Recent incident of world's first power outage caused by a malware in Ukraine, which left half the homes in a region without electricity just before Christmas, was a stark reminder of how grave the consequences could be, especially in terms of national security and economy.
Delivering on the promise of The IoT will require careful planning and trusted solutions that secure each vulnerable data point in the ecosystem through proper risk analysis and security evaluation. From manufacturing and service infrastructure, to devices and networks, multi-layered approach to cybersecurity is no longer an afterthought - it must be designed right from the conception stage. While it is true that connectivity is outpacing security in IoT, a lot can be done to make it more robust, with a long term goal of saving costs, reducing frauds and improving efficiency.
So, what exactly is IoT security? How is it different from traditional Information Security?
3. 3 factors of Information Security
The purpose of information security is to protect information from unauthorized access, use or release. The classic CIA triad at the heart of information security consists of three major components:
1) Confidentiality: Information is only made available to authorized individual, processes and entities.
2) Integrity: Assuring the accuracy and completeness of data over its entire life cycle.
3) Availability: Ensure that systems and information are available when they are needed.
With big data and its sheer volume posing extra challenges to IoT now, three new elements have been added to the foundation and have become particularly important for IoT security -
4) Accountability: Ensure that every action can be traced to a unique entity that carries it out.
5) Authenticity: The property of being genuine and being able to be verified and trusted.
6) Reliability: The system is reliable and can be trusted.
4. Define IoT security according to the 6 elements above + how to make money/prevent fraud
In other words, IoT security is the paradigm that protects all digital assets - the connected devices, data and networks in the IoT - by making sure that all the six elements presented in the diagram are tackled and planned for, with thorough risk analysis and evaluation.
As more and more things get connected, the boundaries between physical and digital worlds will blur, and amount of personal data collected and shared will rise exponentially. While it holds a huge potential to deliver better quality of life and business results, security professionals will have to take a closer look at IoT security to counter the risks of cyber-attacks and frauds. In a race to capitalize on opportunities or reap in quick revenue, the companies set up adequate processes to secure the entire chain, from end to end, will be better positioned to protect privacy and prevent data breaches.
Sign up for CIO Asia eNewsletters.