One of the biggest issue with the Internet of Things as a large-scale initiative in any business is security. There are several solutions on the horizon for this, because when hundreds of devices are being connected, it can take days to go through the process of device control. This process involves provisioning, authentication, configuration and control, monitoring and diagnostics, and software updates and maintenance.
A big part of this is issue is IoT Communications: getting the data from one location to the other quickly and securely. Companies like Open Automation Software provide encryption and compression over intranet, WAN or LAN connections to simplify this process using various data connectors.
Unfortunately, even with this data communication in place, the security of devices can be compromised. Device control is a gateway for hackers, as the security of them is often overlooked by system administrators.
We’ve already seen this with hacked cameras and remotely attacking connected Jeeps. These stories make news. So what do we do about it?
Provisioning and Authentication
This is the process of making sure the device is authentic and can be trusted. This means it must have the proper credentials, be up to date, and is working on behalf of a trusted user. The certification is usually a part of the software development kit, or SDK.
When the device is first installed, it calls “home” then based on its credentials can be configured appropriately.
Configuration and Control
This is often a weak spot for devices, as each device comes with a general configuration for where it will be placed and what it will do. The final and more specific configuration must be done by the end user.
This can result in security errors, and the ability to reset the device to factory presets is essential to correct any error conditions. For instance, if a device is used to track company vehicles, it comes with pre-programmed instructions, but certain things have to be added once it is installed.
These can include the license number, how often telemetry information is recorded, and how and when that information is sent to the company for review. This is a simple example, but it illustrates that for each device, certain data must be entered that requires a human touch, and that human touch has the potential to introduce errors and security issues.
Monitoring and Diagnostics
This is a security key, along with a key to the efficiency of an IoT system. Because things were working well at the time of installation does not mean it will continue to do so indefinitely, and IoT devices need to, when possible, have remote diagnostic abilities.
This monitoring system must also be highly secure. If a hacker can reach into the monitoring software, they can cause false issues which will trigger reactions from other devices, potentially causing catastrophic damage.
This diagnostic data must be detailed, because that gives those doing repairs an idea of where the bug might be and how best to fix the issue. This same data can also be used maliciously. Each device, no matter how insignificant it seems, must ultimately be secure if it is connected to the network.
Software Maintenance and Updates
No system is perfect. There will be bugs in software, and things will not function the way they should. Also, the developer may want to add functionality over time.
These are all good things, but software can also have security vulnerabilities, and the patch for one can sometimes create another. As each is discovered, it is essential that your software be updated.
A loophole for hackers is to create software that mimics an update and is then mistakenly installed by the user. This is why it is essential that essential updates be checked for certifications and trustworthiness before they are installed.
This extra step of security is vital to keeping your IoT devices safe and the system free from larger issues.
Device management is just one part of the puzzle of keeping the Internet of Things secure. All of these steps require a huge number of human touches, and can take days or months to implement at scale.
In answer to this dilemma, Intel has developed the Intel Secure Device Solution to help with the provision and authentication process in a secure yet automated way. While some estimates say that there will be 50 million IoT devices in place by 2020, that is not the way things are playing out.
“We are seeing great proof of concept ideas,” says Dipti Vachani, vice president and general manager for the Internet of Things Group at Intel. “But can they get in the factory and install them at scale?”
The answer in large part may be automation of the process. This can be done with an SDK that gives much of the information needed to do the initial provisioning and authentication. The next issue is implementation: device developers must buy in to implementing the software.
Device implementation and security may be the biggest obstacles to the Internet of Things at Scale, but companies are working on solutions, and if they succeed more factories than not could be filled with everything connected sooner rather than later.