There are basically five sectors that will benefit most, in terms of competitiveness, from IoT technology:
– Industrial IoT (manufacturing, with predictive technologies to improve production; agriculture; mining; energy and smart grid; smart cities);
– Commercial IoT (hospitality; smart buildings and smart office; accommodation and tourism);
– Healthcare IoT (patient monitoring; activity trackers wearebles; clinical trials);
– Transportation IoT (monitoring of trigger points, i.e. event data requiring immediate intervention to guarantee safety; warehouse and fleet management).
– Consumer IoT (smart TV, smart speakers, toys and wearables).
For the sake of greater security, it is preferable to carry out data management and processing near the devices themselves, with the device system itself, if equipped with computational capacity, or with special systems (edge node) located near the devices.
Also check out: Internet of Things and Clusit Report (part I)
Like any new technology, the phenomenon brings with it considerable risks, first of all caused by the information it carries, because a connected object “opens” the information it generates, to a strong risk of sharing and misappropriation!
We catalogue risks of tampering, that is, physical compromise of the devices, obsolescence, and where the consequences would be much more serious than an already undue intrusion of privacy, going so far as to undermine the physical security of the people involved by their active or passive use! ENISA hypothesizes 3 attack scenarios, the one of phase 1, where an attacker takes over the role of system administrator, the one of phase 2, where the response to wrongly entered values is triggered in the device, the one of phase 3, where the intrusion creates the barrel composed of those violated systems. Also the impacts on the systems are elements to be evaluated carefully and under multiple aspects, from information security (therefore privacy, resilience), to health and environment, not to forget lastly the no less important aspect of the trust and reputation of the supplier who, not having foiled the intrusion, finds himself having to pay the consequences personally.
There are four questions that NIST outlines in order to have a clear vision of the “connected” risks: from which capabilities the IoT device should have, from which could be the security and privacy risks, to which challenges to face in order to mitigate the risks and how to address the challenges in order to provide and make appropriate defenses; to which adds three guidelines to follow carefully:
- Device Identification: Each device must be uniquely identified through a serial or unique address when connected to the network;
- Device Configuration: an enabled user must be able to modify the software configurations of the IoT device, as well as the firmware configurations;
- Information Security: It must be evident that the IoT device protects the data it stores and sends over the network from unauthorized access or unauthorized modification attempts.
ENISA also outlines mandatory preventive approaches to risk mitigation, which we could include in broad subcategories, police, organizational and technical.
Every security programme must be a “safe, alert and resilient programme”.
Safe in the sense of guiding an inventory of resources and understand who is responsible and what in the entire production flow, to try to mitigate security risks as much as possible, taking care of a solid training of resources, a profitable “hardening” i.e. software, services, accounts and configurations of IoT components must be limited to the minimum necessary use, disabling accesses and avoiding removable supports, but with a commitment to total segregation of the IoT network.
Vigilant, in the sense of constant antivirus software verification and constant threat management, where security logs within the IoT environment must be collected, allowing traceability and according to explicitly assigned responsibilities. Logs must be collected, correlated, stored and reviewed, in line with defined procedures, in order to promptly detect security incidents in the IoT environment.
Resilient, in the sense of an effective “time to restore” following incidents, with prompt and prompt restoration of operation following any incidents.
The most significant publications (e.g. those of ENISA) reiterate the need to introduce the concepts of Privacy by Design and Security by Design into the design process of an IoT system.
Such concepts in the world of traditional IT systems development are acquired and increasingly implemented; in the IoT world, where the exasperation of time-to-market is greater, these aspects are often put aside to facilitate the rapid development of application functionality and respect budget limitations.
The analysis of IoT systems should be conducted from above in a global manner, considering the possibility of segmenting the solution into subsystems to limit damage in the event of an attack, as well as privacy aspects as an integral part of the system; the design phases of a system or IoT solution include: 1. identifying system requirements; 2. assessing risks in the various phases of implementation; o design; o development; o testing; o release. The concept of tanglegence, i.e. the complex mess of contractual technologies, services and facilities that inevitably converge on the end user, whether an individual consumer or an organization, should also be taken into account.
According to the OWASP IoT Testing Guides, the risk assessment process in Iot consists essentially of four phases, which are;
- Step 1: Definition of the scope;
- Step 2: mapping the attack surface;
- Step 3: assessment and attack;
- Step 4: documentation and reporting,
using strategies such as Device firmware deployment review [design and development phases], Device risk analysis [development and test phases], Protocol fuzzing [test phase] and Deployment reviews [commissioning and operation phases].