Building Security into IoT Products from the Ground Up
Security is too important to be an afterthought. No one wants to cobble together an aftermarket fix, and having to do so would not reflect well on your brand. While it is (relatively) easy to design and ship an IP camera, for example, the ease at which one can be hacked from factory settings makes installing one an unacceptable risk factor to the network – and your customer’s business.
IoT security-related issues are on the radar of regulators. In January, the US Federal Trade Commission (FTC) filed a complaint against router giant D-Link, charging that the company had deceived users on the security of its products and failed to take steps to secure those products appropriately. This case has become a bellwether because the complaint was brought in response to the vulnerabilities themselves, not because of a breach exploiting those vulnerabilities. This is a sign that regulators are taking a more aggressive stance in demanding that connected device manufacturers take clear and sufficient steps to secure their products. (Read More)
Researchers find Gaps in IoT Security
IoT device designs are usually powered by microcontrollers, are less powerful and lack hardware security features compared to microprocessors. But they are well suited to IoT devices because applications do not require the computational capability of microprocessors, they consume much less power, and they cost a fraction of a microprocessor.
The simpler architecture of microcontroller hardware makes it challenging to implement established security methods. During fabrication, attackers with access to the design can inject analog components that can flip the microcontroller’s privilege bit to allow malware to be introduced. Many of these devices lack an accurate clock needed for network security. Algorithmic timekeeping methods still in an experimental stage could be a solution. (Read More)
Half of all Countries Lack Cybersecurity Strategy: UN Report
Only about half of all countries have a cybersecurity strategy or are in the process of developing one, and even the world’s most powerful countries show major gaps in their preparedness for cyberattacks, according to a latest UN report released on Wednesday.
The International Telecommunication Union (ITU) unveiled the Global Cybersecurity Index (GCI) 2017 on Wednesday, a continuation of the first version was issued in 2014. It measures ITU member states’ commitment to cybersecurity, hoping to motivate them to improve their cybersecurity and raise awareness for the need to start bilateral, multilateral and international cooperation.
The report said only about 38 percent of countries have a published cybersecurity strategy, while an additional 12 percent are in the process of developing one.
Singapore tops the index list for its long history of cybersecurity initiatives. It launched its first cybersecurity master plan back in 2005, and created a Cyber Security Agency in 2015 as a dedicated entity to oversee cybersecurity. In 2016 Singapore issued a comprehensive strategy to tackled online security issues. (Read More)