Please note that this is a page from a previous version of Continuity Central and is no longer being updated.

To see the latest business continuity news, jobs and information click here.

Business continuity information

Internet of Things security must be fixed for the long term: Beecham report

The potential damage to businesses and national critical infrastructure from a successful attack on cyber-physical systems through the rapidly emerging Internet of Things (IoT), cannot be underestimated, according to a new study by Beecham Research.

In a report entitled ‘Evolving Secure Requirements for the Internet of Things’ Beecham warns that there are currently insufficient security capabilities within the emerging IoT standards to manage the long life-cycles expected of many IoT devices.

“While we may have some visibility of potential attacks over a few months, we need to protect IoT devices in the field for 10 years or longer,” said Professor Jon Howes, one of the authors of the report and technology director at Beecham Research. “Devices must be securely managed over their entire lifecycle, to be reset if needed and to enable remote remediation to rebuild and extend security capabilities over time”.

Beecham believes the answer to these challenges lies at the architectural level for both devices and systems and stretches from semiconductors through to network operators and system integrators. This approach underlines the need for common security objectives across the industry and interoperability within broad systems.

This first report is a significant component of a longer study that includes substantial industry collaboration – covering silicon device vendors and extending across all major industry stakeholders – followed by publication of frameworks for an array of use cases.

The report also highlights potential future attacks on IoT systems and how these may ultimately impact users.

“The attack surface of an Internet of Things system may be substantially larger than traditional PCs, as the complexity of ensuring multiple vendors’ systems working together will lead to a greater probability of exploits being available,” said Professor Howes.

“We have all become familiar with computer malware but the impact of equivalent IoT attacks could be to take control of critical IoT systems, which could be potentially life threatening.”

Security in the Internet of Things is significantly more complex than many system designers have previously experienced, says the report. Some areas highlighted include where data must remain trusted and private, whether within the system, in flight or at rest, and the reliance on robust cryptography schemes. Additionally, significant evolution is required in the identification, authentication and authorisation of devices and people into IoT systems. Systems designers must also presume that all devices will become compromised at some point and ensure that it is possible to regain control. These devices will require quarantining inside the system while updates are being created and need to remain operational throughout the process.

The Beecham ‘Evolving Secure Requirements for the Internet of Things’ study is targeted at organizations across industry and government focused on the rapidly evolving IoT and Machine-to-Machine markets.

To find out more about the report or get involved in the longer term study, please visit www.beechamresearch.com or email iotsecurity@beechamresearch.com.

•Date: 11th September 2014 • UK/World •Type: Article • Topic: Critical infrastructure protection

Business Continuity Newsletter Sign up for Continuity Briefing, our weekly roundup of business continuity news. For news as it happens, subscribe to Continuity Central on Twitter.

How to advertise How to advertise on Continuity Central.

To submit news stories to Continuity Central, e-mail the editor.

Want an RSS newsfeed for your website? Click here