New cyber-security organisation aims to secure Internet of Things

The Internet of Things has reached a milestone with the formation of its very own cyber-security foundation.

Get used to IoT: you may be seeing a lot of  this logo
Get used to IoT: you may be seeing a lot of this logo

Launching today in London at the Digital Catapult, the Internet of Things Security Foundation is a collaborative venture formed in response to rising concerns around devices as diverse as baby monitors, security cameras, wearable devices, home automation and automobiles.

Despite the involvement of major cyber-security companies and academic institutions, the founders promise that the IoT security initiative will be vendor-neutral as well as international and collaborative.

Organisations which have pledged their support to the Internet of Things Security Foundation (IOTSF) include among others BT, Vodafone, University of Greenwich, Royal Holloway University, Broadcom and Siemens.

In a press announcement, the IOTSF said: “As more and more devices are being attached to the Internet, for a multitude of reasons, the potential attack surface and corresponding security threat increases dramatically. Adversaries with wide-ranging motivations have an ever-rich target where security gaps, sometimes caused by a basic lack of knowledge, are being exposed on a daily basis. IoTSF has been formed in response to a spectrum of security concerns as the rise in global IoT system deployments is greatly anticipated.”

John Moor, representing the IoTSF commented, “The opportunity for IoT is staggering. There are a great many possibilities for businesses in all sectors including manufacturing, transport, health, home, consumer and public services. However, there are ever-real security challenges that accompany those opportunities. It is vital to the adoption of existing and new systems that security is addressed from the start, that it is fit for purpose and it can be managed over the lifecycle of the system.

“Our intention is simple – drive excellence in IoT security. By creating a dedicated focus on security, IoTSF aims to be the home for providers, adopters and beneficiaries of IoT products and services.”

Oliver Eckel, CEO of international security and pen testing company Cognosec, commented: “Many IoT devices manufactured today use outdated standards or do not follow best practice recommendations, only mandatory requirements.  As a result, each device added to a home increases the vulnerability of the network.  As we connect everything to the internet, not just cars and fridges, but at some point even milk cartons and beer cans, the embedded processors get smaller and smaller, and work on minimal power consumption. As a result, securing and regulating the next generation of IoT devices will prove even more difficult.

“The greatest risk with the IoT is that a lack of decent security measures in the initial phase of the technology will result in the networked future being built upon a poor foundation.  As the technology becomes more widely distributed, the vulnerabilities are sure to be exploited – a big enough issue for home networks, but considerably worse if “smart city” networks are broken.  It is integral that the industry remembers the lessons of the past, and secures the IoT before it's too late.”

Simon Moffatt, Director, ForgeRock said: “The establishment of the Internet of Things Security Foundation is a significant moment in the evolution of the IoT. The initial wave of IoT implementations were all about communications and connectivity, with the technical challenges of adding network connectivity to previously dumb and offline devices meaning that security took something of a back seat. 

“However, as the IoT stabilises from a technical perspective, the potential for data loss and security breaches on a larger scale will inevitably increase, meaning more effective policing will be required.”

Hans Zandbelt, senior technical architect, Ping Identity said it was “encouraging to see such high-profile organisations leading the charge in encouraging more robust hardware and software security.”

However, he added: “More must be done to create uniform industry standards that address how users authenticate to all of their smart devices and more importantly, how devices authenticate to each other and establish secure communications.”