have taken a stab at security by employing trusted boot capabilities, encrypting network traffic or
               using  Secure  Shell  (SSH).  But  if  they  and  the  organizations  that  buy  them  don’t  implement
               these protections in the right way, such efforts can be ineffective.

               IoT Security Best Practices
               So, how do we go about securing our infrastructure and data in the new digital age? Securing
               IoT starts before the pieces are even put in place. It begins during the equipment and software
               selection process. When feasible, it’s important to select equipment and software with built-in
               security protections.

               Organizations should also take measures to ensure that their systems are secure by regularly
               changing the default usernames and passwords on their IoT devices. Updating IoT devices with
               the latest operating systems and patches also helps ensure the security of the network. There’s
               no  one-size-fits-all  approach  to IoT  network  security,  of  course,  but  data  encryption,  network
               authentication and secure private networks all help provide additional protection to vulnerable
               systems.

               Because  IoT  has  implications  for  both  the  information  technology  (IT)  and  operational
               technology (OT) parts of an organization, staff members from both the IT and OT teams should
               work  together  to  decide  what  IoT  security  posture  is  right  for  their  organization.  IT  and  OT
               engineers  should  collaborate  in  setting  up  security  policies  and  procedures to  implement  IoT
               security for their applications, devices and networks.

               IoT Talent Requirements and Gaps
               Collaboration between IT and OT team members with existing skillsets will only get us so far,
               though.  That’s  because  creating,  securing  and  supporting  IoT  implementations  requires  new
               skillsets. Both IT and OT need digital expertise. So, training staff members to address IoT is
               essential for organizations as they stage their digital transformations.



               The converged architecture involved in IP-connected factories, for example, introduces a talent
               gap not met by current IT or OT professionals. As a result, individuals from each discipline need
               to learn the technology from the other. Additionally, soft skills in areas such as communication,
               collaboration and project management enable teams to work together in a more productive and
               integrated way.




               For IT engineers, learning about industrial networking and application protocols advances their
               skillsets in the digital era. Gaining knowledge about wireless deployment is also essential for
               such  industrial  verticals  as  mining,  transportation  and  utilities.  Understanding  IoT  security
               technologies and being able to implement the most relevant ones for a particular organization
               gives IT professionals a strategic advantage.




                    68   Cyber Defense eMagazine – September 2017 Edition
                         Copyright © Cyber Defense Magazine,  All rights reserved worldwide.