Why IoT Security Is a Critical Factor | Total Security Software

The Internet of Things (IoT) now shows a huge variety: from the networked Tesla to digitally controlled industrial and utility infrastructure to remotely monitored heating and smart meters that record electricity and water consumption and report them automatically. The risks in the Internet of Things are just as diverse as the applications . But with the right infrastructure, many security questions don't even arise.

 

IoT Security  | Total Security Software


In October 2016 something happened that should never have happened: There were partial failures of communication networks around the world. "Attack of the toaster" and "IoT devices paralyze the Internet" were the headlines of the following days. In fact, it was not so much the toasters as the millions of cameras and other devices that were used by hackers for a massive DDoS (Distributed Denial of Service) attack . The devices were interconnected to form a large botnet that sent countless senseless requests to servers on the Internet, leading to overloads and shutdowns.

 

As it turned out later, Mirai cameras in particular were affected. The devices that are popular with consumers all over the world and monitor house entrances, for example, are usually not only more or less defenseless on the Internet, but are also extremely easy to crack - and the latter could not be changed afterwards. The only alternatives left were to completely replace these insecure devices or to make the network infrastructure more secure.


From the Internet to The Real World

The fact that hacking attacks do not only endanger the functioning of the Internet became known to a wider public only with Marc Elsberg's novel “Blackout”, published in 2012. His scenario: malicious attackers take over thousands and millions of networked electricity meters and use them to switch the entire power supply to the houses on and off at will. This leads to voltage fluctuations in the network, which leads to a complete failure of the power supply throughout Europe. Due to the continued attacks, the power grids cannot be put back into operation and within a few days the powerless continent sinks into chaos.

 

Elsberg's disaster scenario may have contributed to the fact that smart meters today have to meet high security requirements. But smaller "disasters" are also conceivable. For example, there are intelligent garbage cans that automatically report their fill level and are only emptied when necessary. Some of these sensors also have a temperature sensor that is supposed to warn of possible spontaneous combustion. What happens if hundreds or thousands of rubbish bins sound a fire alarm at the same time in a city? Or if the cameras that are used to monitor forest fires suddenly sound the alarm everywhere - just not where there is actually smoke?


Protection Goals of IT Security

The Internet of Things creates new attack and hazard scenarios. The underlying mechanisms, however, are the same as in other IT infrastructures. Accordingly, the same protection goals that are already described in the tried and tested CIA triad also apply here:

  • Confidentiality: No unauthorized person has access, neither during data transmission nor during storage;
  • Integrity: data must not be changed (strong integrity), or the changes must not go unnoticed (weak integrity);
  • Availability: Data must be accessible when required, systems must be operational at all times.

Further requirements that can be considered as sub-items or supplements include:

  • Authenticity: Verifiability and trustworthiness of the data source;
  • Non-repudiation (liability): Preventing actions or communication from being disputed in retrospect;
  • Imputability: An action carried out can be clearly assigned to a communication partner.

What sometimes sounds abstract is easily explained with practical cases, for example when recording electricity consumption using a smart meter. Such a system must ensure, among other things, that the customer cannot deny that they have purchased electricity. The transmitted data must be protected against manipulation and no data may be lost or fall into the hands of unauthorized third parties. Conversely, the electricity provider must be able to be sure that the transmitted data actually comes from the customer's electricity meter. And last but not least, the electricity meter must not fail or be shut down by hackers.


IT Security for the IoT

While the mentioned Mirai cameras could be attacked simply due to design deficiencies, there are IoT devices that can only operate safely to a limited extent due to their limited resources. This mainly includes sensors. For example, you do not have the computing capacity to implement complex communication encryption. Self-sufficient sensors, which are only equipped with batteries or accumulators, would also draw too much energy through complex connections and cryptographic calculations.

 

It is therefore essential to embed such IoT devices in a secure IT infrastructure. But even with devices that have their own protection, such as smart meters, it is advisable in the sense of a tiered concept to further improve the security of the overall system through security measures in the network.


Conclusion IoT Security

Whether it is about “stupid” sensors or clever measuring devices: In the Internet of Things, security must always be a top priority. Because there is hardly a scenario from which, due to a lack of cybersecurity, serious consequences - for the operator, the user or even uninvolved third parties - cannot be derived.


Protect your network from cyber-attacks. Use Total Security Software to secure your data.

Comments