Building the Case for IoT Security Framework

The Internet of Things (IoT) is growing in technical, social, and economic significance. ENISA defines the increasingly complex IoT systems as “cyber-physical ecosystem[s] of interconnected sensors and actuators, which enables intelligent decision making.” These technologies collect, exchange and process data in order to dynamically adapt to a specific context, transforming businesses and the way we live.

Nevertheless, IoT poses some very important safety and security challenges that need to be addressed for IoT to reach its full potential. As we become increasingly reliant on intelligent, interconnected devices in every aspect of our lives, the billions of “things” can be the target of intrusions and interferences that could dramatically jeopardize personal privacy and threaten public safety.

Therefore, the main areas of concern regarding IoT that require to be addressed are security and the paramount need for safety since both issues are tightly related to the physical world. The protection of IoT deployments depends on protection for all of the systems involved: the devices themselves, cloud backend and services, applications, maintenance and diagnostic tools, etc.

The scale and the heterogeneity of IoT implementations present threats and risks that are manifold and are evolving rapidly. The IoT threat landscape is extremely wide, especially if we consider the impact that attacks may have on citizens’ health and safety. More specifically, IoT devices can be used as an attack vector against critical infrastructures, causing disruptions or, even worse, causing damage that could endanger a country’s social tissue. IoT also presents a great risk to privacy as it is heavily based on the gathering, exchange and processing of large amounts of data from a variety of sources. This sometimes includes sensitive data, which is collected and processed using methods that may be unclear to the users.

Due to (Read more...)