IoT Adoption Is Intensifying and Cybersecurity Needs to Catch up

According to estimates, the number of connected devices, collectively forming the Internet of Things, will exceed 25 billion by 2030. 5G’s penetration has been crucial to much of this growth. However, the Internet of Things is revolutionizing many aspects of business despite its relatively recent emergence.

Consider the following:

  • Smart cities are places where traffic management, digital signage, environmental monitoring, waste management, and many other services are organized in ways that create economic and environmental efficiencies previously unimaginable. All this while also noticeably improving the lives of their inhabitants.
  • Utility services such as energy and water. In a city like London, there are 335000kms of pipes with 24 million connections. Approximately 36,000 pipe bursts occur every year. Though leak detection technology has advanced, it’s connectivity that allows for quick detection and repair, as well as predictive maintenance that can prevent leaks from occurring in the first place. IoT will be key to fixing the United States’ aging water infrastructure.
  • Manufacturing has also been a huge beneficiary of IoT with predictive maintenance, smart manufacturing & automation, and digital simulations.
  • Precision Agriculture, Connected devices are becoming ever more important to agribusiness, used for applications as diverse as irrigation and livestock monitoring.
  • Logistics has long been invested in technology to manage fleet management, monitor transport conditions, and track packages. This process is ever improving.
  • Healthcare, IoT devices are already being utilized to remotely monitor patients’ vital signs. This has proven extremely valuable during the pandemic. IoT will play a key role in precision medicine and other emerging healthcare technologies.

 

Nevertheless, the proliferation of devices is challenging from a security, safety & reliability perspective, as cybersecurity and 5G advances have not always kept up with each other.

When we talk about IoT, most security practitioners focus on device level security. However, here are a few crucial points that should be in scope:

Data Security and Residency

These IoT devices are capturing massive amounts of data that raises questions such as:

  • How much data can they process & store locally? Is the device capable enough of processing & storage? Are there real-time processing requirements (imagine L4/L5 autonomous cars)?
  • How much data should be moved to a central location for processing & storage? What is the cost of moving these massive amounts of data? Would there be data residency issues moving the data to the central location?
  • Is there a need for a tiered system that processes the data locally and sends the insights to the central location? According to Eclipse Foundation’s IoT Working Group (refer to the white paper, “The Three Software Stacks Required for IoT Architectures.”), the IoT technology stack consists of three tiers: IoT devices, gateways, and the data center or cloud IoT platform.
  • Is the data sensitive in nature? What are the data privacy & safe data collection requirements? Is the data being shared between different systems/players? What would be the impact if the data gets compromised?

Interoperability

By connecting IoT devices and heterogeneous systems together, the full power of IoT can be unlocked. It requires secure and reliable communication between all ecosystem players – communication providers, hyperscalers, global system integrators, software and hardware vendors, and, of course, their customers. All parts of the customer’s network should be able to be connected, including data centers, public clouds & edge networks.

Securing the Whole Critical Infrastructure

In the United States, IoT deployments usually fall under one of the 16 sectors of CISA’s critical infrastructure initiative . Digital warfare is fast replacing traditional warfare. Attacks on critical infrastructure have become the easiest & most common way to cause economic & social harm to adversaries.

Recent examples include an attack on a Florida town’s water-treatment plant in February 2021 to poison the town’s water supply and a ransomware attack on a meat production plant in May 2021 driving up wholesale meat prices. These deployments need to be designed so that they can be future-proof to address the current challenges of cyber warfare and be prepared for the threats posed by quantum computing if it falls into the wrong hands.

The Infrastructure Investment and Jobs Act that passed last year includes $1.9 billion and $65 billion in federal funding for cybersecurity and broadband access respectively. This lays a fantastic groundwork to strengthen and safely deliver critical services using IoT & related technologies across America.

The telecom industry has made IoT connectivity possible and helped drive adoption of the innovations we mentioned. However, we are also dealing with a massive increase in attack surface and cybersecurity needs to catch up. Time is of the essence.