This content is part of the Essential Guide: An IT security strategy guide for CIOs

Essential Guide

Browse Sections
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Lack of precedent exacerbates IoT security challenges

The Internet of Things has quickly become the next step in the online evolution as these integrated systems create big changes to how people interact with and use the Internet.

But as its scope continues to grow, so will the accompanying IoT security challenges, according to Angelos Stavrou, Ph.D., director of the Center for Assurance Research and Engineering at George Mason University.

"The growth of IoT is significant," Stavrou said during a recent SearchCompliance webcast. "There are many, many devices, even more devices than we ever thought we would connect, interface with, or even connect data from."

The IoT devices and products introduce new attack vectors and far beyond what companies have dealt with in the past, Stavrou added. As a result, he predicts the IoT will be a major concern for the security field in the years to come.

The problem is that security and privacy are not primary design tenets for the IoT, with interoperability and reliability an afterthought for developers.

"Industry has tried hard to fill the void but not very successfully," Stavrou said. "There are different standard bodies trying to discuss the IoT field, but mostly they are focusing on usability and deployment rather than security and reliability."

Broad, far-reaching industries, such as healthcare and retail, are getting into the Internet of Things market, with connected devices being developed by numerous different manufacturers.

This trend alone can cause many problems in terms of liability and security, Stavrou said.

"The problem is that the applications in the traditional Internet are different than the applications for the IoT because the IoT devices themselves do not have the same capacities in terms of processing, networking power and storage," Stavrou said.

These devices introduce new attack vectors and have consequences far beyond those that we are used to. The IoT is going to be a primary driver for the security field in the years to come.
Angelos Stavrou, Ph.D.director of Center for Assurance Research and Engineering, George Mason University

This has led to several common IoT security issues such as unauthorized private data collection, insecure interfaces, unencrypted communications and weak information protection requirements.  

To offset these IoT security challenges, Stavrou recommends determining what goals should be considered an immediate priority in the short term and what should be looked at down the road. Short-term goals include exposing IoT vulnerabilities, reviewing its cryptographic capabilities and comparing use cases.

In the longer term, Stavrou recommends documenting best practices to overcome IoT security issues, creating publicly available data sets to analyze IoT attacks and the development of certifications to verify reliability of IoT systems.

The ultimate goal is to identify glaring IoT security issues and to develop solid practices that respond to these challenges, Stavrou added. Processes to ensure proper security should be implemented from the get-go to make sure user data is properly protected.

"When we put together an IoT system, security and liability might not be a first priority -- but it should be," Stavrou said. "We want to identify a set of well-known [IoT] security practices that will allow us to build systems that are going to be secure and reliable."

In this webcast, learn more from Stavrou about integrating security processes into the IoT development stage. The webcast also provides insight into how IoT security challenges differ from conventional Internet security and provides ideas about where future IoT security research should be focused.

View All Videos