Developing a defense-in-depth security practice for IoT
Do you remember that time when you bought an SUV, renowned for its auto safety, and then decided that there was no need to wear a seatbelt? Or that time you decided not to install a smoke alarm because there was already a fire extinguisher in the house?
These don’t sound like familiar scenarios because they’re impractical. When it comes to keeping the people and things we care about safe, we apply a range of safeguards against common threats. Where the impact of loss would be high, we avoid a single point of failure. In our personal lives, we commonly incorporate layers of protection against loss from house fires, automobile accidents and theft.
Whether protecting a home or a business, multiple and varied layers of protection work together to form a strong barrier between the things we care about, and the threats that endanger them. The practice of applying a variety of overlapping layers of defense to guard against and respond to a threat is what military strategists and information security experts alike call defense-in-depth. Layered defenses in security force would-be attackers to overcome multiple challenges to gain access to their target.
Defense-in-depth, a tried and true security approach
The effectiveness of any system’s defense-in-depth is about the power of and. To protect your home against loss from theft, you have a front door and a deadbolt lock and a burglar alarm and an insurance policy. You might even have a dog or motion sensing lights. The burglar alarm alerts — or your barking pet — protects your home even if an intruder isn’t deterred by your lights coming on and is able to break through the deadbolt lock.
Similarly, in the corporate world, to protect data you can apply identity and access management controls to define who can access what parts of a network and information rights management to control access to sensitive files and documents and threat protection protocols to detect and investigate breaches, compromised identities and other malicious activities.
Despite being a historically proven security practice for both physical and information security, defense-in-depth and other basic security best practices are not commonly applied. There are countless companies making the same misstep. The majority of IoT devices continue to be based on simple processors that are — at best — retrofitted with a smattering of security measures that might give buyers peace of mind, but do little to slow attackers. This is accumulating risk, one unsecured chip at a time.
Connected devices continue to pose security risks
Each connected device that we bring into our home or workspace has the potential to open new attack surfaces and introduces vulnerabilities to increasingly personal areas of our life. The devices and infrastructure we rely on to keep us safe will become increasingly connected: the carbon monoxide monitor that detects and alerts to poison in the air; remote vital sign monitoring devices to help medical providers keep tabs on patient health; and the home security systems used to monitor and alert homeowners to suspicious activity. Connected versions of these products are already on the market today.
The expanding volume of connected devices coupled with weekly headlines about hacked IoT devices is spiking corporate and consumer interest in more reliable device security. And while there are several nascent industry and regulatory efforts to drive common security standards for connected devices, there is not a unified understanding of the risk and how to solve for it. This leaves each manufacturer or vendor to choose their own approach. An IoT product might market long lists of security features, but — in most cases — the addition of multiple security features does not equate to defense-in-depth.
With most existing IoT devices failing to apply even basic principles of security, consumers, businesses and modern society are vulnerable to the increasing menace of cyberthreats. In the meantime, you can still take responsible steps to ensure that the products you bring to market are built on the foundations of defense-in-depth.
Device security for mass market deployments
In the early proof of concept stages of device design, you might not be thinking about holistic device security. But when shipping at scale, defense-in-depth security is a requirement that protects your customers and your bottom line. Developing a security practice to counter attackers requires an approach that accounts for an evolving threat landscape and is built on secure-by-design platforms. By leveraging the best practices of the brightest security minds, along with a variety of thoughtfully layered security mechanisms, you increase the chances that a connected device is hardened to the likely event of a breach.
IoT security mindset. A defense-in-depth device security practice starts with the mindset that every connected device, no matter its application or type, is built to defend against a comprehensive array of threats. Just because a connected device manages only the temperature of the water in a fish tank doesn’t mean the security approach shouldn’t be as intentional as it should be with a connected insulin pump that manages the release of insulin to a diabetic patient. In both scenarios, a device breach could lead not only to tampering with the device’s intended function, but also give access to the larger system that it’s connected to. When you operate with the assumption that parts of a connected device will be breached, whether it’s a national security risk or just a rain monitor, it’s more likely that second, third and fourth layers of protection are developed to deter, challenge and confound an attacker that has found entry and minimize the impact of a breach.
Device security strategy. Identifying the likely attack path based on physical location, communication channels and device capabilities are key components of device security strategy. You might be able to do this yourself if you can build a team of experts with deep knowledge of the industry, dedicated bandwidth for 24/7 vulnerability monitoring and the ability to quickly code and release urgent security updates. However, the ongoing security talent shortage makes that approach almost impossible to implement and sustain for most organizations. An effective shortcut to a comprehensive security strategy is to build on secure-by-design platforms. Use of secured platforms helps to ensure that the critical security of your device is backed by the deep knowledge and expertise of an ecosystem of security professionals, and reliably developed, monitored and updated for threats with ongoing security improvements.
Device security mechanisms. An effective device security action plan includes multiple, interlocking layers of security features and techniques to address each potential threat. Just like defending a home against a thief might require a door and a lock and an alarm, we must apply a variety of defense types when securing a connected device. Using a combination of layered hardware and layered software and secure communication ensures a diverse and multilayered mix of security tactics for IoT devices.
Just as a list of many security features does not equal defense-in-depth, security features that aren’t activated by default can give a false sense of security for manufacturers and product developers. When security features are built in and activated by default, the opportunity for human error is minimized. You can help your team do the right thing by choosing solutions that make development of a secure product easy and automatic.
Now is the time to secure connected devices with the rigor of defense-in-depth. In the IoT era when devices are embedded in the fabric of our lives; when they entertain, inform and even protect our physical wellbeing, applying the power of and to device security is a proven path to securing the future of IoT.
IoT defense-in-depth characteristics
There are many published perspectives on IoT security. They range from baseline security requirements to prescriptive operational models. Regardless of the security principle, model or platform vendor your organization ultimately elects to adopt, this basic framework serves as a primer of defense-in-depth security as it relates to IoT.
Click to enlarge image. Image Source: Microsoft
As you upgrade your security practice, ask yourself and your team this: Do you follow a defense-in-depth approach or one with limited protections?
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.