Cyber security

So, what can we do?

There’s no silver bullet that can effectively mitigate all IOT threats and we need to understand that we can’t apply Security by Obscurity principles in IOT. We can’t say our IOT product is secure because it uses proprietary protocols, indigenous hardware or air-gapped closed networks. We need to think Security by Design. And security cannot be an afterthought. It has to considered & implemented in all of these stages.

  • Planning: Security requirements, Risk Analysis
  • Design: Secure Design Practices, Threat Modelling
  • Implementation: Secure Coding Practices, Security-focused Design Reviews
  • Verification: Security-focused Testing, Third-Party Security Audit
  • Validation: User Testing to expose Weak-points, Penetration Testing
  • Deployment: Operational Risk Assessment, Secure Deployment Practices
  • Operations: Incident Response Preparedness, Vulnerability Management

Lot of research is going on in various parts of the world regarding, how to bootstrap trust and security, from the very basic Design stage like powerful Systems on a Chip (SOC) with embedded hardware security support, Elliptic Curve Cryptography with reduced computational demands etc.

Also, to address the threats IOT Business Model has to change. Earlier we used to build product, ship them and forget about them until we had to service them, but now in the world of IOT we have to ship and remember. Remember where are our devices and wat they are doing that they shouldn’t. We need to understand the delicate balance of speed to market and the appropriate level of security considering the final product cost too. IOT cannot be a success if we don’t believe in Amara’s law, “We tend to Overestimate technology in the short run and underestimate the impact of it on the long run.”

 

1
2
3
4
5
Previous articleContiki For Converting Embedded Into The IoT
Next articleApple Watch Series 2 Teardown
A technology evangelist with wide range of agile experience, starting from the days of embedded systems, moving to web & object-oriented development, followed by cyber security and then to the latest trend of cloud computing & machine learning. Currently, holding the role of Alt. CISO for Electronics Corporation of India limited (ECIL), a Public Sector Enterprise under Department of Atomic Energy (DAE), Government of India. He is accountable & responsible for security strategy planning, policy implementation, management of risks & threats, independent compliance reviews and implementation of new security products & technologies. Some Accolades to his Arsenal: - Winner, Top 100 InfoSec Maestros Awards 2016 - Winner, Dynamic CISO Security Excellence Awards 2016 - Elite CISO Finalist, NullCon BlackShield Awards 2016 - IBM Blue Scholar 2012

3 COMMENTS

LEAVE A REPLY

Please enter your comment!
Please enter your name here