The new IoT Cybersecurity Alliance aims to share best practice for protecting connected devices.
The Internet of Things (IoT) with its growing number of devices, networks and potential points of overlap, or pivotal points of interoperability, presents a growing level of security risks that must be addressed in a cybersecurity strategy.
As an example, the US telecom provider AT&T has reported a 3,198% increase in attackers scanning for vulnerabilities in IoT devices over the past three years. However, at the same time AT&T found in a 2016 survey that almost 60% of companies were not confident in the security of their IoT devices.
The upshot of this is the formation of an IoT Cybersecurity Alliance to raise awareness and help address the IoT cybersecurity challenges and related issues. Participating companies along with AT&T are IBM, Nokia, Palo Alto Networks, Symantec and Trustonic.
“The explosive growth in the number of IoT devices is only expected to continue; therefore, so must the associated cybersecurity protections,” says Mo Katibeh, AT&T senior vice president of Advanced Solutions.
“Today’s businesses are connecting devices ranging from robots on factory floors to pacemakers and refrigerators. Helping these organisations stay protected requires innovation across the whole IoT ecosystem to enable sustainable growth.”
According to an AT&T statement, alliance members believe the key to IoT security lies in protecting all devices at the endpoint, network, cloud and application layers, and using overarching threat analytics to study the overall ecosystem and designing products with a built-in, always-on security approach.
Alliance members want to advise customers and educate the industry on the cybersecurity measures needed to create a safer IoT ecosystem, foster collaboration and advance innovation with top cybersecurity and IoT thought leaders.
Specifically, goals of the IoT Cybersecurity Alliance include collaborating and researching security challenges of IoT across verticals and use cases such as connected cars, industrial, smart cities and healthcare.
Others are to dissect and solve for IoT security problems at every critical layer of security, i.e. the endpoint, connectivity, cloud and data/application layers, and to make security easy to access across the ecosystem. Security needs to exist across the value chain. Users will benefit from innovative IoT services and infrastructures that can withstand the ever-evolving threat landscape.
The alliance also intends to influence security standards and policies. It will engage regularly with policymakers and other organisations. Using each group member’s leadership and expertise will raise awareness of cybersecurity. Alliance members will help the industry maximise the advantages of IoT while educating about how to keep companies and consumers more secure.
“Be it a connected car, pacemaker or coffee maker, every connected device is a potential new entry point for cyber attacks,” said AT&T Chief Security Officer Bill O’Hern.
“Yet, each device requires very different security considerations. It’s become essential for industry leaders and innovators like those in the founding members of this Alliance, to work together to help the industry find more holistic security approaches for IoT.”
With its experience with smart metering, the utility sector appears to be both more aware and more advanced in its cybersecurity activities than other sectors. For example Vodafone’s 2016 IoT barometer found that 59% were working on security guidelines, while 52% said they were working with a specialist security provider.
While this is encouraging, there is also no room for complacency.
Besides the fact that still a considerable number of utilities either aren’t apparently prioritising cybersecurity, or are deferring the issue beyond the near term, the number of IoT initiatives is rapidly increasing.
According to the Vodafone barometer, in the 12 months prior to its publication, 93% of the energy and utility adopters increased their number of IoT projects.
Furthermore than half said they had new connected product and service initiatives in the pipeline which they intended to launch within two years. And these numbers will only grow as the energy transformation deepens and new products and services are brought to the market.
According to a recent white paper from Navigant Research, the IoT tipping point is expected to come in 2021, with more than 1.3bn devices connected in homes and commercial buildings.