Needless to say, the
Internet of Things is a growing phenomenon, with more and more devices connected to the Internet each day. While this has brought convenience, it has also introduced new risks, particularly in the area of
security.
“By 2024, we’re going to have more than 22 billion connected devices in the world, according to our projections. And that’s not even including smartphones. We’re talking connected cars, robots, shipping containers, agricultural fields, traffic systems and things we can’t even imagine yet,” writes Ericsson in a recent
blogpost. “It’s a vast opportunity but it also brings vast risk. How do you keep billions of devices secure? How about the networks they run on? How do you make sure the data you get from all those devices isn’t compromised?”
The blogpost offers a three-prong approach that centers on device security, data integrity and ecosystem security.
Device security
According to the post, connecting people and their smartphones is different from connecting IoT devices, which can’t enter a password for access and have extremely limited software-update capabilities.
“How to keep these new devices safe? It requires holistic security thinking spanning new business models, technologies, standards and regulations,” the post said. “It will also require automation and artificial intelligence. After all, no single person can manually manage the volume of devices on an IoT network. Plus, the continuous flow of new devices and network reconfigurations means that the security landscape will shift constantly. The network must be able to adapt itself to new threats.”
Data integrity, confidentiality and privacy
Data generated by connected devices is what makes IoT valuable, as these datasets can be processed and analyzed to provide users with further business intelligence and operational efficiency. However, data is also subject to tampering and manipulation, which can lead to disastrous or even fatal results.
“Take the data sent by heart monitors. Instead of worrying about whether the data is being observed, it's more important to make sure it hasn't been tampered with. In this case, an attack on the integrity of the data could (literally) prove fatal,” the post said.
According to Ericsson, all parties involved must ensure their data has not been manipulated or tampered with while at-rest, in-transit or in-use. “This is a particular challenge with the large volumes of data generated by simple devices that only support limited on-board security technology,” it said. “When data flows across organizational boundaries and nations, it must be protected at all stages; when it is generated, stored, transmitted and used.”
End-to-end ecosystem security
With 5G set to enable more and more IoT use cases with vastly diverse requirements, from ultra-reliable connectivity to long battery life to very low cost, the current ad-hoc and fragmented nature of security does not allow for security at massive scale, the post said.
This is why maintaining IoT security is a collaborative effort requiring input by all stakeholders, including device manufacturers, network providers, platform providers, app developers and end-users, the post argues.
“We need to manage and orchestrate IoT components both horizontally (from device to service and service user) as well as vertically (from hardware to application). This will require a solid underpinning of standardized 3GPP security at the bottom, built-in security and focus on privacy and data protection,” it said, citing its own example.
“Last year we signed a groundbreaking IoT partnership deal with Sprint. We will together build a distributed and virtualized core network dedicated specifically to IoT, in addition to a world-class IoT operating system. This new environment will create an optimal flow of device data, enabling immediate, actionable intelligence at the network edge for end users and enterprises,” the post said.