Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Corporate IoT Implementation Struggling, Survey Finds

Security is the Primary Concern for Firms Implementing an IoT Strategy, IT Pros Say

Security is the Primary Concern for Firms Implementing an IoT Strategy, IT Pros Say

Remaining competitive is the primary motivation for implementing a corporate ‘internet of things’ (IoT) strategy; but 90% of those doing so admit the implementation is struggling. Security is the primary concern, holding back 59% of organizations with a current IoT project.

Security is followed by the cost of implementation (46%); competing priorities (37%); an intimidatingly complex IT infrastructure (35%); and funding (32%). The figures come from a survey (PDF) published this week by Vanson Bourne, commissioned by the Wi-SUN Alliance, which questioned 350 IT decision makers from firms in the U.S., UK, Sweden and Denmark that are already investing in at least one IoT project. 

The purpose of the survey was to help Wi-SUN better understand how it is perceived in the IoT marketplace, and to help plan future operations. Wi-SUN is a non-profit alliance of around 170 major firms throughout the world with a mission to drive interoperable IoT communications based on open global standards in industrial IoT, with particular concern for utilities and smart cities.

Security Concerns Slow Use of IoT in the EnterpriseKey findings from the survey show that the U.S. (65% of respondents) is ahead of the other three countries surveyed with fully implemented IoT strategies. It is 47% in the UK, 44%in Sweden, and 24% in Denmark. The U.S. also leads in prioritizing IoT enablement: U.S. (73%), UK (64%), Sweden (62%) and Denmark (58%).

One clear outcome from the survey is the emphasis on security as the most important characteristic when considering an IoT implementation for both smart cities (84%) and utilities (85%). Second only to security is the preference for industry open standards: again 84% for smart cities, and 81% for utilities. 

Related ReportThe Hunt for IoT – ​Threat Analysis Report (F5 Networks)

These two features fit well with the Wi-SUN network design specification. “Wi-SUN is about the communications layer,” Phil Beecher, chair of the Wi-SUN Alliance, told SecurityWeek. “We’re providing what could be seen as a large scale outdoor IoT wireless mesh that looks like an internet. It has all the resilience and reliability of a decentralized communication network. It doesn’t specify any of the applications that run on top of that, so any application that runs over UDP or TCP can be run over Wi-SUN.”

That, of course, is only part of a large-scale IoT network. “In a smart city,” he continued, “we would provide wireless communication between street lights, or from street lights to traffic signals. But at strategic points there would be a connection to a high speed, probably fiber, connection to transport data to the network’s back office.” It’s not a wifi network because the wifi range is too limiting. Instead Wi-SUN uses stronger radio communications able to cover up to several kilometers.

The security comes in two areas: certificate-based device authentication, and the mesh and wireless topology of the network itself.

“One of our strengths,” continued Beecher, “is that we offer bi-directional communications at a fairly high data rate — so we can do over-the-air upgrades to apply security patches. No device can connect to the network without being ‘vetted’. This is based on the use of certificates. Every device has its own certificate burned in during production, and every device needs to have that certificate verified before it can join the network. Once it is verified and on the network, it is possible to download new code into that device.”

The process cannot, of course, be retrofitted to old devices that can’t be patched. Security here must be applied through traditional network gateways and routers; but in reality organizations with such devices should be considering renewing them with more modern devices — and taking advantage of security updates and certificate-based security.

“This certificate authentication,” said Beecher, “makes it very difficult for a remote attacker to hack any of the devices or a local attacker to tamper with the device. The mesh topology of the network also makes it difficult to deliver an effective DoS attack, whether by jamming or data overload, against the network.”

Jamming is difficult because the network uses the military technique of frequency hopping. “You would need a high-power wide-band jammer,” he explained. “This is difficult to achieve; although it is possible at, say, military levels. Otherwise Wi-SUN is largely immune to local jamming.” 

Related ReportThe Hunt for IoT – ​Threat Analysis Report

Related: New Legislation Could Force Security Into IoT 

Related: The False Binary of IoT and Traditional Cyber Security 

Written By

Click to comment

Expert Insights

Related Content

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

ICS/OT

Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.

ICS/OT

Vulnerabilities in GE’s Proficy Historian product could be exploited for espionage and to cause damage and disruption in industrial environments.

ICS/OT

A hacktivist group has made bold claims regarding an attack on an ICS device, but industry professionals have questioned their claims.

ICS/OT

Vulnerabilities in industrial routers made by InHand Networks could allow hackers to bypass security systems and gain access to OT networks.

Cybersecurity Funding

Internet of Things (IoT) and Industrial IoT security provider Shield-IoT this week announced that it has closed a $7.4 million Series A funding round,...

ICS/OT

Organizations using controllers made by Rockwell Automation have been informed recently about several potentially serious vulnerabilities.

ICS/OT

Schneider Electric in recent months released patches for its EcoStruxure platform and some Modicon programmable logic controllers (PLCs) to address a critical vulnerability that...