Book Image

Practical Internet of Things Security - Second Edition

By : Brian Russell, Drew Van Duren
Book Image

Practical Internet of Things Security - Second Edition

By: Brian Russell, Drew Van Duren

Overview of this book

With the advent of the Internet of Things (IoT), businesses have to defend against new types of threat. The business ecosystem now includes the cloud computing infrastructure, mobile and fixed endpoints that open up new attack surfaces. It therefore becomes critical to ensure that cybersecurity threats are contained to a minimum when implementing new IoT services and solutions. This book shows you how to implement cybersecurity solutions, IoT design best practices, and risk mitigation methodologies to address device and infrastructure threats to IoT solutions. In this second edition, you will go through some typical and unique vulnerabilities seen within various layers of the IoT technology stack and also learn new ways in which IT and physical threats interact. You will then explore the different engineering approaches a developer/manufacturer might take to securely design and deploy IoT devices. Furthermore, you will securely develop your own custom additions for an enterprise IoT implementation. You will also be provided with actionable guidance through setting up a cryptographic infrastructure for your IoT implementations. You will then be guided on the selection and configuration of Identity and Access Management solutions for an IoT implementation. In conclusion, you will explore cloud security architectures and security best practices for operating and managing cross-organizational, multi-domain IoT deployments.
Table of Contents (19 chapters)
Title Page
Copyright and Credits
Dedication
About Packt
Contributors
Preface
Index

Cybersecurity versus IoT security


IoT security is not traditional cybersecurity, but a fusion of cybersecurity with other engineering disciplines. It addresses much more than mere data, servers, network infrastructure, and information security. Rather, it includes the direct or distributed monitoring and/or control of the state of physical systems connected over the internet. Cybersecurity, if you like that term at all, frequently does not address the physical and security aspects of the hardware device or the physical world interactions it can have. Digital control of physical processes over networks makes the IoT unique in that the security equation is limited not only to the basic information assurance principles of confidentiality, integrity, non-repudiation, and so on, but also to the physical resources and machines that originate and receive that information in the real world. In other words, the IoT has very real analog and physical elements. IoT devices are physical things, many of which are safety-related. Therefore, if such devices are compromised, it may lead to physical harm of persons and property, even death.

The subject of IoT security, then, is not the application of a single, static set of meta-security rules as they apply to networked devices and hosts. It requires a unique application for each system and system-of-systems in which IoT devices participate. Anything physical today can be connected to the internet with the appropriate electronic interfaces. The security of the IoT device is then a function of the device's use, the physical process or state impacted by or controlled by the device, and the sensitivity of the systems to which the device connects.

Cyber-physical and many IoT systems frequently invoke an intersection of safety and security engineering, two disciplines that have developed on very different evolutionary paths but which possess partially overlapping goals. We will delve more into safety aspects of IoT security engineering later in this book, but for now we point out an elegantly expressed distinction between safety and security provided by the noted academic Dr. Barry Boehm, Axelrod, W. C., Engineering Safe and Secure Software Systems, p.61, Massachusetts, Artech House, 2013. He poignantly but beautifully expressed the relationship as follows:

  • Safety: The system must not harm the world
  • Security: The world must not harm the system

Hence, it is clear that the IoT and IoT security are much more complex than traditional networks, hosts, and cybersecurity. Safety-conscious industries such as aerospace have evolved highly effective safety engineering approaches and standards because aircraft can harm the world and the people in it. The aircraft industry today, like the automotive industry, is now playing catch-up with regard to security because of the accelerating growth of network connectivity to their vehicles.