8 Incredible Articles about Security Best Practices (and What We Can Learn from Them)

IoT security is a convoluted maze. These eight tips will help you navigate it.
Community
Hologram Team
January 1, 1970

Vint Cerf, one of the founders of the Internet, recently called on IoT device makers (https://www.theregister.co.uk/2017/03/21/vint_cerf_internet_things_security/) to take responsibility for securing all these connected things. The importance of security for the Internet of Things can’t be overstated – but you’re already aware, or you wouldn’t be reading this article.So let’s dig down and look at some stories that move the discussion into the practical.

Start with a strategy.

So much of our critical infrastructure is IoT-connected that it’s not surprising that Homeland Security is all over this. As such, the department created a document recognizing that IoT security can be overwhelming, with responsibilities that aren’t clearly defined. Therefore, it defines strategic principles (https://www.dhs.gov/sites/default/files/publications/Strategic_Principles_for_Securing_the_Internet_of_Things-2016-1115-FINAL....pdf) that build on security best practices in other tech sectors.DHS outlines solid best practices at every phase from design to device end of life.The takeaway: IoT developers, manufacturers, service providers and end users all have a role to play in security.

KISS.

Keeping it simple (https://networkingexchangeblog.att.com/enterprise-business/four-best-practices-for-iot-security/) is the approach in this resource from AT&T. These four guidelines don’t dig deep but they’re perfect for handing off to non-technical managers and business decision-makers.The takeaway: Sounds simple, but if your org could really do these four things, you’d be golden.

Keep them stupid.

We all remember the (in)famous Jeep Cherokee hack of 2016. Embedded suggests that the design techniques of least privilege, separation of privilege, and Kerckhoff's principle (http://www.embedded.com/electronics-blogs/say-what-/4442192/Handling-Top-Security-Threats-for-Connected-Devices) would have prevented it. It’s too late for all the devices already out there, but not for those still under development.The takeaway: When designing a new IoT component, it’s a solid practice to minimize its authority, isolate it as much as possible from the rest of the system and employ industry-standard cryptography and communication protocols.

Privacy issues could kick your butt.

Burger King and Google are in an arms race as the burger maker keeps airing commercials designed to activate Google Home. In April, the original TV spot featured a Burger King employee saying, “OK, Google, what is the Whopper burger?”Hilarity ensued (https://www.usatoday.com/story/tech/talkingtech/2017/04/13/burger-king-just-wont-stop-trolling-google-home/100410776/) and continues to, as BK modifies the spot and Google deactivates the response. But this has definite implications for device manufacturers that should not be ignored.

The takeaway: Voice activation is a wide-open security hole, especially when voice controls connect to physical security functions such as unlocking the door of a smart home.

Bring on the AI.

Your credit card company can identify suspicious use of your card thanks to big-data analytics that can spot anything out of the ordinary. Machine learning and data analytics (https://techcrunch.com/2016/04/22/how-iot-security-can-benefit-from-machine-learning/) could do the same for the data from connected devices, identifying and blocking abnormal activity or malicious behavior.The takeaway: The downside of this approach is that machine-learning systems must be trained on large data sets before they can identify anomalous behavior. On the other hand, most connected devices have limited parameters of functionality, so outlying behavior should be easier to spot.

Schneier’s list.

We’re big fans of security expert Bruce Schneier, so when he talks IoT security, we listen. This blog post is a list of other great articles (https://www.schneier.com/blog/archives/2017/02/security_and_pr.html) to settle in with on a cold, stormy night.The takeaway: Schneier is at the top of the security field. Pay attention.

Stay optimistic.

The Department of Homeland Security sees Internet of Things data as a public good – and is actively working with research institutions and private companies to help secure it.Robert Griffin, acting Under Secretary for Science and Technology at the Dept. of Homeland Security, writes (https://www.dhs.gov/science-and-technology/blog/2017/03/20/securing-critical-infrastructure-21st-century), “… by connecting to IoT technologies we are improving critical infrastructure operations in key areas like energy, water, telecommunications, and traffic management.” His article details how his organization is working with the Cyber Security Division (https://www.dhs.gov/science-and-technology/cyber-security-division) to build public/private partnerships.The takeaway: This coordinated effort to develop frameworks for engineering and interoperability is already underway – and Griffin invites more companies to join the effort.

Keep reading.

Our blog post, Stay Current on IoT Security with Our Must-Read List (https://hologram.io/stay-current-on-iot-security-with-our-must-read-list/), has links to six top resources that will help you keep up with an IoT’s shifting security landscape.The takeaway: No matter where you sit in the world of IoT, security is on you.

Want more security take aways? Check out our Security Series. (https://hologram.io/category/security-series/)

Get started with Hologram today

  • Talk to an IoT expert
  • Receive a free SIM
  • Customize your plan