TelecomTV TelecomTV
  • News
  • Videos
  • Channels
  • Events
  • Network Partners
  • Industry Insights
  • Directory
  • Newsletters
  • Open RAN
  • Digital Platforms and Services
  • 5G
  • Access Evolution
  • Private Networks
  • Cloud Native
  • Edge
  • Open Networking
  • Sustainability
  • AI, Analytics and Automation
  • 6G Research and Innovation
  • Security
  • More Topics
  • Network Partners
  • Industry Insights
  • Directory
  • Newsletters
  • |
  • About
  • Contact
  • |
  • Connect with us
  • 5G
  • 6G Research and Innovation
  • Access Evolution
  • AI, Analytics and Automation
  • Cloud Native
  • Digital Platforms and Services
  • Edge
  • Open Networking
  • Open RAN
  • Private Networks
  • Security
  • Sustainability
  • Connect with TelecomTV
  • About
  • Privacy
  • Help
  • Contact
  • Sign In Register Subscribe
    • Subscribe
    • Sign In
    • Register
  • Search

Access Evolution

Access Evolution

IoT specialists are finding network security hard

Martyn Warwick
By Martyn Warwick

Apr 19, 2021

via Flickr © alexbrn (CC BY 2.0)

via Flickr © alexbrn (CC BY 2.0)

  • IoT and IIoT networks growing like wildfire
  • But extant security methods often unable fully to protect them
  • Device security lags a long way behind mass deployment in networks
  • Rationalised standards regime needed

The Internet of Things (IoT) is useful, popular and proliferating with tens of billions of devices and sensors already online around the world and billions more yet to be sited and networked. The forecast is that at least 30 billion will be deployed by 2030. However, the runaway rate of adoption is not all unalloyed good news. The sheer speed of the uptake and deployment of IoT has left security lagging far behind leaving both devices and networks open to potential, and probably inevitable, hacking and compromise. A devastating major incident (or incidents) may be just a matter of time.

A new survey and report from Portland, Oregon-headquartered Tripwire, a company specialising in IT for security and compliance automation, reveals that 99 percent of the 312 respondents to the statistically significant survey, all of them professionals with direct responsibility for device and network security in their respective organisations, are having considerable difficulties securing both their IoT and IIoT (Industrial Internet of Things) networks because of design-level issues. Additionally, a further 75 per cent reported that IoT devices are highly problematical when it comes to fitting them into their current security systems and programs. Furthermore, 95 per cent of respondents said they are worried about their organisation's security stance, plans and system with 42 per cent being "very concerned." They represented companies and corporations across the US and Europe with between 100 to to over 5000 staff. 

The nub of the problem is that, for reasons including the pressure on sensor and device manufacturers to churn out millions of both new and established products as quickly and cheaply as possible, device security has been relegated to secondary status in the rush to keep the customer satisfied. Indeed, 78 per cent of respondents to the Tripwire survey said new devices required a "different approach" to that specified in their company' security plans and regimes. What's more (and more worrying) is that 88 per cent said they needed the help of agents and specialists outside the company to ensure security compliance. A mere 12 per cent claimed their in-house security team have the skills needed to ensure full IoT security is achieved. There is also a marked lack of awareness of the fact that while IoT sensors can be small and insignificant in comparison the the size and complexity of a big, long-established comms network, when compromised by inadequate security protection they can be a quick, easy and hard to detect way in to the guts of a network and the data it contains.

Commenting on the publication of the new report, Tim Erlin, vp of product management and strategy at Tripwire, said, "The industrial sector is facing a new set of challenges when it comes to securing a converged IT-OT environment. In the past, cybersecurity was focused on IT assets like servers and workstations, but the increased connectivity of systems requires that industrial security professionals expand their understanding of what’s in their environment. You can’t protect what you don’t know."

 

 The current mish-mash or security standards needs addressing and rationalising

The report also shows most organisations are cognisant of, and are applying, one version or other of a recognised security standard. There are several. One is the MITRE Attack Framework (for a welcome change, MITRE is a company, not an acronym), NST from the International Standardisation Organisation, PCI from the Security Standards Council and ICS which safeguards industrial control systems. Last but by no means least comes CIS, which provides global standards for Internet security and is a recognised global standard and set of best practices for securing IT systems and data against attacks. The majority of respondents to the Tripwire survey, which was conducted late last month, said they would like to see standards enhanced and expanded to better cover both industrial and corporate IoT systems and networks. They also want consumer device security to be improved. 

However, given the plethora of standards regimes there is growing movement in the US for the federal government to intervene and impose security levels that comply with the National Institute of Standards and Technology (NIST) as defined by the US Department of Commerce. The DoC has already set out its Cybersecurity Framework, a set of guidelines that private sector companies may apply follow "to be better prepared in identifying, detecting, and responding to cyber-attacks." Unfortunately, the Tripwire report shows that compliance reporting is a discipline more honoured in the breach than in the observance. In other words many companies don't or can't do them regularly or even at all.  No wonder corporate security units are worried.

There are also major concerns about the security of the IoT supply chain, with 87 per cent of responders to the Tripwire survey saying they are worried about it while 70 per cent opine that regulators and government agencies should provide, and constantly reinforce, consistent guidelines on the best way forward for connected devices. At the same time 61 per cent said they don't know when vendors make changes to the supply chain until it has actually happened and it's too late to do anything about it. To pop the sour cherry on top of this unpalatable sundae,  87 per cent profess themselves to be extremely worried about the supply chain security risks that have come about through existing but inconsistent and incomplete IoT and IIoT security guidelines. It's an accident waiting to happen.

Related Topics
  • Access Evolution,
  • Analysis & Opinion,
  • Cellular IoT,
  • Global,
  • Internet of Things,
  • IoT Devices,
  • IoT Services & Applications,
  • News,
  • Policy & Regulation,
  • Privacy,
  • Security

More Like This

Access Evolution

What’s up with… Iliad, Apple & the metaverse, Open RAN growth

May 20, 2022

Access Evolution

The iliad Group keeps up its growth momentum in first-quarter 2022

May 20, 2022

5G

Canada bans Huawei and ZTE from 4G and 5G networks

May 20, 2022

Digital Platforms & Services

VNPT Group cooperates with Cisco to develop next generation connectivity solutions for businesses in Vietnam

May 20, 2022

Digital Platforms & Services

Broadband Forum in major cloud-native network cost breakthrough for operators worldwide

May 20, 2022

Email Newsletters

Stay up to date with the latest industry developments: sign up to receive TelecomTV's top news and videos plus exclusive subscriber-only content direct to your inbox – including our daily news briefing and weekly wrap.

Subscribe

Top Picks

Highlights of our content from across TelecomTV today

16:19

AT&T Amy Zwarico on securing telco applications in the public cloud

35:55

The best use cases for telco/public cloud partnerships

13:58

Ahmed El Sayed on Vodafone’s ‘techco’ transformation

36:47

The role of 5G in private network innovation

TelecomTV
Company
  • About Us
  • Media Kit
  • Contact Us
Our Brands
  • DSP Leaders World Forum
  • Great Telco Debate
  • TelecomTV Events
Get In Touch
[email protected]
+44 (0) 207 448 1070
Connect With Us
  • Privacy
  • Cookies
  • Terms of Use
  • Legal Notices
  • Help

TelecomTV is produced by the team at Decisive Media.

© Decisive Media Limited 2022. All rights reserved. All brands and products are the trademarks of their respective holder(s).