IoT cybersecurity needs to be improved

Manufacturers and government officials recognize the need for improved cybersecurity for Internet of Things (IoT) devices, but more work needs to be done.

01/18/2018


Manufacturers and government officials recognize the need for improved cybersecurity for Internet of Things (IoT) devices, but more work needs to be done. Courtesy: Industrial Internet Consortium/Thales e-SecurityThe U.S. technology and manufacturing industries are in serious need of increased rigor for Internet of Things (IoT) device security.

Thankfully, the U.S. Senate is starting to pay attention in the form of the recently introduced Internet of Things Cybersecurity Improvement Act. These proposed regulations could help reduce poor security practices and influence manufacturers to implement proper security from the start.

The legislation targets vendors to the federal government, which a great place to start. According to the 2017 Thales Data Threat Report, Federal Edition, IoT adoption within the federal government is strong. The report found 75% of federal agencies have begun to use IoT technology. The results also revealed 65% of federal agencies have experienced a data breach at some point.

Beyond the federal government, the IoT touches consumers who use wearable electronics, families buying state-of-the-art appliances, businesses using internet-connected equipment, cities installing connected parking meters, and many others.

Manufacturers need to provide trustworthy assurance that devices the federal government, local jurisdictions, consumers and businesses purchase are authentic and run only software legitimately loaded by the manufacturer. And any device that runs software needs the ability to be updated in case vulnerabilities or other security issues are found.

Some IoT devices don't provide a way to update software, and many more don't offer a secure mechanism to do so. As an example, code signing with properly protected private signing keys helps ensure the authenticity and integrity of those updates, which is important to prevent the introduction of malware in the software-update process.

Rigorous testing of devices is also an important step in ensuring proper security. In today's environment, leading organizations are inviting the public to test their defenses, and rewarding those that find issues accordingly. This approach makes sense as threats become increasingly sophisticated, and the number and type of devices increase.

While the IoT is still nascent, developing strong standards for secure and interoperable IoT ecosystems now will be key in securing the IoT of the future.

John Grimm, senior director of IoT security strategy, Thales e-Security. This article originally appeared on the Industrial Internet Consortium's (IIC) blog. The IIC is a CFE Media content partner. Edited by Chris Vavra, production editor, Control Engineering, cvavra@cfemedia.com.



The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by Control Engineering subscribers. Vote now (if qualified)!
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
DCS visibility, alarm management, motors and drives, robotic machining, Engineers' Choice winners
Factory automation controllers, Ethernet updates, System Integrator of the Year roundtable, Inside Process and VFDs
Robotic simulation and welding, Process building blocks, Discrete sensor advice, Virtualization advice
Programmable logic controllers (PLCs) represent the logic (decision) part of the control loop of sense, decide, and actuate. As we know, PLCs aren’t the only option for making decisions in a control loop, but they are likely why you’re here.
This digital report explains how plant engineers and subject matter experts (SME) need support for time series data and its many challenges.
This article collection contains several articles on how advancements in vision system designs, computing power, algorithms, optics, and communications are making machine vision more cost effective than ever before.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Focus on power systems, process safety, electrical and power systems, edge computing in the oil & gas industry
Product of the Year winners, Pattern recognition, Engineering analytics, Revitalize older pump installations
Control room technology innovation; Practical approaches to corrosion protection; Pipeline regulator revises quality programs
Automation Engineer; Wood Group
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by Control Engineering subscribers. Vote now (if qualified)!
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
DCS visibility, alarm management, motors and drives, robotic machining, Engineers' Choice winners
Factory automation controllers, Ethernet updates, System Integrator of the Year roundtable, Inside Process and VFDs
Robotic simulation and welding, Process building blocks, Discrete sensor advice, Virtualization advice
Programmable logic controllers (PLCs) represent the logic (decision) part of the control loop of sense, decide, and actuate. As we know, PLCs aren’t the only option for making decisions in a control loop, but they are likely why you’re here.
This digital report explains how plant engineers and subject matter experts (SME) need support for time series data and its many challenges.
This article collection contains several articles on how advancements in vision system designs, computing power, algorithms, optics, and communications are making machine vision more cost effective than ever before.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Focus on power systems, process safety, electrical and power systems, edge computing in the oil & gas industry
Product of the Year winners, Pattern recognition, Engineering analytics, Revitalize older pump installations
Control room technology innovation; Practical approaches to corrosion protection; Pipeline regulator revises quality programs
Automation Engineer; Wood Group
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by Control Engineering subscribers. Vote now (if qualified)!
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
DCS visibility, alarm management, motors and drives, robotic machining, Engineers' Choice winners
Factory automation controllers, Ethernet updates, System Integrator of the Year roundtable, Inside Process and VFDs
Robotic simulation and welding, Process building blocks, Discrete sensor advice, Virtualization advice
Programmable logic controllers (PLCs) represent the logic (decision) part of the control loop of sense, decide, and actuate. As we know, PLCs aren’t the only option for making decisions in a control loop, but they are likely why you’re here.
This digital report explains how plant engineers and subject matter experts (SME) need support for time series data and its many challenges.
This article collection contains several articles on how advancements in vision system designs, computing power, algorithms, optics, and communications are making machine vision more cost effective than ever before.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Focus on power systems, process safety, electrical and power systems, edge computing in the oil & gas industry
Product of the Year winners, Pattern recognition, Engineering analytics, Revitalize older pump installations
Control room technology innovation; Practical approaches to corrosion protection; Pipeline regulator revises quality programs
Automation Engineer; Wood Group
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
click me