Corporate IoT Implementation Struggling, Survey Finds

Security is the Primary Concern for Firms Implementing an IoT Strategy, IT Pros Say
Remaining competitive is the primary motivation for implementing a corporate ‘internet of things’ (IoT) strategy; but 90% of those doing so admit the implementation is struggling. Security is the primary concern, holding back 59% of organizations with a current IoT project.
Security is followed by the cost of implementation (46%); competing priorities (37%); an intimidatingly complex IT infrastructure (35%); and funding (32%). The figures come from a survey (PDF) published this week by Vanson Bourne, commissioned by the Wi-SUN Alliance, which questioned 350 IT decision makers from firms in the U.S., UK, Sweden and Denmark that are already investing in at least one IoT project. 
The purpose of the survey was to help Wi-SUN better understand how it is perceived in the IoT marketplace, and to help plan future operations. Wi-SUN is a non-profit alliance of around 170 major firms throughout the world with a mission to drive interoperable IoT communications based on open global standards in industrial IoT, with particular concern for utilities and smart cities.
Key findings from the survey show that the U.S. (65% of respondents) is ahead of the other three countries surveyed with fully implemented IoT strategies. It is 47% in the UK, 44%in Sweden, and 24% in Denmark. The U.S. also leads in prioritizing IoT enablement: U.S. (73%), UK (64%), Sweden (62%) and Denmark (58%).
One clear outcome from the survey is the emphasis on security as the most important characteristic when considering an IoT implementation for both smart cities (84%) and utilities (85%). Second only to security is the preference for industry open standards: again 84% for smart cities, and 81% for utilities. 
Related Report: The Hunt for IoT – ​Threat Analysis Report (F5 Networks)
These two features fit well with the Wi-SUN network design specification. “Wi-SUN is about the communications layer,” Phil Beecher, chair of the Wi-SUN Alliance, told SecurityWeek. “We’re providing what could be seen as a large scale outdoor IoT wireless mesh that looks like an internet. It has all the resilience and reliability of a decentralized communication network. It doesn’t specify any of the applications that run on top of that, so any application that runs over UDP or TCP can be run over Wi-SUN.”
That, of course, is only part of a large-scale IoT network. “In a smart city,” he continued, “we would provide wireless communication between street lights, or from street lights to traffic signals. But at strategic points there would be a connection to a high speed, probably fiber, connection to transport data to the network’s back office.” It’s not a wifi network because the wifi range is too limiting. Instead Wi-SUN uses stronger radio communications able to cover up to several kilometers.
The security comes in two areas: certificate-based device authentication, and the mesh and wireless topology of the network itself.
“One of our strengths,” continued Beecher, “is that we offer bi-directional communications at a fairly high data rate — so we can do over-the-air upgrades to apply security patches. No device can connect to the network without being ‘vetted’. This is based on the use of certificates. Every device has its own certificate burned in during production, and every device needs to have that certificate verified before it can join the network. Once it is verified and on the network, it is possible to download new code into that device.”
CyberSecurity Law Introduction 网络安全法宣传视频系列
The process cannot, of course, be retrofitted to old devices that can’t be patched. Security here must be applied through traditional network gateways and routers; but in reality organizations with such devices should be considering renewing them with more modern devices — and taking advantage of security updates and certificate-based security.
安卓广告成黑色产业链的根本原因并非移动广告有巨大的市场,贪小便宜才是关键,“打包党”通过反编译国外的商业应用,加入恶意广告变身“免费”应用,靠广告来赚钱,这畸形的市场不是防病毒公司或移动安全公司能有效解决的。
“This certificate authentication,” said Beecher, “makes it very difficult for a remote attacker to hack any of the devices or a local attacker to tamper with the device. The mesh topology of the network also makes it difficult to deliver an effective DoS attack, whether by jamming or data overload, against the network.”

Jamming is difficult because the network uses the military technique of frequency hopping. “You would need a high-power wide-band jammer,” he explained. “This is difficult to achieve; although it is possible at, say, military levels. Otherwise Wi-SUN is largely immune to local jamming.” 
Related Report: The Hunt for IoT – ​Threat Analysis Report
Related: New Legislation Could Force Security Into IoT 
Related: The False Binary of IoT and Traditional Cyber Security 
大部分的攻击都源自内部,所以加强内部的安全管理,特别是内部人员的安全意识教育工作,对于防范大部分的攻击很有必要。

猜您喜欢

结构化股票配资业务料式微
如何检测及应对数据泄露
Cyber Security Law 网络安全法宣传视频《网络安全法》背景知识
带你探访中国最牛的一座地级市(组图)
OYUNBOLUMLERI ROSEVILLEVW
教授海外学术交流遇谍记-国家安全法、保密意识、防间谍宣传