IoT/IIoT Security Moves to the Fore


By: Mary Jander

The Internet of Things (IoT) and the Industrial IoT (IIoT) will be among the top beneficiaries of the emerging mobile edge cloud. But the interconnected nature of IoT networks, and their growing reliance on cloud connectivity, has made these environments a protection priority.

This is expected. As Futuriom wrote in 2018, security has been a big barrier to the adoption of IoT. It’s an IT rule that as any technology expands, so do its attack vectors. Already estimated at roughly 10 billion, the number of IoT sensors or software embedded in industrial equipment, smart-city applications, retail items, utilities endpoints, and other gear is anticipated to reach 21.5 billion by 2025. And as 5G networking emerges, it’s expected to catapult the trend exponentially.

How to shield IoT and IIoT devices and networks from malware, distributed denial of service (DDoS) attacks, ransomware, and bots geared specifically to these applications is an ongoing effort, undertaken via a range of projects.

U.S. Government Scrutinizes IoT/IIoT

One project has been the IoT Cybersecurity Act of 2020, an item of legislation passed in early October by the U.S. House of Representatives that outlines security procedures to be followed by IoT vendors to government agencies.

The bill has yet to get approved by the Senate or the White House, but some observers have praised it just for acknowledging the problem. Still, it’s fairly general, calling mainly for device makers to stay current with standards to be set by the government for IoT security and to publicly report any vulnerabilities and remediations.

Still, it’s a start. “For the future of securing connected devices, multiple stakeholders throughout the supply chain need to be held accountable for better visibility and security,” stated Brad Ree, CTO of the industry group ioXT Alliance, in an article for Help Net Security last month.

Ree also noted that the legislation to protect government IoT devices should bleed into consumer IoT. “It’s not practical for a manufacturer to follow two separate guidelines for both categories of products, so those standards in place for government contracted devices will likely be applied to all devices,” he wrote.

A Rising Market in IoT/IIoT Security

Ree and others hope the attention the government gives to IoT/IIoT security will foster more industry activity in support of the issue. But many vendors are already on the case, touting specific solutions. These include larger suppliers such as Cisco (CSCO), Fortinet (FTNT), Hewlett Packard Enterprise (HPE), IBM (IBM), and Nokia (NOK), as well as cybersecurity players like Palo Alto Networks (PANW).

Startups have lined up too, including Allot and CUJO AI, whose edge and device stack is integrated with Amazon Web Services, Google Cloud Platform, and Microsoft Azure. CUJO AI also has formed an alliance with Aviatrix to bring its endpoint security tech to another level. Infiot recently launched an integrated secure IoT endpoint device and cloud-security service geared for the IoT edge.

Channel partners and integrators are also busy in this area, offering services aimed specifically at IoT/IIoT security. Included are Accenture (ACN); T-Systems, a subsidiary of Deutsche Telekom; and Rapid7. And the European Union Agency for Cybersecurity offers a certification of chips for smart passports, bank cards, and other forms of chip-based identification.

All this is a simplified glimpse at an emerging but vital market. As endpoints multiply with the penetration of 5G and edge computing, expect it to get much bigger.