The ever-evolving IoT landscape: Blessing or Curse?
Vasiliki-Georgia Bilali, Antonia Kardara, Dimitrios Kavallieros, George Kokkinis
IoT landscape is ever-evolving, influenced mutually (or both) from technological and social needs. IoT applications are evolving as the technological services and products are updated and different industry tendencies and policies are applied. This perpetual evolution emerges from the need to automate, facilitate, and enhance daily routines and operational processes. The long-term goal is to provide technological innovation to users/experts and operational innovation in targeted environments without compromising the security of systems and assets.
The primary and most important factor for the continuing development of the IoT is the expansion of network capabilities, as a result of globalization, digital transformation, and functional automation. CISCO report [1] states that by 2023 over 60% of enterprises will focus on network capabilities implementing the digital strategies of organizations.
IoT Business Index survey [2] presents the global adoption of IoT by businesses between 2017 and 2020, measured on a scale of 0 -10 points. More in particular, businesses committed money to IoT services and products in 2020 of 1.53 points in excess than in 2017. In addition, the internal implementation of IoT functions has reached 2.48 points more in 2020. Finally, the financial effort has increased in 2020, showing that 36% of companies have invested an additional 11% to 50%.
Also, technological advancements have been derived by the dominance of Industry 4.0. Further on that, a variety of emerging technologies have been released, targeting on the modification of traditional industrial practices to the adoption of IoT technologies and M2M communication.
Some of the most broadly used emerging technologies [3] are:
- Predictive maintenance, which monitors production data and identifies patterns thus predicting and avoiding risks during the production phase. In this way assets failure is prevented.
- Digital Twins, which replicate the developing product in a digital form, so that it is possible to understand the short comings before the entire product is finished and investments made.
- Supply Chain Management, which tracks the location and the state of goods facilitating in that way the industrial processes.
Despite, the enlarged positive impact that brings, IoT evolution bears several risks in IoT ecosystem starting with the continuous growth of threat landscape as the IoT botnet getting larger and larger. An additional risk is the automation and self-monitoring tactics that have been provided by Industry 4.0 era. The central orchestration of the ecosystem is based on trained AI algorithms and by default settings, leading the system into operational accidents and malicious “traps”. Parallel to that, the evolution of global network trends and demands gives the opportunity to attackers to have access to an always open available cloud environment accessible from most of the worldwide population. Based on the criminological theory of Eck’s Problem Analysis triangle [“Crime will occur when offenders and targets converge in places where all three controllers—guardians, handlers, and managers—are ineffective, absent, or negligent. The theory is often depicted as the crime triangle, also called the problem analysis triangle and has its premised on routine activity criminological theory”] adapted to the general IoT framework we end up to the below assumption:
“When a malicious motivated actor targets a suitable victim (organization/user) within a specific place (in our case the cloud environment) and the victim is lacking a guardian/regulator (automated process) there is a high possibility this victim to be under attack.”
At this point, the delicate balance that needs to be found must be pointed out, so that each end-user can ultimately benefit from the positive impact of IοT landscape, while also tackle the obstacles from the parallel growth of identified threats. FBI’s overall framework for IoT protection and defense [4] underlines that a) the network always needs to be locked down to eliminate potential intruders; b) it is vital for every device to have a password completely unique that can be reset periodically; c) UPnP (Universal Plug-n-Play) allows a computer to recognize and configure new outlying devices but also the main conductor of quite serious security flaws FBI nominates that it can possibly be disabled on routers; d) the separation of the computer devices from IoT devices and the escalation of them throughout independent networks seems to be a sufficient protection measurement respectively. Last but not least a crucial aspect of security measurement [5] seems to be the e) security patches updates. Concerning a possible f) update Wi-Fi router’s firmware, is not always an automatic process. Such updates often include fragile and useful security information that targets in network’s security enhance. Thus, we can point out the urgency of these updates and the need of periodically supervision of them. Such actions ensure that there are not any pending update issues of the system, excluding automatically additional security gaps from the failure of the systems updates.
Taking into consideration the uptime requirements, governing the industrial framework can be an invincible risk to deal with. As the digital development and the enlarging connectivity of business processes has evolved the ‘malicious’ surface of the IoT landscape, so did in the industrial network’s ecosystem. Though the analysis of the possible ways of protection [6] and detection it seems that there are various ways to enhance this general security risk profile which can be said to have been constructed.
The Cyber-Trust platform came to bring pioneer solutions to previously mentioned security concerns and reinforce the positive side that can be derived from the IoT opportunity. The solution that initially promotes Cyber Trust is based on the following pillars that align with the technical objectives of the project:
- To protect the hardware and software configurations of IoT devices.
- To develop an inventory of authorized (and unauthorized) software.
- To manage hardware devices on a network effectively so that compromised devices are denied access.
- To build a framework for efficient continuous vulnerability assessment and remediation.
- To ensure a trustworthy IoT operation and verify the behaviour of IoT devices against security policies.
- To increase the resistance of IoT networks against DDoS attacks.
- To develop tools and methods for protecting sensitive data and users’ privacy.
- To develop a cyber-security platform that goes far beyond the state-of-the-art.
In a nutshell, we should always bear in mind that alongside the positive outcome of the discovery and adoption of new IoT technologies, negative issues which derive from them will always be identified. It is in our discretion to manage the situation in such a way that a positive outcome will arise finally.
References
[1] 2020 Global Networking Trends Report, CISCO, Online: https://www.cisco.com/c/dam/m/en_us/solutions/enterprise-networks/networking-report/files/GLBL-ENG_NB-06_0_NA_RPT_PDF_MOFU-no-NetworkingTrendsReport-NB_rpten018612_5.pdf
[2] The IoT Business Index 2020: a step change in adoption, The Economist, Online: https://learn.arm.com/rs/714-XIJ-402/images/economist-iot-business-index-2020-arm.pdf
[3] Impact of IoT Across Industries: 2020 and Beyond, Iot.do, Online: https://iot.do/impact-iot-industries-2020-06
[4] Eck, J., 2010. Places and the Crime Triangle. In Cullen, F.T., and Wilcox, P. (eds), 2010. Encyclopedia of Criminological Theory. Thousand Oaks: SAGE. (https://study.sagepub.com/system/files/Eck%2C_John_E._-_Places_and_the_Crime_Triangle.pdf)
[5] Internet Crime Complaint Center PSA on IoT devices,Federal Bureau of investigation ,Online: https://www.ic3.gov/media/2015/150910.aspx
[6] 7 Actionable Tips to Secure Your Smart Home and IoT Devices, IEEE Computer Society, Online : https://www.computer.org/publications/tech-news/trends/7-actionable-tips-to-secure-your-smart-home-and-iot-devices
[7] Internet of Things (IoT),The four-step journey to securing the industrial network, Cisco Blogs,Online : https://blogs.cisco.com/internet-of-things/the-four-step-journey-to-securing-the-industrial-network