AT&T, IBM, Nokia, Palo Alto Networks, Symantec and Trustonic are joining forces and combining their expertise to help tackle today's top Internet of Things (IoT) security challenges.
The IoT Cybersecurity Alliance will combine industry-leading security providers and IoT experts. The group will research and raise awareness of ways to better secure the IoT ecosystem.
As the number and kinds of connected devices multiply, so have the security risks. In the past three years, AT&T has seen a 3198 percent increase in attackers scanning for vulnerabilities in IoT devices.
Business leaders recognise the potential threat IoT devices designed without security in mind might pose for their organisation. AT&T surveyed companies in 2016, and 58 percent said they were not confident in the security of their IoT devices.
“The explosive growth in the number of IoT devices is only expected to continue; therefore, so must the associated cyber-security protections,” said Mo Katibeh, AT&T senior vice president of advanced solutions. “Today's businesses are connecting devices ranging from robots on factory floors to pacemakers and refrigerators. Helping these organisations stay protected requires innovation across the whole IoT ecosystem to enable sustainable growth.”
Alliance members believe the key to IoT security lies in protecting all devices at the endpoint, network, cloud and application layer, and using overarching threat analytics to study the overall ecosystem and designing products with a built- in, always-on security approach.
These IoT cyber-security Alliance members want to advise customers and educate the industry on the cyber-security measures needed to create a safer IoT ecosystem, foster collaboration and advance innovation with top cyber-security and IoT thought leaders.
Specifically, goals of this IoT Cybersecurity Alliance are to:
- Collaborate and research security challenges of IoT across verticals and use cases such as Connected Car, Industrial, Smart Cities and Healthcare. The IoT Cybersecurity Alliance will take use cases or business challenges in IoT cyber-security to dissect and advance security concerns and identify ways to implement security across the value chain.
- Dissect and solve for IoT security problems at every critical layer of security. These include the endpoint, connectivity, cloud, and data/application layers. This Alliance includes experts at each of these layers to help educate businesses and consumers on how to protect their connections.
- Make security easy to access across the ecosystem. Security needs to exist across the value chain. Users will benefit from innovative IoT services and infrastructures that can withstand the ever-evolving threat landscape.
Influence security standards and policies. Using each group member's leadership and expertise will raise awareness of cyber-security. It will engage regularly with policymakers and other organisations. IoT offers tremendous benefits and efficiencies to businesses, but security concerns often prevent businesses from adopting these emerging technologies. IoT Cybersecurity Alliance members will help the industry maximise the advantages of IoT while educating about how to keep companies and consumers more secure.
“Be it a connected car, pacemaker or coffee maker, every connected device is a potential new entry point for cyber-attacks,” said AT&T chief security officer Bill O'Hern. “Yet, each device requires very different security considerations. It's become essential for industry leaders and innovators like those in the founding members of this Alliance, to work together to help the industry find more holistic security approaches for IoT.”
Commenting on this new alliance is Cesare Garlati, chief security strategist at the prpl Foundation: “prpl welcomes any effort in the industry to bring out IoT standards and believes in the power of Darwinism – it's not the size of the organisations involved that matters - the standards that work the best will become the predominantly used. The risk when vendors are involved is quite high, especially when they're not running the group as a full time job – and it mainly comes down to the ability to execute its mandates.
Therefore, any cross-industry consortium that wants to be successful should:
1) Have a focus – instead of “addressing the IoT space” – which could mean anything – pick one aspect (hardware/software, etc) and have a razor sharp focus.
2) Deliver something to members – this is mainly in the form of whitepapers and even better if you can execute on the ideas or guidance covered in the whitepaper by showing proof of concepts, for example.
3) The leaders of the group need to be open and engaging and encourage active participation in the group.
“When it comes to cross-industry competitors, technology vendors shouldn't compete on the basics, but rather on differentiating themselves in other ways.”