What is IoT threat defence?
What is IoT threat defence: Introduction
IoT stands for Internet of Things which implies to machines which are connected and are interrelated to each other, collecting and transferring data without any assistance of human over the network. The best example of IoT device is smart TV’s, smartwatches such as FitBit, Apple Watch, Samsung Galaxy Watch etc, we are wearing them and they are also connected to the internet. These devices give us real-time data on which basic decisions can be made. Since they are connected to the internet, IoT threat defence mechanism is also implemented in the device in case of an attack such as DDoS attack, ransomware attack or any new vulnerability being exploited.
What is IoT threat defence: IoT threat and attacks detection
The majority of existing national and global cyber defence strategies are centred on detecting attacks against military systems, government systems and economic assets which are identified as critical infrastructure. Monitoring of these IoT systems, assets are recursively done 24 by 7. In case of an IoT threat, cyber attack detection methods are well developed. Detecting even large-scale attacks on IoT targets, however, IoT threat defence poses qualitatively different security policy challenges. Mostly, these challenges are of three kinds:
- Technological
- Authority related and
- Incentive related
The technological challenge to detect the cyber attacks on IoT devices are hard as it is challenging to determine the source of attack. For example : if an IoT device is facing a DDoS (Distributed Denial of Service) attack, the attack can be performed with the help of bots which are nothing but just small software code which can be installed and activated over webcams or any device which has access to internet. Therefore, all the big companies are trying to develop IoT threat defence software which can help them to at least detect if not able to stop the cyber attack on their devices.
What is IoT threat defence: Blocking and ensuring IoT threat defence mechanism
At each and every step of the decision making process, the job of blocking and responding to the IoT attacks raise significant strategy challenges as the targeted systems are not owned or regulated by the national defence authorities.
If an organisation faces IoT cyber attack, the most important thing to keep in mind is that all the devices should be unplugged immediately as it will stop the malicious code from spreading one device to another over the network. The best strategy in these kind of situations is to follow an Incident Response strategy. Most organisation doesn’t have an incident response strategy as they don’t want to invest in these kinds of plans which may never come in to effect. But each and every company should have an incident response strategy as no one know which cyber group is coming for you. [1]
When we are developing an incident response (IR) strategy, one of the important agile methodology to incorporate is OODA loop. It will help in develop concise IoT threat defence incident response methodology. OODA loop includes 4 steps to respond in case of an attack and they are as follows:
- Observe : Understand the situation with the accessible intelligence or information
- Orient : Gather new information to recognise what options are available
- Decide : Think and decide what option is best to execute at the moment
- Act : The decided option now has to be executed without any delay to get the desired results
IoT threat defence mechanism includes the following but not limited to :
- authentication of devices
- encryption of confidential data
- Maintaining the data & system integrity
What is IoT threat defence: Achieving security of IoT devices
To successfully achieve and set up IoT threat defence measures in place, the organisation should start with the identification of all the IoT devices that are being used for the organisation operations. A complete vulnerability assessment and penetration testing of the devices should be done, emphasising on the identity and access management practices, screening the whole IoT device life cycle and with the help of a security identifying and event management software all the devices should be monitored for suspicious alerts. Following are the process which an organisation should follow:
Risk Assessment
As part of the risk evaluation, businesses will consider how the company will be impacted by an IoT security incident. An effective response strategy that takes into consideration the systems and laws required to identify, respond to and resolve incidents can then be established. To understand the response capacity and strategy of an organisation to an IoT attack black box penetration testing which will act as simulation, should be done which will help them to perform under pressure in case of a real hack.
While assessing reaction time frames, the reality that IoT device failures may have the capability to bring health and safety at risk and definitely it should be taken into consideration. The strategy should also ensure the specification and fulfilment of business continuity and disaster recovery goals to allow the necessary levels of cyber resilience. In order to mitigate damage during an IoT agreement, review the disaster recovery plans.
Asset identification and management
The management of assets must begin by knowing the machines to be managed. Evidently, the first step in securing the IoT end points is to find and plot the IoT machines on the network. Following are the ways in which an organisation can discover the IoT devices over the network:
- By meeting the key stakeholders of the organisation to determine their thought process and working of their IoT devices, machines and projects
- With the help of network analysis such as scanning of DNS and DHCP over the network to gather the information which IP address is assigned to which devices
- The auditor can ask the organisation about the expenditures that are made on the devices
A scope can be established for the risk evaluation when the stock of IoT devices has been finished. Once the evaluation is complete, in accordance with the risk appetite of the company, suitable policies and procedures may be developed and funded to handle and minimise the risk. It is critical not to be a one-off operation, but to be able to identify and maintain a recursive processes to ensure the threats to current platforms.
Identity and Access Management
Enhanced IoT usage means an improvement in communications between user to machine and machine to machine. Organizations will need more focus on identity management and firm statements of identity. Instead of using default usernames and passwords, if the network is compromised, all users’ personal devices and other items will be leaked as in an organisation all the data is stored on the shared network. To minimise the possibility of computers being hacked and by any tacti’s and techniques which includes imitation, hardware backed security credentials must be used such as passwords with one tap sign in or an authenticator application is required even after you submit your password.
In order to cope with growing demands, these improvements would entail the scaling up of public key infrastructures. A combination of access control, provided by building maintenance systems and electronic authentication is suggested owing to the intrinsic design of the IoT. The similarity of actions and behaviours in physical and virtual worlds will help ensure that physical access to devices is permitted to only approved users.
Evaluation of network access control which helps to keep the unauthorised users off the private network should also be considered. These will restrict the connections with the network of an IoT system. They will also have an interactive means of raising access permissions for a system as appropriate.[2]
What is IoT threat defence: Conclusion
As per analysis done by Gartner, by 2020, we will be having more than 25 billion devices that will be connected over the internet [3]. All of these devices need to follow proper secure mechanisms and implement IoT threat defence to mitigate the risk in order to safeguard the individuals and the companies from the malicious cyber attacks. Using of IoT devices aids the company to saves the cost as these devices offers valuable information and functionality but at the same time it opens the dimension of multiple security vulnerabilities which can be exploited by the hackers leading to the downfall of the organisation or paying up huge fines as per the compliance laws. The companies and the individuals should use standard IoT threat defence techniques and should keep their devices up to date in order to remain safe from the cyber attacks.
Reference
- S. Rizvi, A. Kurtz, J. Pfeffer and M. Rizvi, “Securing the Internet of Things (IoT): A Security Taxonomy for IoT,” 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), New York, NY, 2018, pp. 163-168
- G. Varshney and H. Gupta, “A security framework for IOT devices against wireless threats,” 2017 2nd International Conference on Telecommunication and Networks (TEL-NET), Noida, 2017, pp. 1-6.
- https://www.gartner.com/imagesrv/books/iot/iotEbook_digital.pdf