Internet of Things security needs to be ‘built in, not bolted on’

Manufacturers need to consider cyber security at start of the development of Internet of Things-connected products - not "bolt it on" at the end - according to an industry expert.

Speaking at the FT Cyber Security Summit, Huawei's European cyber security officer David Francis said: "We are moving into a world of possibilities. We live in a wonderful period in history where we are only limited by our imaginations... But there are some challenges."

One major issue is that although IoT-connected devices are becoming more popular and widespread, they frequently have security and privacy problems. Francis said vendors need to ask, "How can I manipulate the characteristics of your device?"

"When you build a device, as an industry that threat modelling needs to happen at the start of the process, not the end," he said. "It needs to be built in, not bolted on."

He warned that attacks could span further than the connected devices themselves. An insecure and popular range of connected fridges, for example, could theoretically enable cyber criminals to increase their power consumption all at once and attack the National Grid.

“It is also about vulnerabilities and what we are exposing ourselves to,” said Helena Lindberg, director general of the Swedish Civil Contingencies Agency. “We need to bring that into the way we think and the way we look at risk…

“You need to build awareness at all levels, starting with your citizens. We are all part of this ecosystem, so if we have our firewalls, we have done our homework, we have changed our passwords, then it will be more difficult [for attackers].”

Francis said consumers need to be better informed so they have the knowledge and motivation to challenge firms over the security of their products.

“The people who have the power are the buyers,” he said, noting that Huawei recently commissioned a whitepaper on the issue of consumer education. “One of the problems we found is that the buyers do not know what to ask.”

If consumers know what makes a product secure and what the risks of using an insecure product are, Francis said they can effectively force manufacturers to increase security.

“Everyone has a part to play,” he said.

r3lb

Shares

Get our latest features in your inbox

Join our community of business leaders