Securing IoT

Last week's malware attack sent a sobering chill through the security industry, as it illuminated the cybersecurity vulnerabilities of IoT products, showing how easy it is to hack into unsecured IP devices.

The hackers, who were able to affect sites including Twitter, Spotify and CNN, launched a distributed denial-of-service (DDoS) attack using tens of millions of malware-infected devices connected to the Internet to overwhelm Dyn, a provider of Domain Name System services.

Although the attack amounted to a temporary inconvenience for millions, it underscored the need for cybersecurity standards for the IoT world.

Toward that end, the Cloud Security Alliance (CSA) released this month a new guidance report titled “Future-proofing the Connected World: 13 Steps to Developing Secure IoT Products,” which was created to help designers and developers of IoT-related products and services understand the basic security measures that must be incorporated throughout the development process.

With the release of this report, the CSA looks to provide much needed education and direction to product developers who know their products are at risk of compromise, but may lack the understanding as to where to start the process for mitigating that risk.

“It is often heard in our industry that securing IoT products and systems is an insurmountable effort,” Brian Russell, chair IoT Working Group and chief engineer, cyber security solutions with Leidos, said in the announcement. “However, with the help of our extremely knowledgeable and dedicated volunteers, we are providing a strong starting point for organizations that have begun transforming their existing products into IoT-enabled devices, as well as newly emerging IoT startups. We hope to empower developers and organizations with the ability to create a security strategy that will help mitigate the most pressing threats to both consumer and business IoT products.”

Specifically, the report lays out 13 considerations and guidance for designing and developing reasonably secure IoT devices, to mitigate some of the more common issues that can be found with IoT device development. Additionally, realizing that often times there is a need to quickly identify the critical security items in a product development lifecycle, researchers also outline the top five security considerations that when applied will begin to increase an IoT product's security posture substantially.

The CSA IoT Working Group is focusing on understanding the relevant use cases for IoT deployments and defining actionable guidance for security practitioners to secure their implementations. The group is led by Russell, with initiative leads Priya Kuber and Dr. Shyam Sundaram. Nearly 30 CSA IoT working group members contributed to development of the 80-plus page guidance report.

The full report is available at https://cloudsecurityalliance.org/download/future-....