The Internet of Things’ diversity of networks, devices and applications is increasing its risk to malicious attack, with the relatively small amount of connections the only thing stopping a wide scale attack, a new report has claimed.
Presenting the findings of its new IoT Threat Map at the Internet of Things Security Summit at Bletchley Park, Beecham Research revealed there were a plethora of internal and external threats to sensors and devices. The report said IoT networks face a challenge around identification, authentication and authorisation.
Professor Jon Howes, Technology Director at Beecham Research, said: “Traditional M2M (Machine to Machine) applications are typically very focused, using specific edge devices, a single network and custom platform, making it relatively easy for security professionals to secure to the acceptable level.
“But the IoT cuts across different sectors and embraces multiple devices and networks – from satellite to cellular – along with a growing number of IoT platforms and Big Data systems, which present threats on many different levels and fronts. Wherever there is a new interface between devices, networks, platforms and users, there is the potential for a new weak link.”
The report said the main threat to networks comes at the interface level. Howes said: “With a mix of fixed, satellite, cellular and low power wireless networks as well as personal and body area networks (PAN & BAN), the challenge is to secure the transfer of multiple streams of data between selected networks without exposure of key secrets or equipment control.”
Beecham said given the variety of companies flocking to the sector, with more than 100 players offering platform solutions, there is no easy joined-up approach to dealing with security concerns.
Robin Duke-Woolley, CEO at Beecham Research, said: “Security in the Internet of Things is significantly more complex than existing M2M applications or traditional enterprise networks. Data must be protected within the system, in transit or at rest and significant evolution is required in the identification, authentication and authorisation of devices and people.
“We must also recognise that some devices in the field will certainly be compromised or simply fail; so there needs to be an efficient method of secure remote remediation – yet another challenge if the IoT is to live up to expectations.”