Discussing challenges in the Internet of Security
By Behdad Banian
“How do I go about securing IoT?” is a question that technology innovators have learned to ask early on in the process, whether it’s deploying a new storage stack or software, or creating a new device. Securing IoT ecosystems require a precise orchestration of security measures, starting with the device, the data it transmits and how and where that data is stored. The consequences of an insecure network vary greatly, ranging from a breach, but no data loss (best case scenario) to massive, headline-making data loss affecting both companies and people significantly.
Not only is data protection a top of mind concern for administrators tasked with securing the ecosystem, but also the devices themselves. IoT networks create huge attack surfaces and managing the complexity of security at that scale is a huge undertaking, to say the least. And methods for protecting an IoT ecosystem differ with each deployment and the goals vary for each type of business.
In our IoT podcast, Talking IoT with Ericsson, we spoke with five experts from different leading companies who are all using IoT as part of their business models. Here is how they approach securing IoT.
5G cuts the cord in industrial IoT
Staffan Dahlström is Chief Executive Officer and Co-founder of HMS (Hardware Meets Software). His company is a leading provider of industrial communication solutions. He explained to us how he still sees hesitancy from customers to make the leap to wireless in industrial settings. Customers worry that data transmitted wirelessly isn’t as secure as if done by wires.
The industrial sector is exploring wireless connectivity. In Dahlström’s experience, some take a flyer on Bluetooth which is a secure option but falls short when it comes to bandwidth. WiFi can cover the bandwidth issue, but at the expense of security.
“We see a lot of excitement around 5G because when our customers look at 5G, they’re saying ‘we finally get a technology with a low, latency, high bandwidth, but also security’” said Dahlström.
We caught up with Dr. Henning Löser, Head of the Audi production lab where their factory of the future features advanced robotics and automated guided vehicles (AGVs). His security strategy is focused on, among other areas, the machinery in the Audi production line. Dr. Löser explained: “One of the worst things that could happen is that if someone, for whatever reason, gets access to our robot controls.”
Robots not following their set programming greatly disrupt operations. It also poses a huge safety risk for employees on the factory floor. “When you hook up everything with cables, you know your entry points, but if you hook something up wireless, you want to make sure you control the entire ecosystem in order to keep your operations safe,” Dr. Löser advises.
Start with identity. AI can help
For Ivo Rook, Senior Vice President of IoT at Sprint, when it comes to securing IoT networks, it starts with identity, and from there, you can even bring in AI to help. “It is absolutely our responsibility and duty to be able to say this is a device that I know and determine what this device can do, which also means that I can detect when it’s doing things that it isn’t supposed to do,” said Rook.
Once an organization has mastered identity authentication, operators can build security around that and begin to utilize artificial intelligence (AI) to help. “It is no different than us utilizing IoT for preemptive maintenance, you can utilize IoT and AI to do preemptive curing of potential attacks,” said Rook.
Protecting critical infrastructure
A major area of security concern has always been critical infrastructure, including power plants and utility providers. For companies like Grundfos, who are responsible for the safe delivery of water to municipalities and buildings, security is imperative. Fredrik Östbye, former Vice President and Head of Digital Transformation at Grundfos explained to us the challenges he faces with network complexity, and how security fits in: “This technology spans quite wide, from physical devices on one end to cloud infrastructures and APIs on the other end. This end-to-end set-up is extremely important to get in place, and that includes security as a key thing that needs to be solved.” As he further explained about protecting critical infrastructure, “it’s not an option to let those get hacked.”
Safer autonomous vehicles
Self-driving vehicles are among the top of the list of things where poor security can lead to disastrous losses. Hackers have already shown they can take remote control of cars, which is a terrifying prospect. Veoneer is one such company that must take security seriously as their self-driving vehicles take the road. When it comes to security, Nishant Batra, Executive Vice President and Chief Technology Officer, has to also take into account standards like Safety of the Intended Functionality (SOTIF) which governs autonomous vehicles and the safety violations that would occur despite their not being the failure of an operating system. For autonomous vehicles, this means enabling the AI to continue to analyze data for safe operations of the car, even if an outside force tries to take control. “The car should do what it’s supposed to do even if somebody tries to make it fail,” said Batra.
As you can see, there are many different applications for IoT, each with its own set of challenges when it comes to deployment, maintenance and above all, IoT security. If you’d like to learn more from these IoT leaders and others about the challenges they face and how they achieved IoT success, please check out our podcast series, “Talking IoT with Ericsson.”