Security warning over the Internet of Things

Lack of security built into the Internet of Things could be catastrophic, warn researchers

A lack of security built into devices forming the so-called Internet of Things (IoT) could be catastrophic in the event of a cyber attack, according to a new report by Beecham Research.

The report, entitled "Evolving Secure Requirements for the Internet of Things", warns that there are insufficient security capabilities within the emerging IoT standards to manage the long life-cycles expected of many connected devices.

"While we may have some visibility of potential attacks over a few months, we need to protect IoT devices in the field for 10 years or longer," said Professor Jon Howes, one of the authors of the report and technology director at Beecham Research.

He continued: "Devices must be securely managed over their entire lifecycle, to be reset if needed and to enable remote remediation to rebuild and extend security capabilities over time."

This lack of security could enable "immense damage" to be wrought by cyber attackers in the future, warns Howes. He believes that the answer to these challenges lies at the architectural level for both devices and systems, and stretches from semiconductors through to network operators and system integrators. This approach underlines the need for common security objectives across the industry and interoperability within broad systems, he added.

According to Elliptic Technologies chief technology officer Mike Borza, a large part of the problem is that many of the companies involved in the internet of things are rushing to building new devices, and security comes way down their list of priorities.

"A lot of these early Internet of Things devices are being developed on shoestring budgets by development teams anxious to get into the market quickly. What they want to do is to demo their capabilities and, frankly, designing devices to be secure and reliable is a difficult task. It takes a lot of effort that doesn't show up in the functionality of the end product," says Borza.

"Furthermore, there are currently no standards either for security or interoperability of connected devices, leaving the market open not just to poor security, but also proprietary standards. We are still at the experimentation stage where technology companies are just deploying functionality and saying ‘Look at all the cool stuff we can do'," said Borza.

To find out more about the report, please email [email protected]

What are the security challenges to be overcome and the next steps in securing the Internet of Things? Click here to subscribe to Computing in either print, iPad or Android editions.