Current Filter: Security>>>>>News>

   

More than 30 firms, including BT, Intel and Vodafone, have joined together to create an industry body to vet internet-connect devices for vulnerabilities and flaws.

"The establishment of the Internet of Things Security Foundation is a significant moment in the evolution of the IoT," states Simon Moffatt, director, ForgeRock. "The initial wave of IoT implementations were all about communications and connectivity, with the technical challenges of adding network connectivity to previously dumb and offline devices, meaning that security took something of a back seat. However, as the IoT stabilises from a technical perspective, the potential for data loss and security breaches on a larger scale will inevitably increase, meaning more effective policing will be required.

"The sheer volume of IoT devices is what provides such a large attack vector for malicious operators, either to steal data or create bot-net style networks of compromised devices, that then perform malicious tasks, instead of the tasks they were designed for," adds Moffatt. "From individual devices through to full-scale smart city deployments, collaborative knowledge-sharing, combined with the ability to identify and authenticate IoT devices, will be pivotal in quickly assessing whether the data being generated is trustworthy and if the system/device in question remains secure."

The creation of the body is equally welcomed by French Caldwell, chief evangelist of GRC at MetricStream, who believes that, as the security challenges of the Internet of Things (IoT) are so great, they can no longer be a design afterthought.

"It's often the case that laws and regulations come after major failures, so it's a welcome change to have these leading companies coming together proactively. After all, the security challenges are mammoth," says Caldwell. "It's not just the volume of data, but the rate of creation of data, and the number of end points that create greater security challenges. Information is being collected from your social and online activity, data from your smartphone on your health, data from your car, your shopping history from your credit cards, and data from your smart TV to create an extraordinarily complete digital profile. The predictive nature of these profiles could be used to discriminate or even to target individuals."

The Internet of Things Security Foundation will be particularly important for businesses as more IoT devices are connected to the corporate network, adds Darin Welfare, VP EMEA, WinMagic, presenting hackers with additional attack vectors to target organisations.

"Addressing device vulnerability at the hardware level, for example through full disk encryption of hardware, will ensure that any data mined from the device is unusable and will be critical to business confidence in IoT devices," he points out. "Whilst the journey towards securing the Internet of Things is just beginning, this new industry body will be vital in setting the security standards that will determine the success of IoT.