IoT Security: Industry Finally Waking Up To The Dangers - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Data Management // IoT
08:05 AM
Pablo Valerio
Pablo Valerio
Connect Directly

IoT Security: Industry Finally Waking Up To The Dangers

For the last several years, Internet of Things security has been one of the most hotly debated topics at Mobile World Congress. This year, however, IoT security took on a new sense of urgency as more devices are being connected and the technology turns mainstream.

8 IoT Operating Systems Powering The Future
8 IoT Operating Systems Powering The Future
(Click image for larger view and slideshow.)

For the past several years, the Internet of Things has been one of the most hotly debated topics at Mobile World Congress. However, looking back on this year's expo, the discussion moved from the lack of standards to a subject that industry is only now starting to debate: the security implications of having everything connected.

What caused this sudden concern? Certainly some of the headlines form the last year helped.

In 2015, news of hackers remotely killing a Jeep on the highway, which in turn triggered a recall of 1.4 million vehicles to upgrade their software, and the possibility of tampering with one of the most popular models of smart meters, demonstrated by two Spanish researchers, woke the industry up to the potential disasters and liabilities of IoT.

In turn, those keeping an eye on IoT became more proactive than reactive on security issues.

Healthcare connected devices, for example, are one of the most dangerous targets.

Panel at 'Securing The Internet of Things' session at Mobile World Congress 2016.
(Image: Pablo Valerio for InformationWeek)

Panel at "Securing The Internet of Things" session at Mobile World Congress 2016.

(Image: Pablo Valerio for InformationWeek)

In April 2014, Scott Erven and his team of security researchers released the results of a two-year study on the vulnerability of medical devices. They found that they could remotely manipulate devices, including those that controlled dosage levels for drug infusion pumps and connected defibrillators. He argued at a recent DefCon conference that "healthcare is 10 years behind other industries in addressing security."

The challenges of securing connectivity are also significant.

While most industrial connected devices have been using carrier-based machine-to-machine (M2M) technology based on either 2G or 3G cellular services, the security of these machines is being challenged by a switch to low-power wireless WAN technologies operating on unlicensed spectrum. These include standards such as Zigbee and WiFi 802.11ah.

While these new standards offer the possibility of connecting many more devices at lower cost, they pose bigger security challenges since anyone can access and exploit a device operating in these frequency bands.

I had the opportunity to talk with security experts from Gemalto, BlackBerry, and NXP about the present and future of securing the IoT. Most of them agree that "software cannot secure hardware" and that securing the supply chain is as critical as the final security of the device.

At MWC 2016, Gemalto, the Dutch digital security firm, announced a partnership with Jasper, a global IoT platform provider, to offer secure connections for IoT devices using Jasper's cloud-based technology. This offering will use Gemalto's advanced cryptographic software to support robust and scalable back-office platforms for authentication, encryption, and digital credential management.

In the past month, BlackBerry, which is now mostly focusing on security offerings, acquired UK firm Encription Limited, which will become part of its new Professional CyberSecurity Services practice -- a new business unit that will offer organizations consulting services, tools, and best practices.

Derek Kuhn, vice president of sales for BlackBerry IoT Division, said during a roundtable at MWC, that his company's IoT security offerings are present in over 60 million vehicles worldwide, which include everything from secured components to entire communication systems.

The automotive industry forecasts there will be 44 million automated vehicles on the roads by 2030. Many more vehicles already have some form of Internet connectivity.

NXP, the Dutch semiconductor company that helped develop NFC, demonstrated at the show the capabilities of its security technology for IoT.

[Read more about the future of connected cars and the view from MWC.]

This included the NFC Ring, which can be used for payment applications, secure identification, and transit applications. In addition, NXP is offering the i.MX 6Dual and i.MX 6Quad single-chip system module (SCM), which it calls the world's smallest integrated single-chip system for IoT.

There is no doubt among the experts that "the machines are coming," and we'll have tens of billions of connected devices at the beginning of the next decade. In a few years, most of the things we have and do today will be automated, measured, and controlled by the IoT ecosystem, and there is nothing we can do to stop it.

However, we do need to secure them all.

As NXP CEO Rick Clemmer told me at the show: "It is about how we take that technology and computing, and the security, to be able to make all of our lives easier, but also make it safe."

Rising stars wanted. Are you an IT professional under age 30 who's making a major contribution to the field? Do you know someone who fits that description? Submit your entry now for InformationWeek's Pearl Award. Full details and a submission form can be found here.

Pablo Valerio has been in the IT industry for 25+ years, mostly working for American companies in Europe. Over the years he has developed channels, established operations, and served as European general manager for several companies. While primarily based in Spain, he has ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Why IT Leaders Should Make Cloud Training a Top Priority
John Edwards, Technology Journalist & Author,  4/14/2021
10 Things Your Artificial Intelligence Initiative Needs to Succeed
Lisa Morgan, Freelance Writer,  4/20/2021
Lessons I've Learned From My Career in Technology
Guest Commentary, Guest Commentary,  5/4/2021
White Papers
Register for InformationWeek Newsletters
2021 State of ITOps and SecOps Report
2021 State of ITOps and SecOps Report
This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll