Page 49 - Cyber Warnings
P. 49
impact of an attack that causes a device to: a) misbehave; b) attack other parts of the
enterprise; and c) launch attacks outside of the enterprise. In the case of utility or industrial IoT,
these attacks could compromise critical infrastructure and endanger lives or harm the national
economy.
Users can take steps to control their IoT environments following security best practices like
changing device default passwords, connecting devices to secure networks, and enforcing rules
about how, when and with whom IoT devices can communicate. The Cloud Security Alliance
has also published guidelines specific to the securing of IoT devices. Their top five suggestions
include the need to:
1. Design and implement a secure firmware/software update process for IoT;
2. Secure product interfaces with authentication, integrity protection and encryption;
3. Obtain an independent security assessment of all IoT products;
4. Secure any companion mobile applications and/or gateways that connect IoT
products to networks
5. And implement a secure root of trust for root chains, and private keys on each
device.
Unfortunately, many of these common security best practices such as secure roots of trust,
network security, firmware updates, and even maintaining unique certificates are challenging to
implement when it comes to IoT. Additionally, the limitations of many IoT devices, makes their
integration into enterprise security capabilities (e.g. network access controls, address
whitelisting, key management) a difficult or impossible task. The good news is that many in the
security community are hard at work on this problem - building the tools and services to secure
the IoT.
About the Author
Nate Lesser is the Managing Director of MasterPeace LaunchPad, an advanced
technology startup studio in Maryland, and has spent the last 15 years driving
innovation at the nexus of technology and business. He has held technical and
executive positions in government and the private sector. He works with
cybersecurity technology builders, buyers, and investors to improve the
efficiency of the innovation ecosystem.
Nate is a strategic leader, cybersecurity expert, and advisor to numerous startups and non-
profits. He serves as a Senior Fellow at the George Washington University Center for Cyber and
Homeland Security, a mentor at the Mach 37 cybersecurity accelerator, CEO at Cypient, and
Advisor at Zuul IoT.
49 Cyber Warnings E-Magazine – May 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
