What you’ll learn:
- Cybercriminals can degrade the efficiency of an IoT-connected automated factory.
- IoT network security solutions rely on effective data and network management.
- Security-enhancement tools can remove blind spots that leave networks and IoT devices vulnerable to attack.
Sensors with Internet of Things (IoT) technology deliver an extended view of the world. They provide instant status updates for many electronic systems, from battery charge levels to operating temperature. With Internet connectivity, IoT sensors reach well beyond any one environment and provide almost unlimited information on an application of interest.
However, when transferring so much information, they must do it securely. Equipping IoT devices with suitable cybersecurity is as essential as the information collected by those devices. As more devices come online, connected to the Internet, the IoT attack surface grows larger and more vulnerable to cyberthreats.
IoT devices are commonly used in “smart” homes and offices as part of automated environments, such as for turning lights on and off and setting temperatures. They're increasingly being employed in offices and vehicles as electronic door locks, to enable access by means of codes transmitted on a mobile telephone.
These devices have been widely accepted in manufacturing and production settings, as industrial Internet of Things (IIoT) devices, helping to automate factories and boost product manufacturing speeds and repeatability. When IoT devices are used to control physical equipment, such as production or inspection equipment on a factory floor, they're referred to as operational technology (OT) devices.
Because IoT devices share information by means of the internet and communicate via wireless standards, such as Wi-Fi, they can be accessed by non-users. They're typically designed to convert real-world situations into analog and digital signals for analysis, but without blocking those signals from access by non-users. Cybercriminals hoping to benefit from an IoT device’s collected data can readily access the data, often without countermeasures or even detection from the IoT device.
Interconnected IoT devices have become part of many automated electronic systems. Thus, a cybercriminal can not only steal information from many IoT devices, but they're also able to degrade the efficiency of an IoT-connected automated factory.
IoT attacks can occur in many ways, including as a denial-of-service (DoS) attack. In severe cases, such as for IoT devices in healthcare or warfare applications, cybercriminal interference could be fatal. IoT security depends on the development of effective security systems capable of providing such functions as IoT device authentication and encryption to ensure the safety and security of data within IoT-powered systems.
U.S. DoD Proactive in Establishing Cybersecurity
The U.S. Department of Defense (DoD) is aware of the value of cybersecurity for IoT devices, throughout their application and market areas. In early 2023, it published its Cyber Workforce Strategy with their intended goals, plus released plans for implanting that strategy later that year as its “Cyber Workforce Strategy Implementation Plan.”
>>Check out this TechXchange for similar articles and videos
One of those goals was to reduce the “time to hire” for civilian cybersecurity workers to about 73 days. The average time to hire civilians working in cybersecurity for the DoD had been about 79 days. By adding staff more quickly, vacancies in the DoD cyber workforce have been significantly reduced. In 2024, the DoD established its Cyber Academic Engagement Office to help coordinate cyber-related activities between the DoD and academia.
The DoD’s cybersecurity maturity model certification (CMMC) program works with private sector companies seeking to comply with cybersecurity requirements before they can bid on defense contracts. Private companies must demonstrate the security of their computer networks, including connected IoT devices. Also, cybersecurity practices provide adequate defense against cyberthreats as well as adversaries trying to gain information about government contracts and weapons systems design and development.
The latest CMMC rule simplifies the process of the DoD working with industry on cybersecurity, reducing assessment levels for approval from five to three by eliminating two transition levels. For cybersecurity with the DoD, private companies must comply with cybersecurity requirements established by the Federal Acquisition Regulation (FAR) office and the National Institute of Standards and Technology (NIST). When evaluating the cybersecurity of IoT devices, NIST tries to maintain a technology-agnostic approach whenever possible.
IoT Device Cybersecurity Leans on Security Devices and Authentication
While IoT devices aren't typically equipped with cybersecurity by their manufacturers, the addition of security devices to IoT-equipped networks can provide data protection from cybercriminals.
IoT network security solutions rely on effective data and network management, such as end-to-end encryption of transmitted and stored data, secure communications within the network, segmenting and partitioning a network according to the placement and data processing of IoT devices, and proper device authentication approaches on an IoT-equipped network. Network monitoring with the aid of intrusion detection systems (IDS) can help identify cyberattacks and shift data-protection resources as needed for protection against those attackers.
IoT-equipped networks can be made less vulnerable to attacks from cybercriminals by adding special protective devices such as security enhancement tools from CrowdStrike. As with the firm’s Falcon for IT platform, with more than 10 different security and AI-driven information-technology (IT) tools integrated into a single platform, Falcon Discover for IoT was developed to add security to a company’s networking capabilities by enhancing the visibility of IoT devices on the networks.
The platform eliminates blind spots that can leave a network and its IoT devices vulnerable to cyberattacks. It helps secure a company’s industrial control system (ICS) and the assets contained within its IT and OT functions.
In contrast, the ReliaGATE 15A-14 from Eurotech is a cybersecurity-certified modular gateway that increases the security of IoT devices for a wide range of applications. It's designed to simplify the compliance of various kinds of IoT devices with regional and carrier certifications and help speed the installation of IoT projects.
The gateway was developed to speed and simplify IoT projects due to its pre-certification to key IoT requirements, such as ISA/IEC 62443-4-2, and help IoT users meet current security regulations for IoT devices, including those detailed in the U.S. IoT Cybersecurity Improvement Act, the European Union (EU) NIS2, and the Cyber Resilience Act. The gateway (see figure) provides a straightforward programming environment and help create secure interconnections of IoT-driven networks with services and functions on “the cloud.”
Next-Generation Firewalls Reduce Cyberthreats
The FortiGate 7000F series of next-generation firewalls (NGFWs) from Fortinet helps organizations build secure networks. IoT devices can use NGFWs such as the FG-7081F firewall with processing speeds to 405 Gb/s and the FG-712F firewall with processing rates to 675 Gb/s. The company’s firewalls automatically control, verify, and facilitate user access to network applications, so that cyberthreats are reduced by providing access only to validated users.
For system designers seeking to strengthen IoT security, the SensorTile.box PRO from STMicroelectronics is a wireless development kit that enhances IoT cybersecurity by using remote sensor data combined with local processing. It employs the firm’s model STM32U5 microcontroller connected to the BlueNRG 5.2 Bluetooth wireless network coprocessor system-on-chip (SoC) device with a full set of motion and environmental sensors.
Growing numbers of IoT devices will result in massive amounts of data that must be channeled and stored. Because security can't be practically implemented in every IoT device, demand will continue to grow for firewalls and other security devices that make IoT devices realistic solutions for connection and communication via the internet.