The internet of things (IoT) is opening a whole new world of possibilities. Unfortunately, it also is creating a whole new world of threats too, such as ransomware of things (RoT). Here are seven things enterprises can do to better secure their IoT.
Know your network. Know what IoT devices are on the network, and what their vulnerabilities are, so you can make a smart defense plan. “For example, if we have an old MRI machine that runs XP, we can’t get rid of that, but if we track the vulnerabilities, we can create a plan to mitigate them,” says Jason McNew, founder and CEO of Stronghold Cyber Security and an Air Force veteran who previously worked for the White House Communications Agency/Camp David for 12 years, where held one of highest security clearances known as the “Yankee White.” “Sandboxing. Use VLAN’s, ACL’s, firewalls, and physical separation if possible to keep IoT devices in their own network realm. Design your IoT like a guest network, and trust nothing.”
Lock down your switch ports. “Since the majority of IoT devices don’t have any form of network authentication built in, and certainly cannot use advanced security mechanisms such as Kerberos or 802.1x, lock your switch ports down on a per-device basis. This will help prevent unauthorized devices from being plugged into your network,” McNew says.
Use hardware/software that provides a clear view into data’s use. “Use platforms that provide a transparent window into network traffic and data mobility, so IT and users can see where their data are being used, and by whom,” advises Josh Siegel, a Research Scientist in the Filed Intelligence Lab at MIT, and a course instructor at MIT. “Even better is to provide direct control over the flow of data so it can be shut off at a moment’s notice.”
Use resources where they are most scalable. “Allow devices’ digital mirrors to interact with one another in the cloud, rather than at the device level,” advises Siegel. “This allows the cloud twins to leverage scalable resources to improve security.”
Create context-aware, cognitive models for IoT. “Use cognition [AI] to understand what a command’s impact will be prior to execution, and block those commands with malicious impacts before executing them,” Siegel says.
Focus on the correlation of events across the network and identify new vulnerabilities. “The results of which should be integrated with testing processes in the DevOps life cycle as it applies to code and staging environments. This can be accomplished with vulnerability correlation frameworks which can conduct automated security testing across layers,” says Shaan Mulchandani, director of Security and blockchain lead at Aricent, a design and engineering company specializing in AI, ML and IoT.
Stay informed on new security technologies. “Do not overlook novel approaches and technologies such as blockchain. They could be used for edge security, backup/restoration of firmware and for configuration settings to prevent rogue devices from infiltrating the network,” advises Mulchandani.