Manufacturers Take the Initiative in Home IoT Security

Not so long ago, the internet of things (IoT) was considered a futuristic technology to support the factories and cities of tomorrow. Today, many of us regularly experience the IoT in our homes and daily lives. It’s present in AI-powered virtual assistants like Alexa that help us manage our day, check account balances, control appliances or even prepare dinner. We see the IoT in action in home security cameras, smart lighting, heating and cooling, doors and locking systems and much more. In just a few years, the IoT has taken giant strides in helping consumers take advantage of convenience, better efficiency, cost savings and improved home safety.

There’s no doubt that the IoT has come of age and its capabilities will further blossom as 5G technology matures. But as with any technology, rapid innovation also brings new risks. The same qualities that make IoT devices so fast, simple and lightweight can also introduce security vulnerabilities. A recent survey revealed that cyberattacks jumped by 300% in 2019—that’s over 2.9 billion events. For the IoT to reach its full potential, consumers need to know that their devices and the networks they connect to will remain fully secure.

Standards-based interoperability is key because this strong level of security must extend all across their IoT environments and applications. People expect their connected devices to behave in a “plug and play” fashion, providing compatibility, security and ease of use for non-technical users.

Consumers Spoke, the Industry Responded

Although ensuring basic connectivity between endpoint devices and the many virtual assistants they connect to would seem to be a basic necessity, many consumers have encountered issues getting their devices to work together effectively. While interoperability and security standards exist, there are none in place that provide consumers the assurance their smart home device will seamlessly and securely connect. To respond to consumer concerns, “Project Connected Home over IP” (Project CHIP) was launched in December 2019.

Initiated by Amazon, Apple, Google and the Zigbee Alliance, this working group focuses on developing and promoting a standard for interoperability that emphasizes security. The project aims to enable communication across mobile apps, smart home devices and cloud services, defining a specific set of IP-based networking technologies for device certification. The goal is not only to improve compatibility but to ensure that all data is collected and managed safely. Dozens of smart home manufacturers, chip manufacturers and security experts are participating in the project.

Since security is one of the key pillars of the group’s objectives, DigiCert was invited to provide security recommendations to help ensure devices are properly authenticated and communication is handled confidentially. DigiCert is working with the participants of Project CHIP to ensure the design and architecture of the Public Key Infrastructure (PKI) and use of digital certificates is sound, with the appropriate root hierarchy and governing documents.

Project CHIP’s goal is to develop draft standards and open source implementation details late this year. Ultimately, the project is expected to simplify deployment for manufacturers. At the same time, consumers will gain peace of mind in knowing that their home devices will interoperate securely with any other device that complies with the standard. The days of worrying whether smart home hubs and networks will match their devices will soon be over.

An Industry-Driven Model for Future IoT Use Cases

Project CHIP not only represents a compelling step forward in driving the adoption of home IoT solutions, but it is also an example of the power of industry leadership and effective collaboration.

The lessons of the Project CHIP initiative could easily apply to other IoT applications and industries that require stringent security and compliance. For example, healthcare manufacturers could establish a common security standard to ensure that particular types of medical devices such as IV pumps, home monitoring devices or insulin pumps meet a particular security standard. In manufacturing environments, automotive companies could ensure that factory floor robots and programmable logic controllers (PLCs) are running smoothly and safely, without fear of leaving the enterprise IP network vulnerable to hackers, viruses and other threats.

In the case of Project CHIP, the industry took ownership of the issue and moved to solve it without waiting for a “stick” from regulators. Although some level of regulation is necessary for any industry, developing these regulations and enforcing compliance can also take valuable time and resources from manufacturers—while slowing their ability to innovate and get solutions to market. All too often, regulations force the industry to be reactive, not proactive.

The success of Project CHIP is an example of what’s possible when industry leaders maintain close contact with their consumers and step up and lead. By employing a similar approach to addressing industrywide issues such as security, companies across a wide variety of industries can position themselves to realize faster time to market.

Featured eBook
The State of Cloud Native Security 2020

The State of Cloud Native Security 2020

The first annual State of Cloud Native Security report examines the practices, tools and technologies innovative companies are using to manage cloud environments and drive cloud native development. Based on a survey of 3,000 cloud architecture, InfoSec and DevOps professionals across five countries, the report surfaces insights from a proprietary set of well-analyzed data. This ... Read More
Palo Alto Networks

Mike Nelson

Mike Nelson is the VP of IoT Security at DigiCert, a global leader in digital security. In this role, Nelson oversees the company’s strategic market development for the various critical infrastructure industries securing highly sensitive networks and Internet of Things (IoT) devices, including healthcare, transportation, industrial operations, and smart grid and smart city implementations. Nelson frequently consults with organizations, contributes to media reports, participates in industry standards bodies, and speaks at industry conferences about how technology can be used to improve cyber security for critical systems and the people who rely upon them. Nelson has spent his career in healthcare IT including time at the US Department of Health and Human Services, GE Healthcare, and Leavitt Partners – a boutique healthcare consulting firm. Nelson’s passion for the industry stems from his personal experience as a type 1 diabetic and his use of connected technology in his treatment.

mike-nelson has 8 posts and counting.See all posts by mike-nelson