What Is IoT Security?
This section of the IoT terminology guide is dedicated to IoT Security. The other sections include: IoT Definitions, IoT Communications, IoT Connections, and the IoT Market. These sections are intended to assist you in quickly locating relevant terminology for each specific area. You have the option to download the PDF or explore other web pages to enhance your understanding of IoT.
IoT Security Risks, Considerations and Issues for 2023 and Beyond
With IoT now part of everyone’s lives, our things are connected to each other and centralized systems via networks but these are all at risk from weak IoT security which threatens the security of users’ and organizations’ data, leaving them open to threats from malicious actors. The IoT industry has been fighting back for many years by enabling IoT security tools that protect devices and systems from threats and breaches.
How Can IoT Security Risk Be Mitigated?
IoT security risk can be mitigated by identifying and monitoring common threats before they become reality, helping to protect availability, integrity and confidentiality. Even so, cybercrime continues to grow with IoT deployments under threat from weak passwords and facing IoT security issues caused by the radically enlarged threat surface of IoT. We have seen examples such as tire pressure monitors being used to hack into vehicle systems or even a connected fish tank pump being used as a means to access financial systems at a Las Vegas Casino.
IoT security awareness is high and continuing to increase but this can also be damaging to the market place and decrease trust in IoT. Many organizations are therefore focusing on fixing vulnerabilities and helping to foster confidence by detailing best practice and conforming to various legislation and regulation initiatives that are being developed specifically for IoT across the world.
As IoT device numbers scale up further, the risk profile becomes higher. We have already seen the 2016 Mirai botnet attach on more than half a million unsecured IoT devices around the world which caused a flood of traffic and made many websites temporarily inaccessible. The scale of this attack underscored the need to address IoT security issues by ensuring their integrity and confidentiality while mitigating security risks.
Organizations that deploy IoT face substantial security risks as criminal target their operations, utilizing ransomware attacks to extort payments. Checkpoint Research has uncovered that the average number of daily ransomware attacks increased by 50% in Q3 of 2020 in comparison to the first half of 2020 (Source).
Organizations such as GSMA have published IoT security guidelines and in California and Oregon in the US, as well as in the UK, IoT Cybersecurity Laws have been put in place since 2020 which require IoT devices sold in their countries to be fitted with reasonable security features. These include having unique password, offering regular security updates and disclosing vulnerabilities.
You may also want to read our article on IoT security.
Integrating IoT Security by Design
The concept of integrating IoT security by design is now well understood and a vital consideration for devices that will be in the field for up to 20 years. This lifecycle means that security must be easy to update regularly and offer flexibility to counter new threats. Lifecycle management of device credentials, cryptographic keys, software patches and upgrades, and digital certificates are fundamental foundations of a new era of enhanced IoT security.
IoT and Data Security
Botnet
A network of private computers infected with malicious software and controlled as a group without the owners’ knowledge.
GDPR
General Data Protection Regulation
This came into force in May 2018 and imposes rules on controlling and processing personally identifiable information.
IPSec
A secure network protocol suite that authenticates and encrypts the packets of data sent over an internet protocol network. IPSec uses cryptographic security services to protect communications over IP networks.
ICS
Industrial control systems
A collective term used to describe different types of control systems and associated instrumentation, which include the devices, systems, networks, and controls used to operate or automate industrial processes.
IAM
Identity and access management
A framework for business processes that facilitates the management of electronic or digital identities.
NIST
National Institute of Standards and Technology
US regulatory body NIST has offered frameworks for IoT security and Congress passed the IoT Cybersecurity Improvement Act in December 2020. It also requires NIST to publish standards and guidelines on the use and management of IoT devices.
PAMS
Privileged Access Management
Organizations implement privileged access management (PAM) to protect against credential theft and privilege misuse. PAM describes a comprehensive cybersecurity to control, monitor, secure and audit all human and non-human privileged identities and activities across an enterprise IT environment.
PKI
Public Key Infrastructure
A set of roles, policies and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption. PKI is a critical enabler of secure communication, data and money exchange.
Ransomware
Ransomware is a type of malware that extorts victims for financial gain. Once activated, it prevents users from interacting with their files, applications or systems until a ransom is paid.
Shadow IoT
Terms to describe IoT devices in active use without the knowledge of the owner or their IT departments.
TLS
Transport Layer Security
An encryption protocol used to protect data in transit between computers enabling two computers to agree to encrypt the information in a way they both understand.
Zero Trust
Describes a security model designed to protect digital businesses. Zero Trust sets out that organizations should not automatically trust anything regardless of whether it is outside or inside their operation. Zero Trust demands that everything trying to connect to your systems must be verified before access is granted.
VPN for IoT Devices
Our platform provides a secure connection through Virtual Private Networks (VPNs) between your data center and the Telenor IoT platform.
Tracking and Identification
IMEI
International Mobile Equipment Identity (IMEI)
A unique identification or serial number that all mobile phones and smartphones have. It is normally 15 digits long.
International Article Number / EAN
A barcode symbology and numbering system used in global trade to identify a specific retail product type, in a specific packaging configuration, from a specific manufacturer.
MEID
Mobile Equipment Identifier
A globally unique number identifying a physical piece of CDMA2000 mobile equipment.
RFID
Radio Frequency Identification
RFID devices are used for data transmission and capture by way of radio waves.
Smart label
An enhanced version of a bar code. Unlike traditional bar codes, a smart label can contain much more information about a product. Smart labels take the shape of RFID tags, Electronic Article Surveillance (EAS) tags, or the most commonly seen, QR codes.
UID
Unique Identifier
A number given to any device within any system to allow the ability to interact with it.
URI
Uniform Resource Identifier
A string of characters that unambiguously identifies a particular resource.
