IoT security home architecture and policy whitepaper
A new whitepaper that outlines the benefits that accrue by taking a hub-based approach to connecting IoT devices and systems in the home has been released by The IoT Security Foundation (IoTSF). ‘IoT Security Architecture and Policy for the Home – a Hub Based Approach’ puts the onus on OEMs and router manufacturers to ensure security and interoperability worries are allayed for consumers when connecting to their home WiFi.
Gartner predicts that by 2020 the number of connected devices will grow to 20.6 billion but how many of these will be unsecured devices? Interestingly, 88% of respondents of a recent survey in the US say data protection is a key concern feeling negatively about companies using their personal data to optimise delivery service times to ensure the consumer was at home. In the same survey 72% respondents, who already own a smart security system, worry that home security companies would invade their privacy - 23% of which will go as far as deactivating their system while entertaining guests.
“In the home environment, security needs to be managed with minimal consumer intervention and without the consumer having any specialist knowledge of security of IoT devices,” said Richard Marshall, Plenary Chair IoTSF. “At the same time, the diverse use of proprietary interfaces and protocols is proving a challenge for the ‘plug-and-play’ consumer who enjoys products and systems that work together seamlessly. The hub-base architecture, using plug-and-play hub devices to keep baseline security, supports this minimum expectation of security and trust in home IoT environments.”
John Moor, Managing Director IoTSF, added: “Security is not static, it requires a series of on-going process that need to be managed over the combined life-cycles of the combined system elements – this includes services, devices and networks. The hub-based architecture supports a layered approach to the security challenge and provides management controls over the lifecycle of the home IoT deployment. As a result, it may also support a number of specific compliance requirements or best practice standards for organisations providing home IoT products and services.”
From printers, cameras and home gateways to baby monitors, these home IoT Devices are being compromised in numerous ways. The hub-based architecture can help mitigate risk associated with cyber security and data protection rules, such as the recent European General Data Protection Regulation (GDPR) or support adoptions of the US Cybersecurity Information Sharing Act (CISA).
Moor concluded: “While perfect, Fort Knox style home security is an unreasonable expectation, this architecture is considered to be a good approach to achieving common security goals of confidentiality, integrity and availability, making homes more resistant to cyber threats.”