Imagine millions and billions of Internet of Things (IoT) sensors and devices repeatedly polling the network in periods of a few seconds, instead of an hour or two. It would only take a simple change in their firmware, but it would create a signaling storm that could collapse the network and give a whole new meaning to denial of service.
Although IoT holds great promise, it also poses significant risks. Nokia’s Bell Labs Consulting conservatively estimates that by 2020 there will be 20 billion sensors and M2M devices connected to the network. IoT is ushering in a technological revolution that will profoundly change human society by automating almost all aspects of our lives.
However, it is IoT’s ubiquity that demands that we take the security of these devices very seriously. Recent alerts from the security community have included concern over hackable baby monitors, connected cars (Jeep), wearables and health-related devices. These early examples illustrate how personal IoT security threats can be.
Let’s take a deeper look at the connected cars – essentially smartphones on wheels. The Jeep Cherokee hack prompted the automaker to issue a safety recall for 1.4 millions cars and truck in U.S. to install a security patch. “Unfortunately, the patch must be manually implemented via a USB stick or by a dealership mechanic. That means many—if not most—of the vulnerable Jeeps will likely stay vulnerable.” It also means the operational expense in the aftermath of the wireless car jacking and hacking is going to be unpredictably high as more and more connected cars will be vulnerable.
Furthermore, the Nokia malware report shows smartphones now account for 60 percent of infections in the mobile network. Going forward, what is going to happen with billions of network-connected IoT devices and sensors at risk of being hacked and infected? Is the “safety recall” to manually apply security patches using USB sticks at the factories, dealerships, and brick-n-motor stores the best we can do?
Issues like these have elevated security leaders to the executive table in many companies. The CSO has an increasingly important role to play in protecting not only the intellectual property of the firm, but also the sanctity of the customer relationship and the trust in the brand. This is especially true for mobile network operators, who will be responsible for carrying much of the IoT traffic related to shipping, transportation and remote environmental sensing.
The good news is that the answer to IoT device security isn’t all that different from what is now used for home and mobile devices. Device security starts with good device management and especially a full device-lifecycle connected device platform (CDP), such as the Nokia Motive® CDP.
Motive CDP, for instance, can automatically recognize over 80,000 device models and detect and configure over 15,000 modern device models including mobiles, smart home devices, connected cars, and many more IoT devices and sensors. For secure onboarding of devices, it supports strong authentication methods such as certificate-based credentials, SIM-based credentials and a securely generated password. If a device is compromised, the CDP can remotely lock or wipe the device and/or apply security fixes to neutralize the threat. Automatic device configuration also allows forimportant on-device parameters such as server addresses, timing of automatic updates and communication and security parameters to be reconfigured.
The Motive CDP is also part of the Nokia Intelligent Management Platform for All Connected Things (IMPACT). IMPACT is a horizontal IoT platform that provides service providers, enterprises and governments with data collection, event processing, device management, data contextualization, data analytics, end-to-end security and applications enablement, for any device, any protocol and across any application.
Take a lesson from the Jeep Cherokee hack. Don’t repeat the same lessons for your IoT products. Sending hundreds, thousands, or even millions of IoT devices for an on-site recall or into a repair shop is costly. Nor is it practical for both businesses and end users, when configurations and patches can be managed or applied simply over the air.
Download our new white paper: “A buyer and influencer’s guide to connected device management”
 See Viswanathan, H. and Mullany, F., “The Future of the Internet of Things,” in Weldon, M., et al, The Future X Network: a Bell Labs Perspective, Boca Raton, CRC Press, 2016, pp 355–386.
 Dickson, B., “Why IoT security is so critical” TechCrunch, Oct 24, 2015 (https://techcrunch.com/2015/10/24/why-iot-security-is-so-critical).
Share your thoughts on this topic by replying below – or join the Twitter discussion with @nokianetworks or @nokia using #IoT #telcosecurity #CEM