Today, we live in a technology-obsessed age. Whichever way you look, it’s hard to avoid the increasing number applications, products and solutions that continue to redefine the boundaries of what we previously thought possible. From autonomous vehicles and edge computing to 5G and the Internet of Things, all facets of our lives are continuing to evolve, thanks to an endless stream of differentiated innovations. In this article, we’ll be focusing on the latter of these - the Internet of Things (IoT).

Deployment of IoT technologies

Smart homes, smart utilities, smart retail, smart farming, smart supply chains and many of the other ‘smart’ versions of sectors that we’re already familiar with, are all called as such because of the implications of IoT. Indeed, it is a technology that has manifested itself in billions of devices, which today underpin the truly transformational levels of connectivity that we see across industries of all shapes and sizes.

The statistics speak for themselves. According to Statista, over US$ 1 trillion is expected to be spent on IoT technology worldwide, in 2022. Be it added convenience, efficiency, productivity or intelligence, many benefits are poised to emerge from this spike in IoT-related activities. Yet to say this digital transition is going to be entirely positive would be naïve.

Threats faced by smart cities

It is said that by 2040, 65 per cent of the world’s population will be living in cities

Let’s consider smart cities. It is said that by 2040, 65 per cent of the world’s population will be living in cities. To accommodate such an influx, without facing significant logistical issues, with limited space and infrastructure, policy makers have begun to recognize that these urban environments need to become not only larger, but smarter as well.

As a result, the global smart cities market is on the rise. Statista states that, globally, technology spending on smart city initiatives is expected to double from US$ 81 billion in 2018 to US$ 189.5 billion in 2023.

Threat of attackers with expanding IoT landscape

The challenge here is that such a stark uptick will drastically expand the IoT landscape, presenting more opportunities than ever to threat actors. As connectivity and computing power is distributed more widely across large-scale outdoor networks, hackers will scale-up their own operations in tandem.

According to a Nokia report from October 2020 (based on data aggregated from monitoring network traffic on more than 150 million devices globally), IoT devices now account for roughly 33 per cent of all infected devices, up from the 16 per cent estimated in 2019.

What’s more concerning is how these figures are translating into real world events. 2021 alone has already witnessed an attack on a water plant in Oldsmart, Florida, which was designed to poison residents’ drinking water. Furthermore, Colonial Pipeline, one of the largest fuel pipelines in the US was also hacked, earlier this year, resulting in major shortages across the country’s East Coast.

Security through IoT authentication

From weak password protection, a lack of regular patch updates and insecure interfaces, to insufficient data protection, poor IoT devices management and an IoT skills gap, there are plenty of weaknesses existing within the IoT ecosystem, which continue to provide open goals for attackers.

To defend against such lethal threats, security-by-design and open standards should be the guiding principles of IoT, working to prioritize security, interoperability and robust, internet-based protocols to mitigate risks.

Device authentication and encryption

A sound place to start is to make device authentication and encryption the central pillars of your IoT security architecture

A sound place to start, in this regard, is to make device authentication and encryption the central pillars of your IoT security architecture. The goal is to be able to prove that each and every device joining a network is not malicious, with tell-tale signs being rogue code, for example.

By ensuring each device is uniquely identifiable with digital certificates and therefore, properly authenticated when joining a network, you can ensure no tampered devices are able to infiltrate your overarching network.

Using technologies, such as Hardware Secure Element

Critically, passwords should be avoided altogether, these vulnerable to being stolen and cracked. And, while a similar vulnerability lies in the fact that all secure devices contain a private key, you can leverage technologies, such as Hardware Secure Element (a chip designed specifically to protect against unauthorized access, even if the attacker has physical access to the device), as an extra layer of defense.

Digital certificates are not the only option available in protecting those IoT devices that, if tampered with, could become the cause of physical threats. Physical Unclonable Function (PUF) can also be used to prevent tampering.

Physical Unclonable Function (PUF)

Through Physical Unclonable Function (PUF), a form of IoT device fingerprint is developed from the unique make up of a piece of silicon, which can be used to create a unique cryptographic key.

Unlike digital certificates, a secure infrastructure can be achieved through PUF, without the need for any additional hardware, as the key is not only stored securely, but it also becomes invisible to hackers, when the device is not running.

The importance of encryption

Use of AES encryption within radio chips, to scramble messages on the move, is the method adopted at Wi-SUN Alliance

Now, let’s turn attentions to encryption. The use of AES encryption within radio chips, to scramble messages on the move, is the method that we have adopted here at Wi-SUN Alliance. It’s a means of maximizing data security, but also reducing power consumption in the devices themselves. Beyond AES encryption, it’s also worth considering topography at the design stage. Indeed, mesh networks are advantageous for several reasons.

They are more reliable, allowing data to be re-routed, should devices lose contact unexpectedly. Transmissions usually travel shorter distances, which improves power efficiency and performance, and frequency hopping functionality prevents attackers from jamming signals, which could deny the service altogether.

Open standards and interoperability

But where do open, interoperable standards fit in? As is defined by the European Committee for Interoperable Systems (ECIS), interoperability enables a computer program to communicate and exchange information with other computer programs, allowing all programs to use that information.

Open standards then allow any vendor of communications equipment or services to implement all standards necessary, to interoperate with other vendors. This is incredibly useful from a security perspective. It means that all specs are stress-tested and verified by many users, and that any vulnerabilities are quickly detected, and remediated, enhancing security and reliability.

Need for open standards

Equally, open standards can accelerate time-to-market, reduce costs and ensure products are usable, with a variety of manufacturers’ processors and radios, with a steam of publicly available protocol stacks, design information and reference implementations available that can help build and future-proof secure products.

Indeed, large-scale corporate IoT networks alongside smart cities, smart utilities, and other key smart infrastructure will only continue to evolve, in the coming years. With the immense threats of attackers in mind, these systems must prioritize security-by-design, both now and in the future.

Download PDF version Download PDF version

Author profile

Phil Beecher President and Chief Executive Officer (CEO), Wi-SUN Alliance

In case you missed it

Delta Scientific’s Vehicle Barriers Elevate Public Safety In Troubled Times
Delta Scientific’s Vehicle Barriers Elevate Public Safety In Troubled Times

Vehicle barriers first rose to the forefront of public attention after 9/11. The focus from 2001 to 2010 was on anti-terrorism, and vehicle barriers appeared at military and government facilities around the world. The U.S. Capitol breach on Jan. 6, 2021, brought heightened attention to the risks in a society that is increasingly fractured and volatile. Various protest events in recent months have made customers more aware of possible threats and prompted many to proactively install vehicle barriers and other systems to protect their premises. Shifting market focus Since 2010, and with the anti-terrorism market mostly saturated, the market focus for vehicle barriers shifted to public safety applications such as stadiums, schools, universities, large tech companies, and data centers. It’s an example of deploying technology developed in “wartime” to the broader public good, says Keith Bobrosky, the new president of vehicle barrier company Delta Scientific Corporation. Withstanding the pandemic The only remaining hurdle for Delta Scientific is to deal with continuing uncertainty going forward Like many in the security market, Delta Scientific has withstood a tumultuous two years during the duration of the novel coronavirus pandemic. They have “come through with flying colors,” says Bobrosky. The company never closed down, and its vaccination rate is high. The only remaining hurdle is to deal with continuing uncertainty going forward. Delta Scientific’s commitment Bobrosky began working in sales at Delta Scientific in 2007. Along the way, he has expanded into management, production, and engineering management. Through it all, he has seen a company that provides employees the autonomy to do their jobs and who have a strong commitment to customers, he says. The privately-owned company is nimble; decisions can be made quickly to respond to market changes, adds Bobrosky. Addressing needs during a pandemic The company was concerned about lower demand when the economy shut down, says Bobrosky, but they did not see an impact. The business was steady as a result of government entities and other organizations taking advantage of being closed to evaluate and address security needs. “We saw a decent flow of government business because of the shutdown,” says Bobrosky. Delta Scientific focuses on the domestic U.S. market but also has a presence selling to partners in the Middle East and Europe, where the equipment is known for its ability to take multiple hits. Even after withstanding an impact according to ASTM standards, their barrier is still operational. Increased steel purchased Delta Scientific ramped up its purchasing power, staving off any shortages and striving to keep lead times short As material shortages have spread through the industry, Delta Scientific has ramped up its purchasing power, staving off any shortages and striving to keep lead times short. Steel is their major component – literally, 98% of the weight of the products is steel, and there are 5,000 pounds of steel per barrier. The price of steel has gone up and there have been shortages. The company has maintained supply by leveraging its reputation and purchasing power. Most of their components are made in the USA, which has helped them dodge the recent challenges of the global supply chain.  Application of barriers and bollards Automotive dealerships are another market for Delta Scientific; their bollards and barriers are used as anti-theft devices to keep vehicles from being stolen from a sales lot. Delta Scientific’s products can foil car thieves who might otherwise use a large vehicle to plow through a barrier and then enable a parade of accomplices to drive away in additional vehicles. Auto resellers buy anti-terrorism products to protect their inventories. DSC550 Open Frame vehicle barrier Delta Scientific’s products have evolved from push buttons and relay to touch screens and microprocessors New efficient product designs enable Delta Scientific to use less steel while keeping prices competitive and maintaining crash ratings. The products are more innovative, says Bobrosky. New barriers include the DSC550 Open Frame vehicle barrier, which does not block the view as solid barriers do. During the last decade control systems for Delta Scientific’s products have evolved from push buttons and relays to touch screens and microprocessors, although some customers still prefer the simplicity of the older approach. Portable crash barriers The equipment can also be controlled remotely and integrated with PSIM-type systems. Although the systems are stand-alone, some clients have been toying with the idea of controlling them through the internet, emphasizing the importance of appropriate cybersecurity. A separate line of portable crash barriers can be towed into place in 15 minutes by a vehicle or even a golf cart. They are used for events such as the Democratic and Republican National Conventions, the Oscars, music festivals, etc. There are hundreds of units in the field, available as needed for various events and rented out to event management companies and other organizers. Improving customer relations  As the president of Delta Scientific, Bobrosky says his biggest opportunity is to continue improving customer relations – a never-ending goal. He will also strive to increase communication. Looking ahead, additional crash tests are scheduled for 2022, and the company will continue to look for ways to “do more with less.”

Cutting Through The Hype: AI And ML For The Security Space
Cutting Through The Hype: AI And ML For The Security Space

Today’s organizations face numerous diverse threats to their people, places and property, sometimes simultaneously. Security leaders now know all too well how a pandemic can cripple a company’s ability to produce goods and services, or force production facilities to shut down, disrupting business continuity. For example, a category three hurricane barreling towards the Gulf of Mexico could disable the supplier’s facilities, disrupt the supply chain and put unexpected pressure on an unprepared local power grid. Delivering timely critical information Tracking such risk is hard enough, but managing it is even more difficult. A swift response depends on delivering the right information to the right people, at the right time. And, it’s not as easy as it sounds. Indeed, 61 percent of large enterprises say critical information came too late for them, in order to mitigate the impact of a crisis, according to Aberdeen Research (Aberdeen Strategy & Research). These challenges are accelerating the hype around Artificial Intelligence (AI) These challenges are accelerating the hype around Artificial Intelligence (AI). The technology promises to help us discover new insights, predict the future and take over tasks that are now handled by humans. Maybe even cure cancer. Accelerating the hype around AI But is AI really living up to all this hype? Can it really help security professionals mitigate risk? After all, there’s a serious need for technology to provide fast answers to even faster-moving issues, given the proliferation of data and the speed at which chaos can impact operations. Risk managers face three major obstacles to ensuring business continuity and minimizing disruptions. These include: Data fatigue - Simply put, there’s too much data for human analysts to process in a timely manner. By 2025, the infosphere is expected to produce millions of words per day. At that pace, you’d need an army of analysts to monitor, summarize and correlate the information to your impacted locations, before you can communicate instructions. It’s a herculean task, made even more difficult, when we consider that 30 percent of this global datasphere is expected to be consumed in real time, according to IDC. Relevance and impact - Monitoring the flood of information is simply the first hurdle. Understanding its impact is the second. When a heat dome is predicted to cover the entire U.S. Pacific Northwest, risk managers must understand the specifics. Will it be more or less hot near their facilities? Do they know what steps local utilities are taking to protect the power grid? Such questions can’t be answered by a single system. Communication - Once you know which facilities are impacted and what actions to take, you need to let your employees know. If the event is urgent, an active shooter or an earthquake, do you have a fast, effective way to reach these employees? It’s not as simple as broadcasting a company-wide alert. The real question is, do you have the ability to pinpoint the location of your employees and not just those working on various floor in the office, but also those who are working from home? How AI and ML cut through the noise Although Artificial Intelligence can help us automate simple tasks, such as alert us to breaking news, it requires several Machine Learning systems to deliver actionable risk intelligence. Machine Learning is a branch of AI that uses algorithms to find hidden insights in data, without being programmed where to look or what to conclude. More than 90 percent of risk intelligence problems use supervised learning, a Machine Learning approach defined by its use of labeled datasets. The benefit of supervised learning is that it layers several pre-vetted datasets, in order to deliver context-driven AI The benefit of supervised learning is that it layers several pre-vetted datasets, in order to deliver context-driven AI. Reading the sources, it can determine the category, time and location, and cluster this information into a single event. As a result, it can correlate verified events to the location of the people and assets, and notify in real time. It’s faster, more customized and more accurate than simple Artificial Intelligence, based on a single source of data. Real-world actionable risk intelligence How does this work in the real world? One telecommunications company uses AI and ML to protect a mobile workforce, dispersed across several regions. An AI-powered risk intelligence solution provides their decision makers with real-time visibility into the security of facilities, logistics and personnel movements. Machine Learning filters out the noise of irrelevant critical event data, allowing their security teams to focus only on information specific to a defined area of interest. As a result, they’re able to make informed, proactive decisions and rapidly alert employees who are on the move. Four must-have AI capabilities To gain real actionable risk intelligence, an AI solution should support four key capabilities: A focus on sourcing quality over quantity. There are tens of thousands of sources that provide information about emerging threats - news coverage, weather services, social media, FBI intelligence and so much more. Select feeds that are trusted, relevant and pertinent to your operations. Swift delivery of relevant intelligence. To reduce the mean-time-to-recovery (MTTR), risk managers need an accurate understanding of what’s happening. Consider the different contextual meanings of the phrases ‘a flood of people in the park’ and ‘the park is at risk due to a flood’. Machine Learning continuously increases the speed of data analysis and improves interpretation. Ability to cross-reference external events with internal data. As it scans different data sources, an AI engine can help you fine-tune your understanding of what’s happening and where. It will pick up contextual clues and map them to your facilities automatically, so you know immediately what your response should be. Ready-to-go communications. Long before a threat emerges, you can create and store distribution, and message templates, as well as test your critical communications system. Handling these tasks well in advance means you can launch an alert at a moment’s notice. The ability to minimize disruptions and ensure business continuity depends on speed, relevance and usability. AI and ML aren’t simply hype. Instead, they’re vital tools that make it possible for security professionals to cut through the noise faster and protect their people, places and property.

What Career Opportunities Await The Next Generation In Security?
What Career Opportunities Await The Next Generation In Security?

A new generation of security professional is waiting in the wings. They will be faced with unprecedented challenges, as they seek to transform the security marketplace to the ‘next level’. Technology changes ensure the market will be very different 10 years from now and the fresh labor pool will need to be able to meet the host of new challenges. We asked our Expert Panel Roundtable: What exciting career opportunities in the security industry await the next generation?