How Secured Is Your IoT Business?
Think of reliability, safety and profit when considering security in the Internet of Things
What might happen if attackers found a vulnerability in a car stereo’s remote update function? They might learn that they can not only control the radio, but also run the windshield wipers or even steer the car remotely with the help of only a laptop and a smartphone. All of a sudden, a capability that was supposed to make life easier has now put safety and security at risk.
By 2020, Infineon is preparing to have 4 billion people connected to the Internet of Things. While that adds up to a $4 trillion revenue opportunity—it also means there are 4 billion entry points for attacks much more malicious than a car stereo. That’s even before you consider the networks, applications, cloud and more.
Suffice it to say: it’s worthwhile to take a step back and consider how secured your IoT business really is.
Security is like Swiss cheese: imperfect
Steve Hanna, senior principal at Infineon Technologies, is responsible for IoT security strategy and technology globally at the company. He says the first step in securing an IoT business is admitting there’s no way to build a perfect system.
“All software inherently has bugs like Swiss cheese has holes,” Hanna said. “You can never get it all out, you can just reduce it to a certain level.”
Better security starts with risk analysis. By looking at your business and products from a risk perspective, Hanna says, you’ll answer an important question: What are the possible things that could go wrong and how do I mitigate those?
For example, buying a refrigerator can be a one-time, single transaction purchase. But in the connected world, where your refrigerator can deliver your daily news and weather in addition to refreshing your grocery list, appliance companies can create ongoing customer relationships that leverage built-in technology.
“Those new business models go down the tubes when an IoT device isn’t secure and someone shuts off the functionality,” Hanna said. “If people don’t trust it, they won’t use it—which means the manufacturer misses out on ongoing revenue.”
Reliability, safety and profit
While some industries with histories in risk management are leading the charge when it comes to IoT security (think medical or industrial), others like consumer electronics are not as used to the new world of risk that the Internet of Things brings.
“They get carried away with the new technologies and then don’t think of all the implications,” Hanna said. “Without security, there is no safety.”
Hanna said business risk in IoT comes down to three words: reliability, safety and profit. Those are the things businesses should care about most—and the pieces that are the most crucial to get right.
As far as reliability, Hanna said, “We should be able to increase the uptime in factories. We should be able to fix things remotely before they become serious problems. However, if we get the security wrong, that helpful update can become a backdoor for attackers.”
That bleeds right into not only safety of consumers and employees, but also damage to a business’ bottom line.
“When there is a safety problem or a security problem, it can result in brand damage, so that’s not something that we want either. The bottom line—profit—can suffer as well,” he said.
Protect the house—and keep the valuables in the safe
So, you’ve considered the business implications and done a risk assessment. But where can you start to truly move the needle on IoT security?
Hanna says it helps to place all the most critical functions of a product in one tightly secured chip, thereby “reducing the risk because you’ve reduced the attack surface.”
“Think of the chip as being like a safe in your IoT house,” he continued. “Of course you have locks on your front door. But you put your most precious items in your safe. Yeah, somebody might be able to break into the house—but they won’t be able to break into the safe.”
For Infineon, that safe is their OPTIGA™ line of security chips specifically designed for IoT, with a focus on authentication, confidentiality and integrity of communication and upgrades to firmware. Because chips like these are built on secure IC technology that’s been developed over the last 30 years, they can stand up to most attackers. A strong IoT partner like Avnet can then connect those chips to a complete end-to-end security scheme—the final piece of the puzzle for modern IoT deployments.
“Anyone can invent an algorithm that they can’t break. It’s easy to outwit yourself. The question is: Can you outwit someone who has been working on this for 20 years?” Hanna said.
That’s why he suggests businesses build security on tried-and-true technologies that enable them to tap into the business potential of IoT.
“IoT is a fundamental enabling technology, like electricity has been for hundreds of years. IoT as a technology will soon impact almost every business if it hasn’t already,” Hanna said. “However, the things we care about most—reliability, safety, and profit—are all put at risk if we don’t get IoT security right.”
Learn more about IoT Security and other topics at Avnet’s IoT University. A completely free, online training center with resources, live webinars and articles focused on industry best-practices and trending topics. Visit Avnet’s IoT University to get started.