Menu

IoT FEATURE NEWS

Standards for Security in IoT

By

Despite the current hype, it remains almost a certainty that the Internet of Things (IoT) is here to stay. Interconnected appliances, objects and networks provide businesses, consumers, investors and development teams with endless opportunities: connected cars, smart watches, and other automated devices are flourishing. Analysts predict that by 2019, it will add $1.7 trillion in value to the global economy.

Proponents of IoT see it as being filled with incredible opportunities; ironically, so do cybercriminals. In July, hackers took control of a Jeep Cherokee – specifically, its software - and remotely manipulated its transmission, radio and air conditioning.  It led to a recall of 1.4 million vehicles, and raised a multitude of concerns. This summer, the FDA told healthcare organizations to stop using a drug infusion pump because software vulnerabilities “could allow an unauthorized user to control the device and change the dosage the pump delivers.” We’re talking about two incidents where life hangs in the balance if the software gets into the wrong hands. Worried yet?

The consequences aren’t always as dramatic but they can still be detrimental. Last year, a refrigerator was discovered among a ‘botnet’ of more than 100,000 connected devices, sending more than 750,000 spam emails. Annoyances like this may not result in death, but they can certainly negatively impact a business’ reputation.  More importantly, it may be only the tip of the iceberg…a harbinger of other things, other hacks to come in IoT.

The blame for these glitches gets placed on the software. It’s invisible, complex and almost impossible to entirely protect from disruptions and breaches. In IoT, those complexities are even larger. But, they can be avoided. For any organization developing a product to be used in IoT, understanding the importance of a secure architectural foundation for all software and insisting that developers comply with industry standards must be the first line of defense.

Even the smallest device in IoT may contain hundreds of thousands to millions of lines of code. For example, today’s typical pacemaker contains approximately 100,000 lines of code. Putting it into perspective, the latest Mac OS X has more than 80 million lines of code.

With such large quantities of code, coupled with pressure from the boardroom to deliver products to market, developers have to move quickly. More open source and third-party components are being used; large parts of the development team are often outsourced to get application functionality to where it needs to be. Hence, overseeing and reviewing vulnerabilities in the final product stage is essential, yet too often overlooked in the rush to market.  That’s the challenge in a nutshell: sacrificing quality and dependability for speed must no longer be tolerated as the status quo.

The ‘make do’ attitude coupled with the quick add-ons to existing software configurations can make a tremendous impact on technical debt – potentially exceeding the cost of doing it properly.

On average, it costs $7,600 to fix one security bug found in production, so it is often ignored. However, one breach or shutdown can cost millions to fix AFTER the fact. The cost of a data breach is $7.2 million and the average cost of an application failure is $500K - $1million per hour. This doesn’t include potential secondary and tertiary costs like loss of customers, potential legal ramifications or share price decline.

Diligence begins with testing - more specifically, quantifiable analysis and measurement of an application’s source code. Proper code review and repeat analysis are the keys to creating a secure foundation.  Manufacturers need to communicate this priority to development teams and call for stricter software quality measures. One bad miscommunication between an application, a sensor and a hardware device can cause systemic failure. Any manufacturer that doesn’t have a set of analytics to track their software risk – be it reliability, security or performance – can be argued to be guilty of negligence in its responsibility to customers and even its fiduciary duty to shareholders.

In addition to measurement and analytics, education should to be a priority. One way to improve development standards is by communicating with our peers about the direct link between software quality and security. Developers should be up to speed on the latest set of standards adopted by the Object Management Group. The global initiative proposed by the Consortium for IT Software Quality (CISQ) will help companies quantify and meet specific goals for software quality. The CISQ/OMG measurement standards include security, reliability, performance, and maintainability. This will allow businesses to ‘certify’ the quality of its codebase and IoT networks.

So, in the Internet of Things, the software assurance burden on the software that powers the interaction between a myriad of devices is higher than ever. If the software isn’t continuously monitored and the code evaluated, its ultimate failure is almost certainly guaranteed. Scrutinizing the code for potential vulnerabilities and entry points is a necessity - whether the application is business-based, consumer-focused, enterprise, mobile, or embedded in a remote device like a car. Being proactive versus reactive may actually save lives or, at the very least, keep your inbox free of letters from Nigerian princes.

Author Bio
Lev Lesokhin is Executive Vice President of Strategy for CAST. He is responsible for market development, strategy, thought leadership and product marketing worldwide. He has a passion for making customers successful, building the ecosystem, and advancing the state of the art in business technology. Lev previously held positions at SAP, McKinsey & Company, and at the MITRE Corporation. Lev holds a B.S. in Electrical Engineering from Rensselaer Polytechnic Institute, and an MBA from the MIT Sloan School of Management.




Edited by Ken Briodagh
Get stories like this delivered straight to your inbox. [Free eNews Subscription]


SHARE THIS ARTICLE
Related Articles

Rising Edge Computing Investments to Reach $350B by 2027, According to IDC

By: Alex Passett    3/27/2024

Worldwide spending on edge computing is expected to surge (and then keep going) for the foreseeable future, according to the International Data Corpor…

Read More

ZEDEDA Adds Lisa Edwards as New Board Member, Seeks Opportunities to Strengthen Operations and Scale

By: Alex Passett    3/26/2024

Earlier this morning, ZEDEDA announced the addition of Lisa Edwards to its board of directors.

Read More

An Existing IoT Collab, Emboldened: Digi International and Telit Cinterion Transform Solutions with 5G RedCap Integration

By: Alex Passett    3/25/2024

The ongoing industry collaboration between Digi International and Telit Cinterion signals strong support for the mainstream showcasing of 5G for IoT a…

Read More

Telit Cinterion's 5G LGA Modules, Powered by Snapdragon from Qualcomm, to Create a Big Leap in IoT Connectivity

By: Alex Passett    3/25/2024

Telit Cinterion recently unveiled its FE990B34/40 LGA family of modules, powered by the Snapdragon X72 5G Modem-RF System from Qualcomm Technologies, …

Read More

Embracing Innovation in Mining: The Role of Network-Aware Applications in the Digital Transformation

By: Special Guest    3/21/2024

Shabodi leverages private 5G network capabilities and enables the development of network-aware applications to enhance operational efficiency, automat…

Read More