Searcher
Back

Is IoT the target or the tool to be attacked?

According to the White Paper on Digital Transformation produced by the World Economic Forum launched during this week’s annual meeting in Davos, and where Telefónica has made many relevant contributions, digital transformation is emerging as a key driver of sweeping change in the world around us.

Enabled by telecom technology, the growth in information and money flowing through the global economy is exorbitant. According to this report global flows of goods, services and finance could triple from $26 trillion in 2012 to more than $80 trillion in 2025. Global broadband speeds are increasing at 20% a year, opening tremendous possibilities for businesses and society. The importance of the telecom industry’s role is only likely to grow as companies across industries integrate cloud, mobile and global digital services to drive their business models and thus increase the importance of the underlying network enormously.

The number of connected devices, which enable and drive business models in the IoT, could reach 30 billion by 2020-2025. New technological initiatives such as drones and autonomous vehicles will depend heavily on reliable and secure connectivity. This is becoming one of the hottest topics which are being discussed during the World Economic Forum Annual meeting.

IoT buzz has been all over the last three years it has now started to be massive, even though Telefónica has been investing on it for a long time, and in the next years it is going to accelerate, spreading across all scenarios of our life (from health, home, wearables to industry and automotive) and also in scale (billions of connected objects).

All this growth is built on top of a very heterogeneous technology space, which combines all types of accesses, from short distance to cellular networks, fixed and wireless, unlicensed and licensed spectrum. The devices vary from very simple sensors to microprocessors. All of them are monitoring, controlling and acting over all kinds of critical and non-critical infrastructure. The data is on top of this.

 

“We are stepping into the data age in which IoT is going to be the biggest generator of data. All this data needs to be transmitted, stored, authenticated, consistent and private. Therefore, security becomes a key issue in IoT”.

 

Security is a pending subject for many actors in the IoT space, which have been ”sensing without sense”, that means, they have been focused on establishing the connections without making a secure device nor the communication channel, the connectivity network nor the application receiving the data, none of them were safe enough.

IoT needs, as in any other business, to secure the information to ensure confidentiality (only access who should), integrity (only creates, destroys or modifies who should) and availability (it is accessible whenever necessary)

Also, due to the IoT devices proliferation everywhere and its processing capability, when it comes to cybersecurity attacks, IoT services can either be: 1) the origin or the means that makes massive DDOS attacks, using IoT devices as a botnet 2) Or the target of the attack (ie connected car)

The concern about Cybersecurity in IoT is growing in the industry. The Cybercriminals community has been focused on the low-hanging fruit and most prevalent systems. The popularity of IoT initiatives (such as smart cities), as well as the number of persons affected and critical in the severity of the impact (both human and economical), will bring a new dimension to cybersecurity.

It is necessary to consider both the risk of IoT devices & services being attacked to affect its operation (e.g. Connected Car remote control), or to be used as a mean to launch distributed denial of service attacks.

In 2015-16 different initiatives have been created with the objective to compiling the best practices in IoT Security. The most relevant are: from the IoT Security Foundation; the U.S. Department of Homeland Security (DHS); OWASP Internet of Things Project; Open Trust Protocol; Industrial Internet Consortium (IIC); GSMA issued a set of IoT security guidelines and the European commission who announced in 2016 the creation of a new legislation to protect machines from cibersecurity breaches.

Telefónica is working in several areas:

  1. Offering networks with the highest standards of quality and security. From GSM to 3G and the forthcoming LTE 5G IoT connectivity: NB-IoT and LTE-M.
  2. Building specific products and solutions of IoT Cybersecurity, powered by ElevenPaths.
  3. Support and contribute actively to the standardization of IoT safe solutions.
  4. Certify the security of any IoT device marketed through Telefónica.
  5. Supporting network capabilities to improve IoT Security.
  6. Partnerships with IoT security market leaders (e.g. Symantec to provide digital certificates (PKI) for devices) to provide advance IoT cybersecurity solutions.

Security is a mandatory attribute at Telefónica in any device, any network, any service and any operation we deliver to customers. Our communications are safe from design (from GSM to 3G and the forthcoming LTE 5G IoT connectivity: NB-IoT and LTE-M), but rather than staying comfortable there, we have kept investing in defensive and proactive security technologies for IoT, not just for us, but also to guarantee that the management advance of its security reaches our customers.

RELATED POSTS