IoT security (Internet of Things security)

Contributor(s): Ivy Wigmore
This definition is part of our Essential Guide: Managing information security amid new threats: A guide for CIOs

IoT security is the area of endeavor concerned with safeguarding connected devices and networks in the Internet of things (IoT).

The Internet of Things involves the increasing prevalence of objects and entities – known, in this context as things -- provided with unique identifiers and the ability to automatically transfer data over a network. Much of the increase in IoT communication comes from computing devices and embedded sensor systems used in industrial machine-to-machine (M2M) communication, smart energy grids, home and building automation, vehicle to vehicle communication and wearable computing devices.

The main problem is that because the idea of networking appliances and other objects is relatively new, security has not always been considered in product design.  IoT products are often sold with old and unpatched embedded operating systems and software. Furthermore, purchasers often fail to change the default passwords on smart devices -- or if they do change them, fail to select sufficiently strong passwords. To improve security, an IoT device that needs to be directly accessible over the Internet, should be segmented into its own network and have network access restricted. The network segment should then be monitored to identify potential anomalous traffic, and action should be taken if there is a problem.

Security experts have warned of the potential risk of large numbers of unsecured devices connecting to the Internet since the IoT concept was first proposed in the late 1990s. In December of 2013, a researcher at Proofpoint, an enterprise security firm, discovered the first IoT botnet. According to Proofpoint, more than 25 percent of the botnet was made up of devices other than computers, including smart TVs, baby monitors and other household appliances.

Alan Grau of Icon Labs discusses IoT security:

This was last updated in September 2015

Continue Reading About IoT security (Internet of Things security)

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Even if you could keep track of all your IoT devices, keeping them all patched and understanding all the implications around them is impossible. Worse yet, when devices sometimes brick or lose features (such as the PS3 did) when updating, people may choose not to update. Then there is the problem of passwords -- how do you keep a different password for each device? It feels like the ideas behind IoT is about 5 years behind the bad guys and we are falling further and further behind.  A defense is one exploit from being defeated and a patch that blocks an exploit is only a holding action.
Thanks for the Margaret. And to think we have a lot of network complexity now! To use past words of the president, it's going to "fundamentally transform" our networks and information security as we know it. I'm not convinced we're ready...hopefully we are!


File Extensions and File Formats

Powered by: