By Milica D. Djekic
The security of the Internet of Things (IoT) is one of the main challenges of today. Many IoT assets could get an easy target to cyber attacks and it’s highly recommended to somehow cope with these requirements. The best practice is something that would deal with the final solutions, while we would like to suggest that an IoT design is something we should pay more attention on. When we say a security within a design – we would mean by that a better cryptography equally being applied to communication channels and end user’s data. In other words, the role of this chapter is to deal with some suggestions regarding the IoT security and try to explain how we could improve the next generation solutions.
The main IoT security’s requirements
The IoT should offer us a great deal of security and privacy. Unluckily, with today’s solutions that’s not fully the case. Many IoT solutions would deal with the so called – rookie’s mistakes and it would appear as absolutely unbelievable how some solutions being expected to get highly professional would cope with some beginner’s questions. The IoT security’s requirements should get high and as many research institutions would indicate it’s about the best practice. The fact is the IoT security is about the appropriate risk management, but the point is if we could do anything more than such best practice could. Right here, we would point on the possible IoT design that should offer us stronger safety and security through its usage. The cybersecurity is a wide topic and through this chapter – we could discuss many of its aspects. At this stage, we would try to concentrate on all the necessary steps that should get taken to offer us much safer private and business environment.
As it’s already suggested through this material, the IoT solutions could include ICS, SCADA and PLC systems, embedded devices, mobile technologies and much more. The main question here would be how we could make all of these advancements being more secured. The majority of a job could get about the proper set up of those devices being correlated to each other. In other words, we should work hard on a good hardware, software and network configuration trying to put the risk at the lowest possible level. Also, it’s important to mention that every single day some of the staffs should maintain such a system working hard on a better risk management. Many research efforts would deal with some tips and tricks how it’s possible to set up your environment in order to avoid any sort of unpredictable scenario. Even if that scenario occurs – we should always try to rely on a disaster recovery plan as well as business continuity strategy that should support us in resolving some of the practical issues already being happened in a practice.
Finally, some of the challenges for a future would indicate that it’s not all about the management of the existing solutions, but rather about development and deployment of new systems that would deal with a better cyber defense. For instance, many experts would indicate that the IoT of the future should cope with the stronger encryption and in such a way – offer the better performances to its next generation devices. Also, it’s well known that IoT systems would use the big network being created using many devices talking to each other. In other words, it’s so recommended that those devices should get a well-protected communication channel as well as deal with the good data cryptography securing the devices themselves. In conclusion, some of the next generation IoT improvements are about the better device’s security which could get obtained through the good practices, disaster recovery and business continuity strategies and much stronger design of the final products relying on more advanced encryption solutions.
The recommendations coming from a practice
Through the practice, we would notice that many IoT solutions would need better software, hardware and network configuration. Also, we would realize that the majority of those systems would not follow the basic recommendations suggesting that the inbound ports should get hidden from some of the IoT search engines. Also, many networks would not use both – software and hardware firewalls or they would take the minimum of actions in updating their routers, modems or the other network devices.
Also, we would notice some sort of the lack in terms of the good practice in managing the appropriate authentication. In simple words, people would not try to deal with the strong usernames and passwords that would make an access to the hackers being much requiring. These are only some of the examples being noticed in a practice and some of the advices being indicated to the IoT systems’ users in order to make them do the better improvements of their security’s capacities.
The challenges for a future
At this stage of the IoT development and deployment – we would deal with many security’s requirements that should get overcome so shortly. Some of the weaknesses to this concept are already known and the expert’s community works hard to resolve those concerns. On the other hand, many of vulnerabilities are being discovered as time goes on and we believe that these findings could only help us improving our current capacities.
In addition, we think that the IoT of the future would deal with much better encryption. We are aware of how these solutions could get expensive at this stage, but we believe that many security’s risk, threats and challenges would make cyber industries seriously deal with this sort of challenges. Finally, it’s important to say that there are still many challenges to the IoT technology and we hope that they would get their responses in a coming time.
The concluding talk
At the end, we could conclude that the main challenge to the IoT technology could get its security. Through this material – we would talk about how serious consequences of the unprotected IoT assets could be to their owners. In order to avoid anything of that happens in the future – we should begin thinking hard about the possible solutions. In such a sense, any support of the expert’s community is welcome and we honestly hope that the future would bring us fewer concerns and offer a much better environment to all.
About The Author
Milica D. Djekic is an Independent Researcher from Subotica, the Republic of Serbia. She received her engineering background from the Faculty of Mechanical Engineering, University of Belgrade. She writes for some domestic and overseas presses and she is also the author of the books “The Internet of Things: Concept, Applications and Security” and “The Insider’s Threats: Operational, Tactical and Strategic Perspective” being published in 2017 and 2021 respectively with the Lambert Academic Publishing. Milica is also a speaker with the BrightTALK expert’s channel. She is the member of an ASIS International since 2017 and contributor to the Australian Cyber Security Magazine since 2018. Milica’s research efforts are recognized with Computer Emergency Response Team for the European Union (CERT-EU), Censys Press, BU-CERT UK and EASA European Centre for Cybersecurity in Aviation (ECCSA). Her fields of interests are cyber defense, technology and business. Milica is a person with disability.