CSA releases guidelines for securing IoT products
Amid growing concerns about IoT devices being used for cyber attacks, the Cloud Security Alliance (CSA) released a 13-step guide for securing IoT products.
Internet of Things (IoT) devices were recently used in two massive distributed denial of service attacks (DDoS) one against security expert Brian Krebs’s blog and another against French internet service provider OVH. These were possibly the largest DDoS attacks to date. If not secured properly, IoT products can indeed be used to conduct DDoS attacks, and they can also be used to compromise user data privacy. Going forward, critical national infrastructure will rely more and more on the IoT ecosystem. But no matter how crucial securing IoT products may be, it is still all too often neglected. In order to help designers and developers with securing IoT products, industry group the Cloud Security Alliance (CSA), has just released a set of guidelines. According to CSA, there is a lack of understanding among product developers as to where to start.
“It is often heard in our industry that securing IoT products and systems is an insurmountable effort,” said Brian Russell, chair of CSA’s IoT Working Group and chief engineer, Cyber Security Solutions, at Leidos. “However, with the help of our extremely knowledgeable and dedicated volunteers, we are providing a strong starting point for organizations that have begun transforming their existing products into IoT-enabled devices, as well as newly emerging IoT startups. We hope to empower developers and organizations with the ability to create a security strategy that will help mitigate the most pressing threats to both consumer and business IoT products.”
The lack of security in IoT products has partly to do with security being new to many device manufacturers but also, and more worryingly, to a widespread lack of concern about security among IoT startups. A survey of technology startups conducted by the CSA in 2015 showed indeed that investors and technology startups are not concerned with the security of their products, focusing instead on getting their products to market quickly. The lack of IoT security standards is not helping the matter.
13 steps for securing IoT products
Here are the 13 steps recommended by CSA:
- Start with a secure development methodology
- Implement a secure development and integration environment
- Identify framework and platform security features
- Establish privacy protections
- Design in hardware-based security controls
- Protect data
- Secure associated applications and services
- Protect logical interfaces/APIs
- Provide a secure update capability
- Implement authentication, authorization and access control features
- Establish a secure key management capability
- Provide logging mechanisms
- Perform security reviews (internal and external)
The detailed guidelines are available for download on CSA’s website.
The Industrial IoT Consortium (IIC) also released the Industrial Internet Security Framework (IISF), an IoT security framework focusing on security issues in industrial systems.
IIoT News Recap: Huawei achieves 5G speed breakthrough with Polar Code; Researchers develop low-cost sensor network for flood detection; Intel announces availability of Intel Building Management Platform; U.K.’s BSI advocates use of agile methods for smart city projects; Google’s self-driving car records most serious accident to date
Road to 5G: Huawei achieves 5G speed breakthrough with Polar Code
Using Polar code, an innovation in channel coding technology, Huawei achieved downlink speeds of 27 Gbps, Telecom Asia reports. Huawei demonstrated that polar code technology can meet use cases involving, simultaneously, speeds in the tens of gigabits, 1 millisecond (ms) latency and billions of connections, offering three times the spectrum efficiency of current radio access networks (RANs).
Predictive analytics: Researchers develop low-cost sensor network for flood detection
A team of researchers at the Advanced Institute of Industrial Technology in Japan has developed a cloud-based, low-cost, sensor-based system to collect data and predict river flooding in real-time, Asia Nikkei reports. The data is processed via a Raspberry Pi microcomputer. In partnership with Brunei’s national university, the researchers plan to use the system in developing tropical regions, such as Brunei itself.
Smart buildings: Intel announces availability of Intel Building Management Platform
Announced in June 2016, Intel Building Management Platform (Intel BMP) is now available, the IT vendor announced. Aimed at small- and medium-sized buildings, Intel BMP helps manage data securely from building systems and sensors. Lucid and Volteo will be piloting Intel BMP through the end of the year.
Smart cities: U.K.’s BSI advocates use of agile methods for smart city projects
In a Publicly Available Specification (PAS) draft released for consultation (titled PAS 184:2017), the British Standards Institution (BSI) recommends the use of agile methodology for the planning and delivery of smart cities projects, UK Authority reports. The draft also points out that the major strategic risks in smart city projects are related to business and cultural changes rather than technological ones.
Autonomous driving: Google’s self-driving car records most serious accident to date
Google’s self-driving cars were involved in four accidents in September, according to Google self-driving car’s September report. The most serious accident to date occurred in the last week of September as a Google test driver was hospitalized after getting t-boned by a van that ran a red light in Mountain View, California. Google’s self-driving car project reached a milestone in September, recording a total of two million fully-autonomous miles on public roads, equivalent to 300 years of human driving experience.