TEISS / How to mitigate security risk as IoT networks grow
How to mitigate security risk as IoT networks grow
28 January 2019
As IoT connectivity across industry, cities and businesses accelerates, so we find an increased confusion of legacy devices, complicated and congested route maps for future deployments and a serious lack of knowledge as to how to mitigate the risks while ensuring cost effective solutions. With cyber attacks high on all our agendas how do you decide which IoT deployment is the most secure and scalable for your city, utilities or even home networks?
The City of London and Glasgow are two of the most recent cities to embrace low-powered wireless mesh networks which are proving to be the architecture of choice for many of these next-generation deployments.
Main concerns when mitigating risks are Security, Scalability and Interoperability. Having worked and advised in this field for many years at the cutting edge of research discussion and standards boards, I know that mesh, open-standards and certification are three of the most important factors you can consider.
When we build more functionality into our networks we increase their vulnerability, using more sophisticated devices means that there is potentially a larger attack surface. Maintaining continuous connectivity between end points mitigates deployments against outages and security breaches as a mesh network by its very nature is highly resilient ideal for densely populated or built up areas where connections on star networks (multipoint to point connections)are far more susceptible to denial of service attacks. We must ensure that we design networks to be as reliable and secure as possible from the ground up.
Mesh networks are also highly scalable, ensuring that the network remains reliable and responsive as the number of connected devices increases.
The increasing diversity of applications calls for multi-service network infrastructure, for example a smart city network with interconnectivity between a smart street lighting network and traffic management devices. These networks require devices to be interoperable, as well as supporting standardised methods for securing the network, such as device authentication. This seamless interoperability between products from different vendors requires the adoption of open standards which brings additional benefits such as vendor choice.
It is important that vendors have access to independent testing facilities which can test their devices against a specification in realistic conditions so that they can be sure that their equipment works as expected. The availability of a certification program reassures their customers that their IoT devices are up to standard.
The Wi-SUN Alliance is a non-profit group of industry stakeholders, including vendors and users, created to develop communication specifications for IoT equipment and to manage their testing and certification. Products using Wi-SUN profiles, supported by a strong certification program, are currently being deployed on a large scale globally, including street light networks, utility networks for smart metering and distributed energy resources in the UK, EU cities, North and South America, Asia as well as home energy management, health and wellbeing monitoring in Asia.
The Wi-SUN Alliance currently publishes two communication profile specifications. The first covers home area networks (HANs) and deals with IoT devices using short-range communications. The HAN profile supports applications such as smart thermostats and air conditioning. The second profile covers field area networks (FANs) to support a range of applications such as utilities and smart cities. Wi-SUN Alliance profiles are also applicable for a broader range of machine-to-machine applications in areas such as agriculture, asset management, and structural health.
Whichever pathway you adopt for your IoT infrastructure ensure you engage an expert in the field to save you time in the long run. Consider security, scalability and interoperablity as your main risks to implementation and look at case studies using wireless mesh, open standards and certification to ensure your smart city or home innovations grow and are safe for your customers and citizens.
Author: Phil Beecher, President and CEO of the Wi-SUN Alliance, global expert on wireless IoT.
Phil Beecher is speaking on the Threat Landscape Stream at TEISS 13 Feb 10am:
"The security risk from legacy IoT devices on your network: Where vulnerabilities may lie and how to mitigate the risk for the future and new devices joining the network."