The recent hijacking of thousands of printers to print out propaganda for the popular YouTuber, PewDiePie, gave us insight into the direction of the IoT ecosystem and what security breaches mean in an increasingly connected world. The attack, while generally harmless, underscores the need for cybersecurity protocols and policies that address the vulnerability of IoT devices and their increasing potential to cause damage if they are compromised.
The tremendous growth in smart, connected devices in our industry, homes and on people shows no signs of slowing down. There are now far more connected devices in the world than there are people. Everything from personal devices to industrial ones, the growing ubiquity of always-connected devices is leading to a modern-day gold rush of sorts. The commodity in question is not gold — it’s the data these devices generate. Data that, with analysis, can highlight trends and behaviors that allow for a vast new range of use cases across the IoT ecosystem.
Ensuring the security of these devices is already at the forefront of cybersecurity. However, maintaining the privacy of this data gets less attention, despite being critical to continued consumer trust in these technologies.
In many cases, data from a specific device is sent to and stored in the cloud. Often, an IoT device manufacturer will have a data repository hosted in one or more cloud service provider (CSP) instances. All data generated from individual devices is sent to these repositories for storage and analysis. This data requires protection not only at rest, but also in transit. That’s an area where the innate security built into cellular technologies, end-to-end, can play a pivotal role.
Innate cellular security
Cellular networks are less permeable simply because they tend to have fewer connected IoT devices than Wi-Fi and wired networks, since many always-connected devices employ Wi-Fi connectivity. The most common cellular networks also require authentication to connect to the network, even if that authentication is automated with hardware. Many Wi-Fi and wired networks require no such authentication and therefore present far more vulnerability.
In addition to authenticating connected devices, cellular data is more difficult to intercept. Grabbing an RF signal or creating a fake, malicious cellular network requires more hardware than a computer with a Wi-Fi card. The inherent security feature is that there are fewer bad actors attempting to break into cellular networks since other network types offer easier access to just as much data.
Cellular technology can also play a more active role in securing data. When static accounts are compromised, mobile devices are usually unaffected. So, cellular technology offers protection through two-factor authentication or as part of a three- or four-factor authentication system.
IoT manufacturers can exploit the security of cellular data transmission by performing device-to-device communication with cellular connectivity. This reduces the number of devices on wireless networks and minimizes the surface area for cyberattacks.
In the past, transmitting large quantities of data exclusively through cellular networks was too slow to be practical. As cellular technology has improved, networks built entirely on cellular data transmission have become viable, and companies have built private cellular networks to reap the security benefits of cellular technology. But even when data is not transmitted over purely cellular networks, data collected by IoT systems is more secure when cellular technology is part of the equation.
The move to private LTEs
While cellular networks may be more secure, some may argue that their support for IoT is limited by cost, spectrum availability and their prioritization of mobile devices. They simply were not designed to handle the growing diversity of devices (the advent of 5G technologies will go a long way in addressing this). This is why wireless networking is still a fragmented landscape in business-critical domains.
The concept of private LTE networks then becomes a viable option, enabling IoT-specific connectivity for organizations with clusters of IoT devices and a need to transmit and store collected data in CSP instances.
While commercial LTE networks are typically focused on mobile consumer needs, private LTE networks can be set up relatively inexpensively. These LTE networks provide the range and bandwidth for device-to-device communication and data transfer to a larger backbone network where data can be aggregated and transferred to a CSP instance for storage and analysis.
This means that the ground-level networks, where a majority of the data is freely transmitted, are less permeable. The only place where the data is vulnerable to traditional cyberattacks is after it has transitioned to an IP network, where private connections to the CSP environment can be provisioned to minimize vulnerabilities. This innate security also reduces the vulnerability of backbone networks, since it minimizes the risk of a breach at the last mile of the data pipeline.
Essentially, private LTE networks provide a more secure environment for IoT data, and protect backbone networks, while the data is still in use by IoT devices, where it would be most open to attack on traditional Wi-Fi or wired network.
Moving to cellular
The tendency of many companies and IoT manufacturers is to default to non-cellular networks for internal and external data transfer. But these networks will continue to become more penetrable as IoT grows and more devices present access points to the network backbone.
IoT device manufacturers can improve their own data security and drive a more secure future for IoT as a whole with a transition to private LTEs and end-to-end encryption for transferring data to and from CSP environments.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.