Securing a World and a Home Connected by loT Technology
The Internet of Things is here to stay: TalaTek offers eight best cybersecurity practices for keeping IoT devices properly secured
Consumers love their “smart” devices: security cameras, TVs, speakers and appliances. There are more than 26 billion devices connected to the internet today, and that number is expected to climb to more than 75 billion by 2025. And what’s not to love? These devices—commonly referred to as the Internet of Things—offer people convenience, efficiency, money savings, security, and personalization.
“Smart cities” are also using IoT technologies to innovate everyday operations, such as tracking air quality, monitoring and controlling traffic patterns, directing water supply networks and even preventing crime.
This popular technology also offers “smart” cybercriminals hackable entries into homes and city infrastructures alike. However, there are steps users can take to protect their IoT networks.
First, a couple of definitions.
Actually, experts do not agree on a common definition of IoT, but in general, the Internet of Things refers to devices with processing power that are interconnected to one another and/or the internet so that they can send and receive data.
Smart devices are basically IoT devices and have three main features: They can pick up information from their surroundings and adapt their actions accordingly; they are autonomous, so they do not require direct user commands; and they have network connectivity for data exchange.
Experts suggest it’s important to categorize IoT into industrial IoT and consumer IoT because of the difference in related privacy and safety concerns—the consequences of a hacked smart home network and a hacked smart city network are vastly different. But despite the differences in scale, the vulnerabilities and steps to secure the systems are similar.
Take passwords, for example, security experts found vulnerabilities in smart city systems implemented around the world designed to monitor water levels, traffic controls and flood warnings that were accessible to hackers because administrators used the default passwords that came with the devices. Or secure internet connections: The systems also used the open internet instead of an internal city network to connect sensors or relay data to the cloud.
Although no established uniform guidelines for IoT devices currently exist, this is changing.
Recognizing that many IoT device makers of appliances and other household items have little experience protecting and securing consumer data, the National Institute of Standards and Technology (NIST) is working on recommending steps manufacturers can take to provide IoT cybersecurity for their customers. NIST is also coordinating with both domestic and global stakeholders to develop IoT device security-related capabilities.
TalaTek believes people, cities and organizations should consider the following steps for securing their IoT and smart devices:
- Track and manage the devices.
- Perform regular testing and evaluation.
- Use identity-level controls.
- Change the default passwords set by the device manufacturer.
- Secure WiFi networks with strong passwords that vary.
- Monitor your network for vulnerabilities.
- Isolate smart home devices on a separate WiFi network from your work and smartphone devices by using different routers or creating virtual networks (VLANS).
- Regularly update all software, hardware and operating systems.
1 See NISTIR 8259A, Iot Device Cybersecurity Capability Core Baseline, published concurrently with NISTIR 8259, Foundational Cybersecurity Activities for IoT Device Manufacturers. See also https://www.nist.gov/programs-projects/nist-cybersecurity-iot-program