The explosion of the Internet of Things and smart embedded devices connected to IP creates the need for a complete new security approach to keep core services running and protected from potential cyber-attacks.
There are many advantages in connecting the embedded devices and IoT products to the central equipment, power grids, vehicles, buildings and industrial networks. But, these connected devices create a grey area in security, as networks are becoming connected to legacy systems with no security. Once you connect an internet-connected device to a critical network, attackers are ready to tackle the network unless the embedded devices is efficiently protected.
Traditionally, embedded devices were not connected to the internet. However, with the development of internet connectivity, embedded devices can perform multi-functional functions, as more and more components are connected. For example, they can act as wireless sensors and networking elements for physical security. Sensors are used to collect data for analytic and monitoring purposes, still, embedded devices can be used for automatic functions, such as dispensing tickets through connected smart ticketing machines.
There are millions of IoT devices in use, with 20.8 billion projected by 2020, according to Gartner. The same research by Gartner states that in the same year, more than half of new businesses will incorporate IoT and use up to 20% of annual security budgets needed to protect these devices.
Everyday news already shows an example of infrastructure and core services being targeted. Any disruption or failure caused by attacks can send businesses or even the country in chaos. One example was the release of malware that infected Ukraine’s power grid in 2015. It brought down the power supply of hundred thousand residents. Another example was the attack to German steel mill in 2014 which caused a massive damage.
To increase the importance of security, the product lifecycle is the key solution. If brought in by security professionals in the early stages, it will prevent attackers from exploiting security holes once embedded devices are connected to core networks. Embedded device security will never be a straight forward approach. But, increasing the importance of security in the development stage to monitor the device and protect the network keeps attackers from exploiting the embedded devices for larger and critical targets.
There is no single approach to protect embedded devices, but several elements need to work together to create a more secure IoT environment. If doing so, the pieces that are most sensitive will be protected throughout their lifecycle.