Signatory insights on securing IoT devices

ABB Cybersecurity Requirements for Suppliers

Operational Technology controlling industrial processes and consumer IoT is becoming more connected to outside cloud services. This enables new capabilities, but at the same time has the risk of making the industrial control systems and IoT more vulnerable to cyber attacks. Deciding how to get access to these benefits while protecting your operations can be confusing.

Working with a partner that has the competency in cyber security both on industrial process automation systems and consumer products, and clear focus to bring free data flow across the entire value chain is the best approach to harness the power of digitalization and continuous improvement culture for industries.

You can also find out more about how ABB enables secure IoT here.


Arm’s IoT Security Handbook

As a company that secures one trillion connected devices, Arm co-founded PSA Certified as a security framework and certification scheme to establish security best practice in the IoT. The four-stage process includes threat models, hardware and firmware specifications, firmware source code and independent testing for developers, manufacturers and deployers of IoT. You can find the more information on PSA Certified here and you can access all the resources (threat models, architectural specifications) free of charge here.


Surfing the Internet of Things in a safe way

BT’s Insight Blog provides a number of straightforward tips on mitigating the risks of IoT devices and identifies key areas that can help businesses protect users’ data, devices and connections:

  • Every network-connected device must be accessible by its supplier to ensure updates to their software and firmware.
  • Key management should be used to generate and manage keys for device provisioning and identity. Users should consider the use of cryptographic signatures on firmware to determine its authenticity.
  • Default passwords should be disabled and replaced with unique and secure user-generated ones.
  • Edge gateways should be used with extra security and digital certificates to exchange data with devices and networks.

For more information on keeping your IoT devices secure and more, visit BT’s Insight Blogs.


Securing Your IoT Deployment

Microsoft Azure’s Resource Centre includes information which can help users identify ways to secure their IoT deployments based on their Seven Properties of Highly Secure Devices and insights from Microsoft Research. With a focus on recommendations for identity and access management, data protection, networking, and monitoring, Microsoft’s security recommendations for IoT include guidelines on security architecture and deployment as well as general best practices.

You can find more information from Microsoft on how to secure IoT here.


Demystifying IoT Cybersecurity

Nokia’s official IoT security recommendations were spelled out in its work with the IoT Cybersecurity Alliance. The Alliance’s paper on Demystifying IoT Cybersecurity stresses that in order to successfully deploy IoT technology, a multi-layered, end-to-end security approach must be taken. They suggest the following:

  • Build IoT devices with hardware-based security with a strong set of security features including secure boot, secure update mechanisms, tamper-proof device identifiers.
  • Segment data according to need in a highly secure manner.
  • Employ authentication to only allow approved devices onto the network.
  • Enable and protect devices’ identity, access, and authorization to increase visibility of IoT endpoints as well as your ability to track, monitor, and manage IoT devices.

The full IoT Cybersecurity Alliance paper can be found here.


Panasonic Honeypots

In an effort to understand how IoT devices can be hacked and what can be done to prevent it, Panasonic IoT researchers connect experimental devices to internet honeypots and allow hackers to try and take them over. This allows Panasonic to determine the vulnerability of their devices and allows its developers to reverse engineer the issues to ensure a higher level of cybersecurity. The honeypot technique enables new and old Panasonic products to be secure, by regularly updating the patch of their devices.

You can find more about Panasonic’s honeypot technique here.


Schneider Electric’s Cybersecurity

Schneider Electric’s Cybersecurity Support Center provides a repository of documents, guidelines and white papers that its clients can use to learn about securing their products. From industrial processes, building management and access control systems, to data center and electrical infrastructure control systems, Schneider Electric provides information on how to secure your product from cyber threats.

Find Schneider Electric’s Support Center here.


Telefonica IoT Cybersecurity Unit

In April 2019, the Spanish Telecommunications company Telefonica launched its new IoT Security Unit, a project focused on the security of the Internet of Things of its customers. The Unit’s twofold objective aims at expanding the existing catalogue of IoT products and services which Telefonica can offer its clients and aims at developing new IoT security solutions to mitigate the emerging threats faced by businesses who deploy this technology. The Unit also provides an early detection service, for the identification of IoT threats.

You can find more about how Telefonica ensures the cybersecurity of their customers’ IoT devices here.


VMware IoT Webinars

Vmware offers the opportunity to participate in webinars where VMware experts and partners they share their knowledge on how to simplify IoT complexity, improve the security of IoT infrastructure and accelerate ROI with the right IoT platform.

The Webinars on IoT can be found here.


Guidelines for Putting Cybersecurity
at the Heart of the IoT

In 2015, Capgemini Consulting and Sogeti High Tech launched a study to understand the implications of cybersecurity threats for the IoT. Following the study, Capgemini published a paper, which provides information on how organizations can prepare themselves to address cybersecurity threats of their IoT devices. These recommendations include:

  • Set up an integrated team of business executives and security specialists.
  • Integrate security best practice within the IoT product development process by ensuring that a detailed risk analysis is carried out.
  • Ensure that security is embedded through the IoT product design process.
  • Educate consumers on the dangers of potential hacks.
  • Address privacy concerns with transparent privacy policies.

The full Capgemini report on securing IoT can be found here.


Cisco Security Portal

The Cisco Security Portal is a platform which allows users to consult the company’s resources on everything security related. The website provides access to a number of resources to help users protect their systems including:

  • Cisco Security Advisories, which allows you to learn more about Cisco’s security vulnerability disclosure policies and publications;
  • Cisco Tactical Resources, which includes guidelines and best practices on network design, running a secure network and on how to respond to a security incident;
  • Cisco Security Blog, which includes blogposts and tips from leading Cisco cybersecurity experts.

To learn more about Cisco Security, you can click here.


Trend Micro’s IoT Security Depository

Trend Micro, a global cybersecurity leader, helps make the world safe for exchanging digital information. We provide IoT security to gain situational awareness across IT, OT and CT, ensuring critical operation, especially in manufacturing, electric, oil and gas industries, and healthcare.  Our technology and intelligence help asset owners enhance their capability to protect, detect and respond in the mixed system of legacy and modern technologies such as cloud, edge and 5G.  Trend Micro Research and experts identify the latest threat, and vulnerabilities and deliver insight from advanced research and unique statistic data to make it easier to understand the threat landscape and impact on your business. To learn more, visit our blog: Research, News, and Perspectives.


If it’s Smart, It’s Vulnerable

f-secure

In 2016, F-Secure’s Chief Research Officer Mikko Hypponen coined the term Hypponen’s Law, a simple yet powerful reminder about the reality of connected devices: if it’s smart, it’s vulnerable. 

It’s very important to remember that anything that can be programmed can be hacked. While hackers can easily get access to our smart air conditioning, they do so get to something else that’s far more interesting than just the ventilation system: our data. 

Find out more on the F-Secure blog site.


A holistic approach to cybersecurity

Cybersecurity is a critical capability in this increasingly electrified and digitally connected world. At Eaton, our enterprise-wide proactive and consistent approach combined with our industry partnerships is leading the way to achieve unified global cybersecurity standards. Learn about our advanced technologies and strategies for implementing a holistic approach to cybersecurity through the entire product life cycle to protect infrastructures and ensure a cybersecure world for all. 

Access our full library of cybersecurity resources here.