How secure is your IoT solution?

Internet of Things (IoT) solutions are becoming increasingly common for both consumers and businesses. While consumers explore Internet-connected refrigerators and webcams, in the business world IoT solutions include:

• Asset tracking: IoT tools that help companies identify the location of key assets such as trucks or IT equipment;
• Smart buildings: IoT tools that use distributed sensors to improve environmental quality and lower the costs of heating, ventilation, and air conditioning (HVAC) systems;
• Supply chain monitoring: IoT tools that help managers predict and avoid delays and damages of in-transit goods;
• Equipment monitoring: IoT tools that monitor capital equipment to enable preventative maintenance.

While these IoT solutions offer real benefits, they also introduce new security risks, like the risk of data being intercepted or compromised. Companies need to recognize these potential threats and make informed security decisions regarding an IoT solution for their organization. To accomplish this, it's helpful to think in terms of a "threat model." In security parlance, a threat model summarizes: 1) potential attack objectives, 2) the ways in which a system might be compromised, and 3) security countermeasures. Supply chain leaders need to take each of these considerations into account as they build an accurate threat model for their particular IoT solution and environment, since different IoT solutions and environments have different threat models.

Attack Objectives

As you begin to develop a threat model for your IoT application, start by identifying plausible attack objectives. An attacker may have many objectives, but the following are some of the most common worth considering:

• Physical harm: If your IoT system controls the physical activity of piece of equipment (for example, an industrial automation system), an attack could take control of that activity and do damage to your equipment or the facility.
• Data corruption: An attacker could send false data (or block data from being sent), causing you to make the wrong decision but without harming any equipment directly.
• Data destruction: Removing data either directly from the device or from the data-recording or storage system could help an attacker cover up some other malicious activity.
• Espionage: An attacker could tap into the monitoring capabilities of your IoT system to "snoop" on sensitive data, without tampering with it.

Once you have identified the objective for a potential attack, it is helpful to prioritize which ones you should focus on preventing. For each potential attack scenario, it is useful to ask yourself, "What are the consequences?" to determine the severity of the attack and prioritize concerns. For example, the threat of losing IoT data for one hour due to a bad actor jamming a communications signal is probably less serious than the risk of damage to a facility. Next, consider what reasons an attacker might have to pursue the potential attack goals you've outlined. A scenario with a clear benefit to the attacker is often a bigger concern than one without any clear motivation to act on it. Prioritize threats with a known or conceivable motivation.

Potential Weaknesses

Once you've considered what could happen, next ask, "How likely is it to occur?" Consider potential attack pathways and the security weaknesses that might enable them. IoT vulnerabilities might include configuration errors (for example, neglecting to change a default password) or misuse of access privileges (for example, if a user copies and exports data).

Another key consideration is the potential avenue of attack presented by your IoT device's communications network protocol. This will vary widely based on the network you use:

• Wired: Wired solutions use a physical connection, such as Ethernet or DSL, to transmit data. These solutions tend to avoid many of the security risks of Wi-Fi and Bluetooth solutions, but they are severely limited in scalability and mobility. As this article explains, wired solutions are generally not a great fit for many common IoT applications because they require so much infrastructure.¹Â It is often preferable to rely on a wireless technology for a modern IoT implementation.
• Bluetooth: Bluetooth supports a number of security mechanisms for different versions of the protocol.² While the simplest security setting offers little protection from nearby eavesdroppers, other settings offer authentication and encryption mechanisms that improve security. That said, these security mechanisms often come at the cost of ease of deployment and maintenance.
• Wi-Fi: Security for Wi-Fi-connected IoT devices is best summarized by the article "Wi-Fi access for the Internet of Things can be complicated."³ While the original Wi-Fi protocol is not well-suited for mobile IoT devices, there are mechanisms being introduced that should improve security. However, as with most wireless protocols, security improvements often have negative repercussions on operational costs, ease of setup, and compatibility with other existing systems.
• Cellular: IoT devices that use cellular communication come with a fair amount of built-in security, as outlined in this paper from the cellular standards group GSMA.⁴ Security researchers have demonstrated ways of intercepting a cell signal with specialized equipment, but these attacks generally require the attacker to be in close proximity to the targeted device. As such, security risks with cellular-based IoT solutions are generally fairly limited.

In addition to the potential attack pathway, there are a number of other factors that you need to take into account in order to determine whether or not your IoT solution is secure. Consider, for example, whether an attacker needs physical access to the IoT device, and if so, how secure those devices are. A device on the outside of a building in a remote area may be more of a risk than a device inside a locked container, for example. Also consider the device itself—what skill set, tools, and time are required to tamper with it, and would the ends justify the means? Finally, consider whether attackers might achieve their objectives by abusing access granted to an authorized individual. What capabilities would the attacker have in this scenario? What safeguards should be established to counter this risk?

Evaluating the ways in which different IoT systems can be compromised will help you to build an accurate threat model of your particular environment. In turn, this careful consideration and evaluation will help you to determine the appropriate IoT solution for a given application.

What countermeasures can you employ?

After identifying the potential attack scenarios, consider the countermeasures that are built in to protect the IoT solution. One level is physical countermeasures—things that prevent or mitigate direct access to the device. Is the device easily accessible? Does the device have ethernet or USB ports that can be used to access the firmware? Is the firmware secured? Consider options for "hardening" the IoT device itself.

Second, consider the communications network (as discussed above). Weigh the tradeoffs of cost, ease, and security to make sure the method you've chosen meets your needs. Make sure that you are employing the safeguards available with your chosen technology.

IoT systems can also employ active countermeasures, such as scanning for unauthorized or unusual access and alerting administrators or security staff, similar to other enterprise systems. Finally, user accounts can be restricted to limit misuse, and the system as a whole can be built to maintain security even if a specific sensor has been compromised.

Making the final call

IoT is creating amazing opportunities for organizations to process data and automate environmental interactions in new ways. But as with all advances, IoT comes with risks. By applying a threat model framework and analyzing the possible attack objectives, security weaknesses, and possible countermeasures, organizations can apply a familiar security framework to this new technology. Organizations that are clear-eyed about evaluating these risks will find and deploy IoT solutions to derive enormous value while maintaining appropriate security.

Notes:

1. For more on the limitations of wired solutions, see Bryan Hughes' article, "Building Real-World IoT Solutions," IOT Agenda (Feb. 7, 2018), https://internetofthingsagenda.techtarget.com/blog/IoT-Agenda/Building-real-world-IoT-systems-Using-SMS-to-connect-sensors-in-the-wild

2. Parikshit Joshi, "Introduction to BLE security for IoT," Simform LLC (July 4, 2017), https://www.simform.com/iot-bluetooth-security-vulnerabilities/

3. For greater detail on these complications, see Peter Thornycroft, "Wi-Fi Access for the Internet of Things Can Be Complicated," Network World (March 21, 2016),  https://www.networkworld.com/article/3046132/internet-of-things/wi-fi-access-for-the-internet-of-things-can-be-complicated.html

4. See, for example, "GSMA Security Guidelines and Assessment," GSMA (Groupe Speciale Mobile Association), https://www.gsma.com/iot/iot-security/iot-security-guidelines/