The Internet of Things (IoT) provides a core technology for the digital world. It unlocks tremendous value for people, organisations and governments. But more importantly, IoT is growing exponentially. Statistics show that the number connected things will surge from 8.4 billion in 2017 to 20.4 billion by 2020. However, such key technological developments are only effective if people have trust and confidence in them. Recent high-profile incidents, such as Mirai, show that the security in the IoT domain is a big concern.
Security threats in the IoT domain
There are broadly two types of threats:
Consumer security, privacy and safety are undermined by the vulnerability of individual IoT connected devices.
The wider economy and critical infrastructures face an increasing threat of large scale cyber-attacks launched from large volumes of insecure IoT devices.
Trust can be ensured by implementing robust cybersecurity measures. Traditional IT security, however, is challenging to apply to IoT devices. These devices are often computationally limited and run under minimal supervision for long periods of time in potentially adverse environments. Many devices also might have zero or limited user interfacing. This means that patching and updating may not be convenient, and malfunctioning or rogue devices may not be immediately detectable.
TNO studies the IoT challenge
To address this challenge, Singapore and the Netherlands jointly appointed TNO to study the Internet of Things security landscape of today and the recent developments in this area, as well as the key initiatives in place globally. Leveraging on our subject-matter expertise in IoT and our close working relations with both governments as well as our understanding of the policy and cultural perspectives of both countries, we delivered a comprehensive study including specific, actionable recommendations.
Actionable Recommendations of the study
TNO’s study of the IoT security landscape resulted in three concrete recommendations:
1. Evaluation and certification of IoT devices in order to provide assured security baselines for a wide variety of devices. A globally aligned approach with government involvement is necessary.
2. Monitoring and supply chain security along with global intelligence sharing for cybersecurity and trust at component level.
3. Hardware security and trusted device identities, focusing on the security of different root-of-trust implementations and their suitability for different device types, including research on the use of alternatives such as PUFs for low-cost IoT devices.
Cooperation of the study
The Internet of Things Security Landscape study was jointly commissioned by the Cyber Security Agency of Singapore and the Ministry of Economic Affairs and Climate Policy of the Netherlands under the MoU between Singapore and the Netherlands on cybersecurity. The study report was launched at ministerial level in the first week of October 2019 simultaneously at the Singapore International Cyber Week and at the One Conference in the Hague.
“The results will also be shared in the second week of October during the Global Forum for Cyber Expertise (GFCE) Annual meeting in Addis Ababa, Ethiopia.”