IoT accelerates the pace
From Realsec by Utimaco encourage reading you this interview at Volker Gerstenberger, global marketing director at Utimaco, included in the special “IoT accelerates the pace” where you can know more about cybersecurity and IoT and why this disruptive technology is every day more relevant in the current digital society.
1-Do you have data on how the use of IoT has increased in companies in our country in the last year? Does Spain maintain a more conservative position -as in other areas- in terms of adoption of this technology?
According to a recent Microsoft study, Spain is the second country that bets more on the Internet of Things (IoT), after China, as part of the business strategic success (around 96% of the business fabric, above the average of other European countries, around 91.5%).
This panorama shows the existence of a large market that demands a solid offer for devices data and communications security that make up the Internet of Things ecosystem.
Critical infrastructures such as energy, electricity and utilities companies are the ones who are betting more on IoT technology both for its efficiency and security in data sharing as well as for the promotion of sustainability.
In turn, this year will continue to promote both the development of applications and intelligent infrastructures and their alignment with Blockchain technology (distributed accounting technologies such as IOTA will be key for IoT development and payment transactions management).
2- Which verticals are experiencing faster IoT development?
IoT is a very important trend that almost every industry is adapting to. However, it has special importance for Manufacturing and the Automotive industry as it enables e.g. connected environments of machines and devices which can increase the efficiency of production based on the electronic exchange of digital data between the entities of the connected environment.
Another vertical which benefits significantly from the IoT development is the healthcare sector. There is even an own term for this, the Internet of Medical Thing (IoMT). The value of this sector is predicted to reach $176 billion by 2026. Here, IoT devices can be used in multiple ways – most of them having to do with optimizing the way health records and patient data is shared, monitored, and analyzed.
Other industries that have been seeing IoT implementations include agriculture, retail, banking and financial services etc.
Many end users may know IoT as the enabler for use cases like Smart Home or Smart Logistics.
3-What role is it playing in the case of Smart Cities and sustainability?
Cities are environments with thousands of connected entities that are securely
gathering and exchanging information. Due to the high sensitivity of the data
collected, Smart Cities have very specific requirements to fulfill with regard
to security, compliance and legal points of view to ensure data protection and
prevent manipulation. The city considered to be very advanced and sustainable
in this regard is Copenhagen: the city makes clever use of wireless data from
mobile devices, GPS in buses, and sensors in sewers and garbage cans to assess
the state of the city in real time and make improvements to decrease traffic,
air pollution, and CO2 emissions.
In Spain, Barcelona is a good example of a Smart City as more than 20,000 sensors are installed which measure temperature, air quality and mobility data. With this data sets, Barcelona wants to tackle challenges like climate change, optimize energy efficiency and improve the mobility infrastructure.
Since Smart Cities combine data from many components of the so-called critical infrastructure, it makes them a possible target of attack to steal data or affect parts of the infrastructure in a damaging way, for example power and water supply, mobile communication or emergency services. Highly secure identity management for devices and components as well as the protection of data at rest and in motion is therefore of the utmost importance.
4-What impact is IoT playing in Industry 4.0?
IoT enables successful automation like never before. In the process, machines make split-second decisions based on real-time data. Industry 4.0 offers not only Smart Factories, but also enormous amounts of data to facilitate decision-making in product management and product engineering.
One of the concrete examples is the utilization of the smart devices in logistics. The DHL distribution center in the Netherlands is using autonomous robots who are moving across the warehouse with learning capabilities to present the most efficient route for order management.
5-How are IoT deployments in business and industry being protected in terms of security and privacy?
To fully protect IoT deployments, several measures have to be taken. First and foremost, data encryption is crucial to protect all data from unauthorized access, independent of their storing location. Furthermore, is it highly important to establish a secure authentication of all entities that are connected in the IoT environment, the confidentiality of their communication and the integrity of data generated and exchanged by them. This can be achieved by a Public Key Infrastructure which creates the so-called chain of trust between the entities based on digital certificates.
technologies (data encryption and Public Key Infrastructures) are based on
cryptographic keys, which have to be secured as well. The gold standard is
hardware-based storage of those keys in Hardware Security Modules (HSM). As
HSMs are providing highest security from the logical as well as from the
physical perspective based on the security certification they obtain, they are
the root of trust for each cryptographic environment.
Another commonly used technology for secure data sharing between IoT devices is tokenization. Tokenization describes the process of exchanging sensitive data through a non-sensitive, non-valuable token. This way, IoT devices can share and process tokenized data, while the original, valuable data remains untouched.
The attack surface is multiplied
With billions of connected devices, and millions more to come, the IoT is a perfect target for cybercrime. The Internet of Things multiplies the attack surface of any company and therefore increases the risk associated with cyber intrusions, and so security is going to become an increasingly relevant factor. “The scope of phishing and ransonmware attacks will also increase as we will have many more interconnected devices, networks and more data available than before,” advises Eusebio Nieva, Check Point. To avoid them, Check Point always recommends additional techniques applicable to IoT devices:
1. Proper management of devices, attention to security patches, deployment with default configurations, users and passwords that have access to the devices.
2. Appropriate segmentation of the environments in which we deploy these devices with specific protection devices for a device or set of devices and a separation between different networks for different purposes so that infected devices can be contained and isolated.
3. Use VPN connections whenever possible.
4. Establish early warning mechanisms that analyze the use and activity of devices to discover suspicious, anomalous or malicious behavior.
5. Investing in cybersecurity for smart devices at our disposal so that they are always up to date in terms of security. Using technologies specialized in the cybersecurity of this type of devices, and taking into account the specific idiosyncrasies of each of these devices, their peculiarities, protocols, firmware versions, communications…
On the other hand, to fully protect IoT deployments, Volker Gerstenberger, Utimaco understands that several measures must be taken. “First of all, data encryption is essential to protect all data from unauthorized access, regardless of its storage location. In addition, it is very important to establish secure authentication of all entities that are connected in the IoT environment, the confidentiality of their communication and the integrity of the data generated and exchanged by them,” he says. This can be achieved through a Public Key Infrastructure that creates a so-called chain of trust between entities based on digital certificates.
As Gerstenberger explains, both technologies (data encryption and Public Key Infrastructure) are based on cryptographic keys, which must also be protected. The gold standard is the hardware-based storage of these keys in Hardware Security Modules (HSMs). Since HSMs provide maximum security from the logical and physical perspective depending on the security certification they obtain, they are the root of trust for every cryptographic environment.
“Another commonly used technology for secure data exchange between IoT devices is tokenization. Tokenization describes the process of exchanging sensitive data via a non-confidential and non-valuable token. In this way, IoT devices can share and process tokenized data, while the original, valuable data remains intact,” he concludes.