“Hey, IoT prophets of doom – I’ve made an action-list for you”

There are a lot of internet of things (IoT) prophets of doom out there. Most recently, the mobile phone industry has aired their concerns. And of course, if security is put on the back burner, there will inevitably be very serious problems. So, I’ve made a handy action-list for you, writes Bjørn Søland, IoT expert at identity and security company Nexus Group.

The mobile phone industry recently gathered at the Mobile 360 Latin America event in Bogota, Colombia, arranged by the mobile phone operators’ trade association GSMA. They discussed the future, and when it came to IoT security, they predicted serious challenges. At its bleakest, the discussion gave the impression that billions upon billions of connected things will create a complexity so difficult to handle that Cyber Armageddon will be close to inevitable.

Cherry-pick good practices

But wait – what’s the problem? Do you forget that the I in IoT stands for internet, and that the T – things – are just small, internet-connected computers? Internet has been around for a while, and internet-connected computers have been used for serious stuff like internet banking for more than 20 years. All you have to do is cherry-pick the good practices learned painfully during the last decades; the IoT community doesn’t have to repeat the cyber miseries of the 90’s.

I have made a handy action-list for you – all the steps are tried and tested, and not particularity hard to implement:

1. Provide every single thing and user with a trusted identity; if you don’t know who or what you’re talking with, you can’t trust your system.

2. Manage the identities, and manage groups, roles, and authorizations.

3. Issue and manage secure login credentials for both people and things; default passwords and shared secrets are often not a good idea (to put it mildly).

4. Prevent fake devices from connecting, and remove broken devices.

5. Protect data at rest in things.

6. Protect data in transit.

7. Issue software updates securely.

Voilà – no Cyber Armageddon!

Bjørn Søland, IoT expert at identity and security company Nexus Group

Published 16 November, 2017

This website uses cookies

Cookies consist of small text files. They contain data that is stored on your device. To enable us to place certain types of cookies we need to obtain your consent. At Technology Nexus Secured Business Solutions AB, corp. ID no. 556258-0414, we use the following kinds of cookies. To read more about which cookies we use and storage times, click here to access our cookies policy.

Manage your cookie-settings

Necessary cookies

Necessary cookies are cookies that must be placed for basic functions to work on the website. Basic functions are, for example, cookies which are needed so that you can use menus on the website and navigate on the site.

Functional cookies

Functional cookies need to be placed on the website in order for it to perform as you would expect. For example, so that it recognizes which language you prefer, whether or not you are logged in, to keep the website secure, remember login details or to be able to sort products on the website according to your preferences.

Cookies for statistics

For us to measure your interactions with the website, we place cookies in order to keep statistics. These cookies anonymize personal data.

Cookies for ad-tracking

To enable us to offer better service and experience, we place cookies so that we can provide relevant advertising. Another aim of this processing is to enable us to promote products or services, provide customized offers or provide recommendations based on what you have purchased in the past.