It takes a security architecture to solve the challenge of IoT
This article appeared in iotworldnews - https://iotworldnews.com/2016/09/it-takes-a-security-architecture-to-solve-the-challenge-of-iot/
IoT is one of the most significant technology shifts since the creation of the internet with projections of up to 100 billion devices connected by 2025. This scale is enormous and the value of both consumer and enterprise IoT connecting wearables, cars and trucks, highways and entire cities has been measured in the trillions of dollars by 2025. IoT literally has the potential to transform the way humans work, live and play.
With this value and transformational potential comes inherent risks and none more serious than a car being hacked or as catastrophic as a country’s power grid being compromised. Both these scenarios have already been demonstrated and is further exacerbated by the overall lack of legal policy, guidelines and standards. Simply put, IoT scale, diversity and adoption is outstripping our ability to create laws to govern and guidelines to standardise it’s adoption.
Challenge of scale & diversity
Although best practice dictates that security is baked into the design of a system, this is not often the practical reality. Often organisations in the name of speed and agility cut corners to deliver projects in a timely fashion or to reduce the overall cost, comprising the efficacy of the security controls deployed. Instead of being secure by design, we end up with security as an add on. The flow on effect of this is a large enterprise often ends up with security controls that are difficult to manage, costly to scale and impossible to report its true efficacy and ROI to executive management.
IoT in both its consumer and enterprise form relies on scale of adoption to begin to realise its potential. The accepted practice is connecting everything at scale and analysing the data to realise new business opportunities or improve the efficacy of operations. Take, for example, a global manufacturing organisation that wishes to adopt IoT to modernise its legacy operations and use data analytics to improve efficiency and thus drive down the cost of production while simultaneously improving its time to market.
Unless it standardises its equipment globally it will end up with different types of equipment at multiple sites across the globe leading to different workflows, disparate technologies using communication protocols that may not interoperate. If the organisation takes a similar approach to securing its assets and data what you end up with is complexity which security technologist and author Bruce Schneier noted: “Is the enemy of security. As systems get more complex, they get less secure.”
Security architecture & design
Security architecture and design can be defined as a unified risk-based approach that is both repeatable and measurable that seeks to address potential risks by applying security controls. In the context of IoT, it dictates the use of frameworks and models that allow you to classify and group assets/data into layers where you can;
Authenticate device/user. For M2M connections where a user is not present this may need to be done via shared secret, certificate or MAC address.
Authorise the device/user to the system. Once identity is authenticated the device/user can be authorised to the asset group it requires. Identity is the key here. Without the ability to identify a device/user it is impossible to secure the process.
Restrict/segment access to only the assets required. Restricting a device/user to only the asset/asset group they require, usually via network segmentation and/or setting up trust models. This also includes repudiation of this access once the requirement to the asset/asset group is no longer needed.
Visibility and control of a user/device throughout the engagement/interaction. Full visibility and ability to control/remediate the device/user throughout the engagement/interaction lifecycle. This includes the asset/asset group the device/user is interacting with. Anomaly detection, threat intelligence and machine based learning play a key role here.
Two important constructs in this security architecture process is automation and orchestration. Due to the potential scale of devices and complexity of topologies it is impossible to construct a coherent security architecture without the ability to automate and orchestrate functions.
If we go back to the example of the global manufacturing organisation, different types of equipment used at multiple sites could mean ICS/SCADA in their manufacturing plants as well as CCTV cameras and/or sensors in their transportation systems. They may also need to bring new devices onto their network in a secure and timely fashion as a new production line is enabled or new requirement is released by the business.
Without the ability to automate bringing new devices online securely using the myriad of equipment enabled by potentially different protocols and orchestrating this process, it would be an impossible task without incurring large costs. Security architecture and design of IoT enables automation and orchestration.
The challenge of securing IoT is a difficult one due to the many issues faced. Approaching this in a siloed and ad-hoc manner exacerbates the challenge and results in a system that is less secure. An approach that takes architecture design principles into consideration at the establishment of the project is best suited to ensuring the potential of this transformational phenomenon is realised.