The Internet of Things(IoT):Standard Security Solution
Cybersecurity is one of the main problems in the Internet of Things. Although progress is palpable, in the field of IoT protection, there are still a lot of problems still unsolved. The ISO standards group is engaged in adapting the ISO 27000 security standards to the use of the Internet of Things industry. At the same time, the IEEE standards association creates a framework concept that standardizes IoT security and protects personal data. In addition, a whole list of industry unions and consortia among IoT developers has already been created.
Unfortunately, for the time being, major IT corporations cannot create ideal security solutions for the IoT industry. The consulting company Gartner estimated that in 2017, the impressive part of IoT products will be produced by small start-up companies that have recently been on the market. Therefore, it is necessary to encourage young manufacturers and cooperate productively with suppliers of software and hardware. And this, in turn, will serve for the further successful development of IoT education. For example, on October 21, 2016, a large-scale DDoS attack on Dyn (DNS) took place, as a result of which the Internet was paralyzed on the east coast of the USA for several hours. It is noteworthy that millions of IoT devices took part in the attack (webcams, connected toys, routers, etc.).
Some experts claim that the service providers and devices of the IoT market violate the principle of end-to-end information security, which is recommended for all ICT products and services. According to this principle, information security should be established at the initial stage of designing a product or service and maintained until the end of their life cycle.
Cybersecurity experts draw attention to problems both on the side of device owners and on problems that the development of IoT systems must solve. For example, at the beginning of the operation of any device, the user needs to replace the factory password (by default) with his personal one, since the factory passwords are the same on all devices and do not differ in durability. Unfortunately, not everyone does this. Since not all devices have built-in cyber security tools, owners should also take care of installing external protection designed for home use, so that Internet devices do not become open gateways to the home network or direct tools to cause damage.
A separate issue for discussion is the cybersecurity of Industrial Internet of Things. Each industrial organization uses automated process control systems (APCS). Modern process control systems are subjected to various threats from internal intruders and hackers (terrorist, extremist and hostile groups) in order to disable the process control system. The most serious consequences for the process control system are caused by attacks directed to the lower levels – the level of programmable controllers and the level of sensors and controlled mechanisms.
Standards such as ISO / IEC 27001 and ISO / IEC 27002 provide a common language to address regulation, risk and compliance issues related to information security. Standards ISO / IEC 27031 and ISO / IEC 27035provide assistance to organizations so that they can effectively repel and neutralize cyber attacks and recover from them. There are also ISO / IEC standards that define encryption and signature mechanisms that can be embedded in devices and applications to ensure the security of online transfers, the use of credit cards and stored data. For Hamprace, the next in line are privacy standards. “We are working to build a solid foundation of standards that protect our data in our hyperconnected world and to build consumer confidence. We hope that these standards can be used to develop the solutions needed to resolve specific IoT problems.
Therefore, although there are a number of cybersecurity standards, ISO has a lot of work to do on the Internet of Things. The ISO / IEC 27001 series of standards ensures the security of information received by organizations. But at the same time, we also need to develop solutions for managing the risks that arise when working with the Internet of Things. Standards are a direct path to putting these issues on the international agenda.
We can no longer take any action. Our homes and activities were invaded, and personal information was provided to millions of people connected to the Internet. The Internet of Things raises issues of privacy and security to a whole new level, telling the world about who we are and what we do. In order to protect our life “from the views of others”, we need to “close the door on the lock.”