A lack of security built into devices forming the Internet of Things (IoT) could be catastrophic in the event of a cyber attack, a new report suggests.
The Beecham Research report, entitled Evolving Secure Requirements for the Internet of Things, warns that there are insufficient security capabilities within the emerging IoT standards to manage the long life cycles expected of many connected devices. "While we may have some visibility of potential attacks over a few months, we need to protect IoT devices in the field for 10 years or longer," said Professor Jon Howes, one of the authors of the report and Technology Director at Beecham Research. "Devices must be securely managed over their entire lifecycle, to be reset if needed and to enable remote remediation to rebuild and extend security capabilities over time". Beecham believes the answer to these challenges lies at the architectural level for both devices and systems, and stretches from semiconductors through to network operators and system integrators. The report also highlights potential future attacks on IoT systems and how these may ultimately impact users, from home owners losing control of white goods, door locks being disengaged or security alarms being monitored. Prof Howes continued: "The attack surface of an IoT system may be substantially larger than traditional PCs, as the complexity of ensuring multiple vendors' systems working together will lead to a greater probability of exploits being available. "We have all become familiar with computer malware but the impact of equivalent IoT attacks could be to turn off a heating system in the middle of winter or take control of other critical IoT systems, which could be potentially life threatening." Are you interested/concerned about IoT security? Why not visit the Electronics Design Show between 22-23 October to hear from industry experts on the subject. On day two of the New Electronics conference programme, Paul Green, director of innovation at Arkessa, will explore the issues involved in IoT security, answering questions such as: Is the data being sent what is expected? Is your data going where you expect it to? And is the device being talked with actually the one that is expected? To find out more, click here.