Does IoT Really Present Security Risks?

The Internet of Things (IoT) refers to the network of physical objects that feature an IP address for internet connectivity.

The potential for these devices to change our day-to-day lives is limited only by our imagination, from home environment systems that will automatically adjust temperature and lighting based on your mood to doors that will unlock when they sense you approaching. IoT will also aide in the automation of sectors such as healthcare, finance, and more.

But this new way of interacting with the world comes with serious security threats. In “Security Challenges in the IP-based Internet of Things,” researchers discuss the technical limitations with standard IT security protocols and how they will be insufficient for IoT devices.

One risk has to do with the resource limitations of IoT devices and the packet switching nature of networks. When information is sent over the Internet, the network breaks this information down into smaller parts, and these multi “byte”-sized chunks are referred to as packets. Each packet contains information that identifies its sender and intended recipient – and is then sent through the fastest route possible to its destination. This improves the network speed because it allows packets to be sent through different routes simultaneously, a process known as Packet Switching, rather than one at a time.

This can become problematic, though, with IoT. Devices are connected to a more constrained network, and must use smaller packets of information to communicate information. Researchers Heer, Keoh, et al explain this threat in their aforementioned study, stating that, “The use of small packets may result in fragmentation of larger packets of security protocols. This may open new attack vectors for state exhaustion DDoS (distributed denial-of-service) attacks, which is especially tragic.”

The list of security risks doesn’t stop there. The study goes on to describe security issues through different phases in the lifecycle of an IoT “thing,” including bootstrapping and operational phases. Each comes with its own set of requirements and protocols.

With so many obstacles to overcome, it’s no surprise that highly certified and experienced professionals will be needed to develop, implement, troubleshoot, and monitor the emerging IoT network, and ensure that important data is sufficiently protected. In fact, Cisco reports that there are about 1 million cybersecurity positions worldwide that are unfilled.

The future is here. Are you ready?