Business-Critical Devices and the Constraints of Regulation

IoT Day Slam 2021

IoT Day Slam 2021 featured an exclusive end-user focused program and contributions from thought leaders and academics from the IoT Community and wider IoT ecosystem, including ZARIOT’s Chief Evangelist & Head of Product, Stuart Mitchell. Watch Stuart’s presentation to hear what should be done at a regulatory level as well as at an enterprise level to secure critical IoT and M2M devices.

Business-Critical Devices and the Constratings of Regulation

All industries have their business-critical functions, but as we see a shift of operations from traditional methods to the Internet of Things on a massive scale, the opportunities for terrorism, espionage, ransom, and other high-profile devastating attack scenarios are chilling. We can all imagine a doomsday-style attack that threatens the national power grid, exposes millions of medical records or holds a city hostage with a keystroke, but one step below these dramatic and unlikely scenarios, lie real threats to individual enterprises, and the customers they serve. These scenarios may not be the plot of a Hollywood thriller, but can have devastating consequences for businesses of all sizes.

Security is multi-faceted, however for nearly any attack, access to the network over which the devices transmit data is necessary. Much is said about data security, encryption, and tunneling, however these are not effective measures against denial of service attacks, SIM theft fraud, and location tracking to name just a few network-level vulnerabilities. For a great many possible attack scenarios, access to the network is enough for hackers and bad actors to wreak havoc on an enterprise and their end customers.

When it comes to the security of wireless networks, cybersecurity experts and regulatory agencies tend to look the other way. Cellular networks and local networks like LoRa have significant, albeit different, vulnerabilities. Poor regulations often allow these well-documented weaknesses to go unchecked. To further complicate matters, while local networks can be regulated by local authorities, connectivity must, in many instances, be global.

Cellular is regulated on a country-by country basis, LoRa and SigFox are self-governing, and WiFi is perhaps the most worrying with a hack-a-minute, easy access, and anything but comprehensive regulation. What does this mean for critical devices that rely on these networks to transmit data? The ever-present risk of data breaches, service disruption, and fraud.

In this presentation, we will discuss the vulnerabilities of these various network types, potential attack types and documented examples, current regulations (and lack thereof) and why regulators are so powerless to act. We will examine what kind of devices may need guaranteed connectivity, what uptime means to business-critical devices, and examples of individual business-critical devices fleets. Finally we will address what should be done at a regulatory level as well as at an enterprise level to secure critical IoT and M2M devices.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>