The global network of connected devices, the Internet of Things (IoT), is everywhere. As technology evolves, so does the number of devices connected to the cloud. The FOW community predicts that there will be between 26 and 212 billion Internet-connected devices by 2020. From car navigation to your new refrigerator, retail outlets, and climate control for your building, these integrated systems, while sophisticated , are frequently attacked by hackers. , to harm you, steal your data, use your devices as a gateway to your network, or other misdeeds. As technologies evolve, so do the methods for breaching these embedded systems.

The ability to transfer data over a cloud-based network has changed the way we do business. While IoT may be scalable and flexible, using the cloud to share data is becoming more risky as hackers look for opportunities to wreak havoc. The increasing vulnerabilities of data transmission through cloud-based infrastructures are causing great concern to designers, programmers, and security experts as they struggle to keep these interconnected systems secure.

Threat Modeling: First Step in Breach Prevention

You’ve probably come across a fictional FBI agent who is challenged to “think like” the serial killer they are tracking. The same applies to IT infrastructure and security experts. To discover where the next data vulnerability could occur, you need to think like your adversary, conduct threat modeling exercises where you try to imagine and simulate how an outside opportunist could exploit your devices. Consider these common hacker targets:

  • take control – Chrysler had to plug a security hole that hackers could use to take control of its vehicles, while they were on the move.

  • Destroy the device or its data. – Whether data or property, this is a serious infringement.

  • Denial of Service (DOS) – Floods your system, creating a bottleneck of functionality.

  • Falsify or steal data – An important function of IoT devices is to capture data from smart sensors; Adversaries may want that data, or they may want to falsify sensor reports to cover up other things they are doing.

  • indirect attack – Hackers take advantage of one type of device to infiltrate another part of your network.

All of these are typical threats to consider when planning strategies to improve network security.

Increase and development of security for integrated networks

The concept of networked things is a relatively new idea, but many of the things themselves have been around for a while and may be based on outdated embedded operating software. Just adding connectivity to those things without making them more robust and secure is a problem. Allowing engineers the resources they need to develop secure code will add security to your new product. To learn more about the tools and techniques that help in that process, we recommend starting with the Department of Homeland Security’s Build Security In website. You’ll learn how developers can use tools to identify vulnerabilities as code is being written, instead of fixing problems after the fact.

Security testing protocols that you should apply to the IoT include:

  • Application Defense — The best defense is also a great offense; make sure you have security protocols in place at all steps of the development phase, including the use of third-party embed code.

  • Device Defense — The basics include password protection, protocols, and patches. When practical, including two-factor authorization for the end user is a very strong defense.

  • Dynamic Application Security Testing (DAST) — DAST tests for weaknesses when the application is live, attempting a “hack friendly” through automation during development.

  • Network Defense — Monitor external threats through Intrusion Detection System (IDS) software.

  • Shared Threat Intelligence — Sharing threats as they emerge through the Information Technology Information Sharing and Analysis Center (IT-ISAC) helps IT professionals stay informed.

  • User problems — Educating end users on their cyber security responsibilities is crucial to the success of your network.

Designing for IoT is a new frontier for the typical application developer. Preventing malicious attacks on the network is one of our biggest challenges. Following these protocols will create a culture of security from design to implementation and significantly reduce risk.