallest integrated single-chip system for IoT.

There is no doubt among the experts that "the machines are coming," and we'll have tens of billions of connected devices at the beginning of the next decade. In a few years, most of the things we have and do today will be automated, measured, and controlled by the IoT ecosystem, and there is nothing we can do to stop it.

However, we do need to secure them all.

As NXP CEO Rick Clemmer told me at the show: "It is about how we take that technology and computing, and the security, to be able to make all of our lives easier, but also make it safe."

Rising stars wanted. Are you an IT professional under age 30 who's making a major contribution to the field? Do you know someone who fits that description? Submit your entry now for InformationWeek's Pearl Award. Full details and a submission form can be found here.

Pablo Valerio has been in the IT industry for 25+ years, mostly working for American companies in Europe. Over the years he has developed channels, established operations, and served as European general manager for several companies. While primarily based in Spain, he has ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
3/4/2016 | 3:40:09 PM
Improving IoT security through NFMI
Security is definitey an issue when it comes to the IoT. Industries like healthcare and military can really benefit from the IoT, yet there are a lot of reasons to be scared about it so far. 

If security improves, the IoT will really start to make a big difference in our lives and can be implemented in the technical infrastructure. 

Dr. Michael Abrams spoke about how NFMI solves a lot of the security issues that the IoT faces because of the PAN it enables. Hacking becomes a relatively impossible with NFMI because you would literally have to be within a couple feet of a person to hack their information. 

He wrote an article about it on LinkedIn:
IT Careers: 10 Industries with Job Openings Right Now
Cynthia Harvey, Freelance Journalist, InformationWeek,  5/27/2020
How 5G Rollout May Benefit Businesses More than Consumers
Joao-Pierre S. Ruth, Senior Writer,  5/21/2020
IT Leadership in Education: Getting Online School Right
Jessica Davis, Senior Editor, Enterprise Apps,  5/20/2020
White Papers
Register for InformationWeek Newsletters
The State of IT & Cybersecurity Operations 2020
The State of IT & Cybersecurity Operations 2020
Download this report from InformationWeek, in partnership with Dark Reading, to learn more about how today's IT operations teams work with cybersecurity operations, what technologies they are using, and how they communicate and share responsibility--or create risk by failing to do so. Get it now!
Current Issue
Key to Cloud Success: The Right Management
This IT Trend highlights some of the steps IT teams can take to keep their cloud environments running in a safe, efficient manner.
Flash Poll