How to Secure the Internet of Things
The Internet of Things (IoT) is reshaping the way government interacts with the systems it uses for citizen services, defense, business processes and other mission functions. From sensors and actuators to distributed edge computing and advanced analytics, the effect of the IoT is most evident when we bring what were previously stand-alone devices onto IP networks.
With more "things" infiltrating operational technologies, the concept of network security must evolve. While it was once sufficient to protect data behind firewalls, it is now necessary to extend protection to the tactical edge, in a new distributed-computing environment known as the fog. Agencies looking to unlock the IoT's potential while mitigating the risks associated with such deployments must secure the IoT ecosystem. Here are some strategies:
Understand who's utilizing the Internet of Things. As more devices go online, more government personnel will acquire IoT devices and attempt to deploy them on internal networks. IT professionals need to understand those devices and their issues to formulate policy accordingly.
Start with a holistic architecture. Agencies need to design an IoT architecture that eliminates threats while optimizing performance and utility. Performance considerations include uptime, redundancy and fault tolerance. Utility considerations include manageability, ease of use, resilience and scalability. Security considerations include identity and access management, content and context awareness, and threat defense.
Secure the actual sensors and devices. As proprietary sensor protocols are tunneled over or translated to IP, there are opportunities to embed security into software code and semiconductor chips. Establish a "root of trust" at the sensor and device levels using next-generation cryptography, such as Suite B, when possible. When IoT devices don't have enough storage or computation power for encryption, ensure that data is encrypted at points of aggregation, gateways and access points.
Secure the fog. The fog is an emerging, distributed-computing layer that must be secured to ensure data integrity throughout its lifecycle. The fog delivers the ability to collect, aggregate and manipulate data locally, while further analyzing data through enterprise and cloud repositories. Securing connections between IoT devices and access points, gateways and edge routers is key.
$4.6 trillion The public-sector value of the Internet of Things by 2022
SOURCE: "Internet of Everything: A $4.6 Trillion Public-Sector Opportunity" (Cisco Systems, 2013)
Automate for scalability. Billions of sensors and actuators make manual provisioning and patching of IoT devices impractical. An application-centric infrastructure helps automate security and provisioning, while learning networks with high resilience, visibility and control help reduce the need for manual programming. Adaptive security capabilities and zero-touch deployments will enable large-scale IoT adoption.
Migrate to IPv6. Agencies will need the address space afforded by IPv6 to support IoT, but IPv6 also offers a more robust set of standard protocols for security measures, such as network fragmentation and address translation.