BI Intelligence estimates that by 2020 there will be more than 23 billion IoT devices connected to the internet. One of the biggest challenges in connecting so many devices will be in securing them to prevent hackers from controlling them or using them to infiltrate networks and databases. Many low-power IoT devices don’t have the computing power to run antivirus software like a computer.
A recent blog post on EETimes discussed six measures that can be used to protect IoT devices from hackers:
Use a Trusted Platform Module (TPM) for authentication. A TPM is a dedicated microprocessor that integrates cryptographic keys into devices to uniquely identify and authenticate them. Each device then has its own identifier that is encrypted by the keys. This will prevent hackers from hacking and impersonating a device to gain access to home, enterprise, or government networks.
Use the Trusted Network Connect (TNC) standards to check for malicious software or firmware. The TNC standards offer a way to check devices for malicious software or firmware whenever they try to access networks or other devices. This would help prevent hackers from using hacked devices to upload spyware or other malicious software to networks or other devices.
Isolate and remediate infected devices with security software and protocols. If a device is infected with malware or other malicious programs, it needs to be quarantined. The IF-PEP protocol can isolate an infected machine from other devices and networks. There are numerous solutions from security software vendors for clearing the device of the infection once its isolated.
Layered security can limit the damage a hacker can do once device is hacked. A Mandatory Access Control system limits access to certain functions or files on a device for a given user. This acts as a choke point that can prevent hackers from gaining sensitive information through the hacked device.
Data encryption is a must. This should go without saying, but data needs to be encrypted when stored on a device or in transit. The post recommended using a read-only mechanism to obstruct hackers’ efforts to tamper with data on a device.
Secure legacy systems through industrial control systems. To reach their full potential, IoT devices and systems have to be integrated with legacy machines or appliances that were never built to be connected or secured against hacking. Industrial Control Systems can segment that legacy hardware from other systems and secure communications between them with encryption. This, for instance, could prevent a hacker who has infiltrated the network of a connected factory from then taking control of the machinery on the assembly line.
BI Intelligence estimates that spending on security for IoT devices and systems will increase five-fold from 2015 to 2019.