Security in IoT

Since its first introduction 15 years ago, the Internet of Things (IoT) has now become one of the hottest topics. These days, thousands of new IoT products are launched into the market each year. Although the first IoT product was only a modified Coca Cola machine, IoT is now a part of our everyday lives. Now, we feel that this is a great change. Information security is often a neglected topic, but with IoT, it’s begun to turn heads.

Stories have been already published to show that security measures are needed for IoT products as IoT hacks are on the rise. With smart car hacks, baby monitors hacks, and children’s toys hacks running rampant, we have to ask about security. Technically speaking, not all IoT products need security. Children’s bracelets that only sense a child’s mood through body temperature do not need as many security measures compared to bracelets that track a child’s location. Security is often concerned only when data is evaluated as being valuable when compromised.

How Is Security Different for IoT Businesses?

Currently, there are three major types of security that businesses regularly use:

Physical Security

Physical security is the protection of personnel, hardware, programs, networks, and data from physical circumstances and events that could cause serious losses or damages. Examples of physical security include CCTV surveillance, security guards, access control protocols, etc.

Information Security

The second type of security is information security. Information security is a set of business processes that protects information regardless of how the information is formatted or whether it is being processed, in transit or stored. The most common methods of information security are: encryption, malware detection, and digital signatures.

different security for IoT

Convergence Security

The third and newest type of security is convergence security. Although the quickest growing, convergence security is a new security concept. Its meaning is just what its name suggests—a convergence or combination of physical and information security. With convergence security, the security systems of a company are joined together with the company’s IT solutions. This allows the company’s physical security to play an integral role to IT. Perhaps it may become the ultimate solution to IoT security.

Many people are mistaken that convergence security is difficult to develop. However, it is just the action of incorporating information security technology to existing industry systems. Convergence security is just the act of customizing physical and information security to an industry’s protocol. It does not require a whole new concept of security algorithms. For example, if a manufacturing factory is transitioning into a smart factory, where all the equipment is automated, security is needed to ensure that hackers do not interfere with manufacturing schedules and output. The factory can then work with an information security firm to make sure previous physical security measures are updated with the newly implemented information security scheme, thereby maintaining their existing security measures while updating protocols to meet industry convergence security standards.

Top Five Industries of IoT Security Development

The development of IoT can be categorized into five different industries. Just as industries vary with the type of data or functions that they process, their actual security regulations also vary. For example, the automotive industries security regulations are much stricter than those of consumer electronics. Also, the extent of what security solutions have actually developed is based on the extent in which that industry has been developed. Because as the demand for the product or service skyrockets, so does the demand for its security. Because of these reasons, five industries have been identified as focal points in the demand for IoT security development.

1. Automotive

Probably the most pressing IoT security issues is smart car technology. Duk Soo Kim, the CTO of Penta Security Systems, said that “Security technology has been used to protect the assets of businesses and people, while smart car security protects those people’s lives.” It is clear that hacking smart cars or transportation system/traffic information systems can directly lead to serious physical damage and/or casualties. The US Department of Transportation has already taken key steps toward requiring security technology to be installed in every smart car in the U.S by proposing regulations for standard Vehicle-to-Vehicle (V2V) technology. Smart car security solutions such as AutoCrypt, CycurLIB, ArgusIDPS and Aerolink are already available in the market.

2. Consumer Electronics

Consumer electronics are the most common of IoT products. From major tech conferences, such as CES and the Internet of Things World Forum to television commercials, you can see that IoT is quickly becoming a part of our common lives. Although we have seen a surge in consumer electronic hacks in the past couple of years, the focus of smart consumer electronics remains to be “connectivity,” with little focus on security development. For example, home appliance manufacturers call its new refrigerator as “family hub” since items are more connected, but home appliance companies often don’t highlight how the data being collected is protected. Much to our surprise, reports of refrigerators containing spam began circulating starting in 2014, awakening the dangers of what is called thingbot.

3. Smart Office

Smart offices, also known as smart buildings or smart businesses, are a rising trend in companies. With the rising concern that smart offices are an easy target to hackers, it is imperative to develop smart office security as hackers can affect a business’ productivity when they access a building’s communications system. Security for standard buildings have been incorporated in the the past. However, smart offices now involve managing and restricting access that include physical, remote, network, and device level factors.

4. Smart Factory

A smart factory is a factory with a fully integrated automation solution in its facility. In smart factories, industrial control systems (ICS), which are computer based systems, are installed to monitor and control industrial processes such as power, oil, gas pipelines, water distribution and wastewater collection systems.

The most used type of ICS is Supervisory Control And Data Acquisition (SCADA), which allows factory workers to simplify their operational duties by only needing to use electronic communications instead of local documents. Despite its convenience, SCADA is not completely secure as it was proven during the huge malware attack in June 2014 in the European SCADA systems. A malware called Stuxnet was uploaded to European SCADA control systems and sabotaged major confidential projects as well as industrial control system software.

5. Smart Grid

A Smart Grid is when Information and Communications Technology (ICT) is incorporated with the existing electric grids so that the information about producing and consuming electricity is exchanged in real time. According to the U.S. Congressional Research Service, attacks on the U.S. power grid are continuing to increase. As countries’ economies, governments and securities rely on electricity, there is a need to build strong convergence security around smart grids’ industrial control systems.

These five categories vary in terms of their services and information processed, but it is imperative any company that deals with people’s safety (both physical and digitally) must invest in security. For products that are integrated with IoT, physical or information security is no longer safe enough. As the demand for IoT products and services increase, these companies need to commit to creating convergence security systems that completely secure customers’ products and private information.


This blog post was originally featured on cloudbric.com. Visit their blog for more insight, news, and accessible information on web threats and trends. If you would like to learn more about Cloudbric’s logic-based WAF service, please contact info@cloudbric.com.