Get ready to thrive with IoT by conducting a baseline security assessment of your systems and assets
May 11, 2015
The Internet of Things (IoT) promises different value based on your industry and role within your organization. For you, it may be bringing your building’s existing climate control system online to conserve energy and save money. For someone else, it may be embedding a new networked medical device that improves health and increases quality of life. The IoT is made up of the convergence of two worlds—cyber-enabled legacy systems and connecting newly emerging smart devices. But along with the multitude of benefits, this IoT convergence creates attractive new targets for malicious threats.
Bringing Legacy Systems Online
In the past, standalone systems happily cranked along doing their programmed tasks. For example, spinning electric meters measured power usage, and railroad sensors monitored trains on the tracks. Over time, companies have started bringing these systems online to enable remote accessibility and advanced monitoring and control. Now, companies are beginning to integrate these systems with other IT infrastructure to create efficiencies and derive greater value—creating a “systems of systems” with an ever-expanding cyber attack surface. Are your cyber-enabled systems protected? Are they creating a bridge between vulnerable points of entry and critical assets?
Launching New IoT Solutions
On the other side, newly emerging smart devices are blurring the lines between our physical and virtual worlds. Automakers are building connected cars that enable drivers to stream music, get weather alerts and even find parking spots. The FAA approved the use of drones for oil and gas inspections. Are you integrating these devices into your enterprise systems? Have you built in adequate security to protect your networks?
Many organizations may be unaware of the security risks created by cyber-enabling legacy systems or integrating edge technologies. As an organization, it is important to understand the interconnections of IoT systems, whether legacy or emerging. Follow these steps to start addressing IoT security now:
- Assess your current systems and network architecture. Perform a baseline assessment on your systems, networks and assets so you know which systems are connected and where data is stored and transmitted.
- Identify your current vulnerabilities. Determine points of access, backdoor entry points and possible attack surfaces.
- Create a mitigation plan to protect your current enterprise assets and data. The mitigation plan may include standards for brining systems online, system patching or system reconfiguration.
- Develop an integration plan for IoT solutions. Don’t stop with your current systems and networks. You will need to plan for new smart devices entering the enterprise as well as legacy systems that may become cyber-enabled.
- Wash, rinse and repeat. Once you have conducted a thorough assessment of your assets and developed a proactive IoT security strategy, follow the Information Security Governance Framework(Plan, Do, Check, Act) to implement, monitor and manage your IoT solutions.
Following a clear integration plan to incorporate legacy and new smart devices into your enterprise will help you better secure the converging IoT worlds.
ABOUT THE AUTHOR
Dr. Angela Orebaugh (@AngelaOrebaugh) is a cyber technology and security expert and fellow at Booz Allen Hamilton. Find out more about emerging trends connected to IoT, including changes in cyber risk, detention and incident response in an April 2015 report, IoT Creates Entirely New Set of Risks and Organizations Embrace Active Defense.
