Securing the IoT: a real challenge

As a consequence of this growing issue, the IoT security market, which represented more than $700 million in 2017, is expected to reach $4.4 billion in 2022, which comes to 40% growth per year according to IoT Analytics. Like the IoT itself, the IoT security market is fragmented. More than 150 companies are already positioned in this sector.

The immense challenges of IoT security

In fact, the challenges of IoT security are far from being resolved. Service providers can guarantee security for Internet connections, notably with SIM cards for cellular technologies or device identification for LoRa. However, it is difficult to have control over the many objects themselves given the wide variety of companies producing connected objects.

End-to-end security would require solving four parts of a complex equation. First, with cheap devices like the Admiral Ivory (tracking via Sigfox, announced price of €0.20), the cost of securing a device must be marginal.

Secondly, the device interacts sparingly with the network and communicates sporadically so that its battery can last several years. As such, it is not feasible to draw out the signal too long or to add messages for security reasons as this would use too much of the battery.

Thirdly, security has to be designed for the long term because certain sensors will be in use for several years. Cybersecurity protection updates can only be made by downloading new software; the hardware cannot be modified. As such, any new-found security flaw must be fixed with software updates while saving the battery. Lastly, the fourth aspect to take into account is that, as sensors are located all over the place, they may be physically accessible to hackers. For this reason, it is essential to protect sensors from any people with malicious intent who could directly modify or steal data.

As a consequence of how complicated this security is to implement, 59% of companies say that they are prepared to accept a greater level of risk with the IoT, according to a study conducted by Forrester Consulting (October 2017).

Developing collaboration

The top issue for IoT security is to establish security standards and get all stakeholders to agree to apply them. Under the aegis of the European Commission, the Alliance of Internet of Things Innovation (AIOTI) was created.

The goal of this alliance is to strengthen ties between the various industries and stakeholders involved in the Internet of things. AIOTI is also intended to promote interoperability and the convergence of standards that apply to the IoT, as well as consider security issues. Another body collaborating on the IoT is the IoT Security Foundation. The mission of this foundation is to help secure the Internet of things by promoting knowledge and best practices among experts, researchers, and manufacturers in regards to security for stakeholders designing, manufacturing, and using IoT products and systems.

Lastly, service providers are also working within the GSMA on several areas chosen for increased collaboration. This includes identification, access management, SIM cards “as a root of trust”, certification, risk reduction, and more.

Service providers, like Orange Business, have an opportunity to provide end-to-end security with more control over identity and access points while managing data security and privacy in accordance with régulations.
Its specialist security division, Orange Cyberdefense, has a key focus on IoT. Orange recognizes that the challenge isn’t just about securing IoT objects and data, it is also about changing the mindset of the people that security touches, from product inception to deployment and beyond. That’s why an important part of the company’s work is educational – providing training in security by design and putting specialists out in the field at the early stages of product development.