Internet of things phenomenon has brought countless new connecting devices to mobile networks and the trend will most likely continue in the future. The fact that IoT devices are often designed to have low computational capacity to achieve as small power consumption as possible, combined with poor design choices in many of the early IoT devices, has lead to IoT having a bad reputation on the security front.
In this post we will explore what is the current state of IoT security and how mobile network operators can help IoT devices to achieve security while maintaining desirable power consumption.
Hacked Inexpensive Devices Already Out There
“The ‘S’ in IoT stands for ‘Security’” is a well known catchphrase that demonstrates the state of IoT security in the eyes of public whether it is your IoT heating being toyed with or wast amounts of old IP cameras used as a botnet. Attacks can also be way more sophisticated in nature. What if, instead of using hacked IoT devices for a DDoS attack which is relatively easy to identify, the hacker instructs the device to mail home sensitive data every now and then. There probably already exists devices hacked in this manner in our homes and built environments but we just haven’t noticed them yet.
One of the challenges faced in IoT security comes from the requirement for individual IoT device to be inexpensive. If you are about to put a chip into every traffic light and restaurant seat, those few extra cents per unit for “unnecessary” processing power start to stack up quickly. Outsourcing some of the the security aspects to a centralized service makes a lot of sense.
Big Business, Small Security
In their 2017 report IoT Analytics estimates that IoT security market will grow to be $4.4 billion business in year 2022 with a compound annual growth rate of 44% for years between 2017 and 2022. This figure contains for example hardware manufacturers, infrastructure providers and cloud software companies.
Speaking of infrastructure providers, in their 2018 study, Rocco found out that while all mobile network operators recognized that they have to protect the connectivity of IoT ecosystem only a one fifth of mobile network operators have really taken steps and invested in IoT security. These steps include activities such as having a dedicated R&D for IoT security and advanced network monitoring that allow them to react quickly when problems arise.
Anomaly Detection to Guard IoT Customers
GSMA suggests in their 2016 publication called “IoT Security Guidelines for Network Operators” that network operators should provide analytics based security services for their IoT customers. While regular network monitoring is enough to identify source of DDoS attacks, a deep packet inspection service can help to detect a leakage of sensitive data like mentioned earlier in this post. GSMA suggests that network operators could inspect packets for patterns like social security numbers and GPS coordinates and alert the IoT service provider that those might be inadequately secured.
GSMA also provides few bullet points for vital services including some of which can be achieved with CAP’s anomaly detecting AI. Provided bullet points are as follows:
- Use anomaly detection and machine learning to spot problems.
- Build intrusion protection systems into real-time Endpoint device diagnostics.
- Provide dashboard for visualizing and easily identifying anomalies.
- Provide automated means for flagging and blocking suspicious connections.
- Provide threat analysis of cloud based services.
For further information from CAP