Experts find IoT security lacking - Embedded.com

Experts find IoT security lacking

AUSTIN, Texas—Is the Internet of Things (IoT) secure yet? The short answer, according to a panel of experts exploring the subject at the NXP/FTF Technology Forum 2016 (May 17–19) here, is a resounding “no”.

The every expanding Internet, the ever-widening smartphone networks and the connected car industry have made piece-meal advances, but at a snail's pace compared to the need, according to the panelists. But not just standards of communication—which are already evolving—but standards of specification that are simple to do—like the labels on food—rather than the “terms of use” that nobody reads need to be simplified by government mandate to bring order to the Universe of Things.

“Cybersecurity is one of the foremost concerns of our age,” said Greg Kahn, chief executive officer (CEO) and president at the Internet of Things Consortium. “Attacks have skyrocketed since 2014, costing companies up to $1 trillion per year to defend against them. What’s worse is that the hackers are getting smarter. Seemingly secure information is streaming back to criminal organizations and malicious foreign governments.”

Host Greg Kahn, CEO IOT Consortium; Damon Kachur, Global Business Development, Symantec Corporation; Michael Kaiser, executive director, National Cyber Security Alliance (NCSA); professor Edward Lee at University of California; Said Nassar, vice president of cybersecurity solutions at NXP; and professor Brent Waters, University of Texas(Source: EE Times/Colin Johnson)

Host Greg Kahn, CEO IOT Consortium; Damon Kachur, Global Business Development, Symantec Corporation; Michael Kaiser, executive director, National Cyber Security Alliance (NCSA); professor Edward Lee at University of California; Said Nassar, vice president of cybersecurity solutions at NXP; and professor Brent Waters, University of Texas (Source: EE Times/Colin Johnson)

Damon Kachur is Global Business Development manager at Symantec Corporation added that software is no longer enough, each new internet of things (IOT) device needs to have specialized hardware inside. “To do it right, it has to be done at the hardware level—after that its too late.” He also added that a massive education processes needs to be put in to place compelling security providers to educate consumers on how to operate their devices securely.

Plus the information needs to be communicated in a easy-to-understand manner—like the labels on clothing, such as “The Five Things Your Need to Know.” The information also needs to be standardized—again like food labels—so that consumer can immediately see what they are getting into and how to handle it.

One of the biggest problems, according to Kachur, is authentication. “Once you are authenticated you are in, but there are no standardized ways of getting security certificates to devices making it easy to generate false ones.”

“Authentication is on the 15 billion devices to date—at both the server and the device end—but they need to be improved such as periodically polling devices/components to make sure they are what they are expected to be,” Kahn said.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.