IoT devices, capable of connecting to the internet, sensing, and interacting with the physical world, are evolving to become smaller, more complex, and inevitably, more challenging to secure.
Organizations must acknowledge and address the cybersecurity risks inherent in their IoT products. This highlights the critical need for integrating robust cybersecurity features into these devices. These features, engineered into the hardware and software of IoT devices, safeguard the device and its data against potential cybersecurity threats.
IoT products are designed and tailored with a deep understanding of customers’ cybersecurity risks, expectations, desired features, and likely actions supporting their cybersecurity. This customer-centric design caters to the unique needs and circumstances of the deploying organization and simplifies the user experience.
Responsible IoT manufacturers aim to minimize customer actions, streamline the user experience, and build higher user trust and confidence.
As developers specializing in IoT, we prioritize in-depth discussions with our clients on the importance of robust cybersecurity in IoT development. We delve into the various features and capabilities to consider when developing secure IoT products.
IoT Cybersecurity Capabilities
IoT security capabilities embedded within a device’s software and hardware are essential to protect the device, its data, the systems it interacts with, and the broader ecosystems within which they operate.
IoT cybersecurity capabilities are the overall abilities to perform certain security functionality. These functions can include, but are not limited to, data encryption, user authentication, intrusion detection, system integrity checks, and more.
The National Institute of Standards and Technology (NIST), in their report NISTIR 8425, recommends specific criteria for IoT products and components. Based on these recommendations, your organization may create cybersecurity and privacy capabilities for IoT devices. The following section outlines these recommendations.
1. Device Identification
Device Identification in IoT cybersecurity refers to a mechanism that assigns a context-unique value to a device. This unique value, termed the device identifier, is distinct within a specific context and is used to logically and physically differentiate the device.
This identifier aids in various aspects of cybersecurity, like asset and access management, data protection, incident detection, and device management. It also plays a crucial role during device deployment, decommissioning, or malfunction, allowing the device to be recognized and handled appropriately.
Device Identification is crucial for IoT device cybersecurity for several reasons:
- Asset Management: Having a unique identifier for each device helps organizations keep track of all their devices, locations, and statuses. This is crucial for managing vulnerabilities, as it allows organizations to know which devices may be affected by a specific vulnerability and to apply necessary updates or patches.
- Access Management and Data Protection: Unique identifiers can help manage device and data access. Only authorized entities that can correctly identify the device should be able to access it or its data, helping to prevent unauthorized access and data breaches.
- Incident Detection: If an incident occurs, such as a cyber-attack, having a unique identifier for each device can help trace back the source or target of the attack, facilitating a faster and more effective response.
- Device Management and Monitoring: The unique logical identifier is typically used in automated systems to distinguish one device from all others. This helps monitor device behavior and performance and in managing the device remotely.
- Device Deployment, Decommissioning, and Failure: The unique physical identifier can be used to distinguish the device whenever the logical identifier is unavailable or not appropriate. This can be useful during device setup or decommissioning or if the device malfunctions and the logical identifier cannot be accessed.
- Device Intent Signaling: An additional logical identifier that isn’t necessarily unique could be used to signal the intended function or role of the device, aiding in device classification and management.
2. Device Configuration
Device configuration in the context of IoT cybersecurity refers to the ability to modify the software settings of an IoT device by authorized entities only. This capability is essential for several reasons:
- Vulnerability Management: Device configuration allows authorized entities to adjust settings to mitigate potential vulnerabilities. For example, they might disable unnecessary services to reduce potential attack vectors.
- Access Management and Data Protection: Configuration settings can control who can access the device and its data. By limiting configuration changes to authorized entities only, organizations can prevent unauthorized users from changing these settings to gain access.
- Incident Detection: Configuration changes can indicate potential cybersecurity incidents. For example, unauthorized changes could suggest a device has been compromised.
- Customization: Authorized entities might need to alter the device’s configuration for various reasons, such as improving interoperability with other devices, ensuring privacy, enhancing user experience, or meeting specific organizational needs.
- Prevent Unauthorized Changes: Unauthorized users might want to alter a device’s configuration for malicious reasons. Restricting configuration changes to authorized entities can help prevent this.
- Restoration of Secure Configuration: In case the current configuration contains errors, has been corrupted, or is not trustworthy, authorized entities should be able to restore the device to a secure configuration, mitigating potential threats and restoring normal functionality.
It’s important to note that the Device Configuration capability doesn’t impose specific configuration settings but emphasizes the need for a robust and flexible management mechanism. The goal is not to dictate what configuration settings should be in place but to ensure a method exists to manage these settings, whatever they may be, efficiently.
3. Data Protection
Data protection is a key capability in IoT device cybersecurity that safeguards the device’s stored and transmitted data from unauthorized access and alteration.
- Confidentiality: The data stored and transmitted by IoT devices often holds sensitive information. Using secure cryptographic modules and standardized algorithms helps protect this data’s confidentiality, ensuring that unauthorized entities cannot access or misuse it.
- Integrity: Data integrity is vital for maintaining the device’s proper functioning and preventing malicious activities. For instance, if an unauthorized entity could modify the data, it might issue incorrect commands to the device or hide malicious activities. Secure cryptographic algorithms also help maintain data integrity, ensuring it is not inadvertently or deliberately altered.
- Data Erasure: In certain circumstances, authorized entities might need to render all data on the device inaccessible, such as during device decommissioning or in response to a data breach. This could be done by wiping internal storage or destroying cryptographic keys for encrypted data.
- Configuration: The data protection capability should be configurable by authorized entities. For instance, they should be able to adjust cryptographic settings, like choosing a key length. This ties into the device configuration capability, allowing for the customization of data protection measures according to the authorized entities’ specific needs and risk profiles.
4. Interfaces Access Control
Logical Access to Interfaces is an essential capability in IoT device cybersecurity. It helps to restrict access to the device’s local and network interfaces, protocols, and services to only authorized entities.
- Reduced Attack Surface: It helps reduce the device’s attack surface by limiting access to its interfaces, both local and network-based. This way, the opportunities for potential attackers to compromise the device are minimized.
- Access Control: By granting access only to authorized entities, such as through device or user authentication, it adds an extra layer of security and ensures that unauthorized individuals cannot manipulate the device or its data.
- Device State-Dependent Access: Interface access may be partially or fully limited depending on the device’s state. For example, if a device is not properly provisioned with network credentials, access to or from network interfaces could be restricted under a secure onboarding scheme.
- Configurability: Authorized entities should be able to configure the access control measures. They should be able to restrict or allow interface access and adjust thresholds for security measures like account lockout or delay of further authentication attempts after a certain number of failed attempts.
Thus, this capability plays a significant role in vulnerability management, incidence detection, access management, and data protection in the context of IoT cybersecurity.
5. Software Updates
Software Updates are vital for IoT device cybersecurity for the following reasons:
- Vulnerability Mitigation: Updates can remove vulnerabilities from an IoT device, reducing its chances of being compromised.
- Operational Improvement: Software updates fix operational issues in IoT devices, enhancing their availability, reliability, and performance.
- Update Control: This capability allows authorized entities to control the implementation of updates, allowing either automatic or manual initiation of updates.
- Rollback Option: It allows authorized entities to revert to a previous software version if an update unintentionally disrupts critical applications or system integrations.
- Update Authentication: It ensures the integrity and authenticity of updates by allowing IoT devices to verify and authenticate updates before installing them.
- Customized Update Notifications: This capability enables custom notifications of available updates, helping authorized entities manage updates more effectively.
6. State Awareness
The “IoT Cybersecurity State Awareness” feature is vital in IoT devices for several reasons:
- State Reporting: This allows an IoT device to communicate its cybersecurity status, which is crucial for system administrators to monitor and manage the device’s security health in real-time.
- Operational Expectation: This feature differentiates between normal operation and possible compromised states. This is crucial for preemptively identifying potential security threats.
- Access Restriction: By ensuring only authorized entities can view the device’s security status, this capability ensures that sensitive security information isn’t accessible to unauthorized users, thus protecting the device from potential attacks.
- State Editing Protection: By allowing only designated entities to edit the cybersecurity state, this function safeguards against unauthorized changes that could undermine the device’s security.
- Information Availability: This capability allows the device to communicate its state to external services like log servers. This is useful for centralized monitoring and aids in faster incident response.
All these elements contribute to enhanced vulnerability management and incident detection. Furthermore, the awareness of the device’s cybersecurity state aids in investigating potential security breaches, identifying misuse, and troubleshooting operational issues. The methods by which a device informs other entities of its state can vary depending on context-specific needs but could include logs, alerts, or external monitoring systems.
IoT Cybersecurity Non-Technical Criteria
- Comprehensive Documentation: Developers should maintain a thorough record of cybersecurity-related aspects of the IoT product throughout its lifecycle. This includes plans, procedures, and policies that uphold the product’s cybersecurity measures.
- Open Line of Communication: Establishing a channel for customers and other stakeholders to submit information and inquiries related to the product’s cybersecurity is crucial. This ensures an active feedback loop that can lead to product improvements.
- Dissemination of Cybersecurity Information: Key cybersecurity information, such as vulnerability reports and update notifications, should be readily shared with relevant individuals or organizations. While this usually includes customers, it may involve other stakeholders in certain scenarios.
- Cybersecurity Education and Awareness: Developers are responsible for ensuring customers are well-informed about the cybersecurity features of their IoT products. This includes providing user-friendly instructions and guides to understand and effectively use these features. Ensuring customer awareness of cybersecurity best practices can further enhance the security profile of the IoT product.
Key Take Away
Understanding customer needs is a powerful enabler for creating robust, automated cybersecurity capabilities in IoT devices. As IoT ecosystems grow in complexity, embedding security features becomes more critical than ever to protect both the devices and the data they generate.
By understanding customers’ expectations and IoT device security risks, organizations can design features that not only support their customers’ needs but also reduce the customers’ burden to manage these risks.
Fundamental to IoT device security are capabilities such as Device Identification, Device Configuration, Data Protection, Access to Interfaces, Software Updates, and State Awareness.
These capabilities cater to various aspects or mitigation areas, including asset and access management, vulnerability management, incident detection, data protection, and secure device management. They ensure the security of the devices themselves, the integrity and confidentiality of the data they handle, and the protection of the systems and ecosystems they comprise.
Implementing these capabilities and effectively reducing customer burden leads to a safer and more reliable IoT ecosystem. The NIST publications NIST IR 8228, NIST SP 800 213, NISTIR 8259, and NIST 8259A provide further guidance on incorporating these cybersecurity features into IoT devices.
In conclusion, it is essential to understand that the broad cybersecurity capabilities outlined in this paper are merely a starting point. According to the NIST consumer IoT cybersecurity baseline, they represent the minimum set of criteria to base expected outcomes that consumer products must support.
These criteria are required for consumer IoT labeling programs such as the U.S. Cyber Trust Mark and Matter Certification.
The specific cybersecurity and privacy risks and needs may vary significantly depending on unique customer goals, use cases, and contexts. There may also be other areas of concern, such as network architecture, usability, responsibilities, and other unique elements.
Krasamo — An IoT Development Company
Are you interested in developing IoT products? We are ready to guide you throughout the complex world of IoT Security.
With more than 12 years of experience in IoT, our expert IoT developers can help you create devices that meet the highest security standards.
Contact us to discuss the importance of early planning for cybersecurity in the product development lifecycle, tailor features to your customer base and offering, create an IoT use case, understand customer needs, identify potential vulnerabilities, and how to provide support to help manage cybersecurity risks.
Learn more about navigating the Matter certification and the U.S. Cyber Trust Mark with our specialist.
Further Reading
NIST IOT: Learn about NIST Cybersecurity for IoT Program.
NIST IR 8228: Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks.
NISTIR 8259: Recommendations for IoT Device Manufacturers: Foundational Activities.
NISTIR 8259A: Core Device Cybersecurity Capability Baseline (May 29, 2020).
