Simon Bryden, Manager Consulting Systems Engineering at Fortinet, discusses why an integrated and holistic security architecture is necessary to offer the visibility required to see and identify IoT devices, as well as offering prevention and detection components needed to mitigate the effects of an attack.
Internet of Things (IoT) devices are everywhere. From consumer devices such as connected thermostats and door-entry systems to Industrial IoT (IIoT) such as actuators and sensors, these smart and connected devices are increasingly being deployed in all areas of industry – manufacturing, oil and gas, energy, mining and agriculture.
IoT offers endless opportunities
It’s all about the data. The value and intelligence derived from the data that is extracted from these devices is priceless, with endless opportunities for organisations or individuals. IoT adoption figures confirm this growing importance: connected devices have exponentially increased in the last five years, with approximately 20 billion devices in 2020 and around 75 billion planned by 2025.
This acceleration will be fuelled by 5G. For most people, 5G is associated with faster downloads to their mobile phones. However, the real driver for 5G will not be phones but IoT as it will bring powerful capabilities such as high device density and highly reliable communications with very low latency. In addition, cheap sensors can be built with a low operational cost, identity management, authentication and authorisation mechanisms, as well as roaming and mobility.
What are the cybersecurity impacts on IoT in a 5G world? A big issue is that the IoT devices market isn’t regulated and homogeneous. With cheap consumer IoT, there is not a significant demand nor budget for security, and as such, it tends to be somewhat forgotten. However, if we look at medical IoT devices, we can be certain that security is taken very seriously. In addition to that, if we take IIoT devices running in critical industries and used to monitor critical infrastructure, here are a number of security aspects that need to be considered:
- IIoT devices tend to run on constrained hardware with little or no management interface. These devices are often not field-upgradable and may have limited means to determine if they are operating correctly. They often have limited cryptographic functionality meaning that they have very weak (or non-existent) authentication and encryption capabilities.
- Physically, IIoT devices are often installed in hard-to-reach places (underground, underwater, or on top of buildings), or publicly accessible places. Devices must be able to operate unattended for long periods and be resistant to physical tampering.
So what about 5G? New services bring faster bandwidth and support for massive numbers of endpoints, and network operators need to be sure that their security solutions can keep up. Similarly, the introduction of Mobile Private Networks and Multi-Access Edge enables both the mobile network and the compute infrastructure to be placed as close as possible to the devices themselves. This allows compute resources to be co-located, eliminating expensive cloud round-trip times. These services are key enablers of ultra-reliable low-latency connectivity which is a key driver in Industrial IoT networks. But on the other hand, this concentration of network and compute infrastructure becomes a critical part of the network and protecting it is paramount.
Best practices to protecting IoT in a 5G world
The reality is that no device is truly secure and for that reason, we need a comprehensive and integrated approach to security that can deliver the following three key capabilities:
- Visibility – Having a global view of the system and its components, understanding which devices are connected to the network and whether they are operating normally is key.
- Prevention – IoT devices often have limited connectivity needs, and segmentation can be used to restrict access. Application-aware firewalls can ensure that only authorised protocols and applications are allowed, and intrusion prevention can detect and block any attempts to scan for vulnerabilities or security holes and prevent any attempt to exploit those vulnerabilities. The next-generation firewall provides all of these security tools and many more, and should include an Industrial package that understands all of the protocols and applications that are commonly used in industrial networks. For the IoT infrastructure and ecosystem, most communication is via REST APIs, so a dedicated tool here is required to ensure that any attempts to gain access or exploit these APIs is detected and stopped.
- Real-time detection and mitigation – Despite best efforts to block an attack, we must always assume that one day the attack will succeed. Following a successful exploit, there is a period where the attacker will try to get as much information as possible about the environment, try to determine where the high-valued assets are, and how best to monetise the breach. This means that there is a short window of opportunity to detect the breach, identify the compromised devices and remove them from the network, to ensure that the breach is contained and the attack blocked. Here, a full range of solutions for Anti-botnet, Compromise Detection, User & Endpoint Behaviour Analysis, designed to detect infection as soon as it happens, is necessary.
In conclusion, the steps to securing IoT in a 5G era won’t be any different than what we see in other ecosystems: an integrated and holistic security architecture is necessary to provide not only the visibility required to see and identify these devices, but also deliver the prevention and detection components needed to mitigate the effects of an attack.Click below to share this article