Signatory insights on securing IoT devices

ABB Cybersecurity Requirements for Suppliers

ABB software suppliers, must comply with strict cybersecurity requirements which enable the company to provide a high level of cybersecurity for their clients. Some of these cyber standards include: secure development lifecycles, security quality, cryptographic tools and security functionalities, protection from malware propagation, product documentation, as well as vulnerability handling. For the full list of ABB Cybersecurity Requirement for Suppliers, click here.

You can also find out more about how ABB enables secure IoT here.


Arm’s IoT Security Handbook

As a company that secures one trillion connected devices, Arm provides a comprehensive framework to protect IoT products through its Platform Security Architecture (PSA). The four-stage process includes threat models and security analyses, hardware and firmware specifications, firmware source code and independent testing for developers, manufacturers and deployers of IoT.

You can find the more information on Arm’s framework here and you can access the PSA threat models, architectural specifications and other resources free of charge here.


Surfing the Internet of Things in a safe way

BT’s Insight Blog provides a number of straightforward tips on mitigating the risks of IoT devices and identifies key areas that can help businesses protect users’ data, devices and connections:

  • Every network-connected device must be accessible by its supplier to ensure updates to their software and firmware.
  • Key management should be used to generate and manage keys for device provisioning and identity. Users should consider the use of cryptographic signatures on firmware to determine its authenticity.
  • Default passwords should be disabled and replaced with unique and secure user-generated ones.
  • Edge gateways should be used with extra security and digital certificates to exchange data with devices and networks.

For more information on keeping your IoT devices secure and more, visit BT’s Insight Blogs.


Securing Your IoT Deployment

Microsoft Azure’s Resource Centre includes information which can help users identify ways to secure their IoT deployments based on their Seven Properties of Highly Secure Devices and insights from Microsoft Research. With a focus on recommendations for identity and access management, data protection, networking, and monitoring, Microsoft’s security recommendations for IoT include guidelines on security architecture and deployment as well as general best practices.

You can find more information from Microsoft on how to secure IoT here.


Demystifying IoT Cybersecurity

Nokia’s official IoT security recommendations were spelled out in its work with the IoT Cybersecurity Alliance. The Alliance’s paper on Demystifying IoT Cybersecurity stresses that in order to successfully deploy IoT technology, a multi-layered, end-to-end security approach must be taken. They suggest the following:

  • Build IoT devices with hardware-based security with a strong set of security features including secure boot, secure update mechanisms, tamper-proof device identifiers.
  • Segment data according to need in a highly secure manner.
  • Employ authentication to only allow approved devices onto the network.
  • Enable and protect devices’ identity, access, and authorization to increase visibility of IoT endpoints as well as your ability to track, monitor, and manage IoT devices.

The full IoT Cybersecurity Alliance paper can be found here.


Panasonic Honeypots

In an effort to understand how IoT devices can be hacked and what can be done to prevent it, Panasonic IoT researchers connect experimental devices to internet honeypots and allow hackers to try and take them over. This allows Panasonic to determine the vulnerability of their devices and allows its developers to reverse engineer the issues to ensure a higher level of cybersecurity. The honeypot technique enables new and old Panasonic products to be secure, by regularly updating the patch of their devices.

You can find more about Panasonic’s honeypot technique here.


Schneider Electric’s Cybersecurity

Schneider Electric’s Cybersecurity Support Center provides a repository of documents, guidelines and white papers that its clients can use to learn about securing their products. From industrial processes, building management and access control systems, to data center and electrical infrastructure control systems, Schneider Electric provides information on how to secure your product from cyber threats.

Find Schneider Electric’s Support Center here.


Telefonica IoT Cybersecurity Unit

In April 2019, the Spanish Telecommunications company Telefonica launched its new IoT Security Unit, a project focused on the security of the Internet of Things of its customers. The Unit’s twofold objective aims at expanding the existing catalogue of IoT products and services which Telefonica can offer its clients and aims at developing new IoT security solutions to mitigate the emerging threats faced by businesses who deploy this technology. The Unit also provides an early detection service, for the identification of IoT threats.

You can find you more about how Telefonica ensures the cybersecurity of their customers’ IoT devices here.


VMware IoT Webinars

Vmware offers the opportunity to participate in webinars where VMware experts and partners they share their knowledge on how to simplify IoT complexity, improve the security of IoT infrastructure and accelerate ROI with the right IoT platform.

The Webinars on IoT can be found here.


Guidelines for Putting Cybersecurity
at the Heart of the IoT

In 2015, Capgemini Consulting and Sogeti High Tech launched a study to understand the implications of cybersecurity threats for the IoT. Following the study, Capgemini published a paper, which provides information on how organizations can prepare themselves to address cybersecurity threats of their IoT devices. These recommendations include:

  • Set up an integrated team of business executives and security specialists.
  • Integrate security best practice within the IoT product development process by ensuring that a detailed risk analysis is carried out.
  • Ensure that security is embedded through the IoT product design process.
  • Educate consumers on the dangers of potential hacks.
  • Address privacy concerns with transparent privacy policies.

The full Capgemini report on securing IoT can be found here.


Cisco Security Portal

The Cisco Security Portal is a platform which allows users to consult the company’s resources on everything security related. The website provides access to a number of resources to help users protect their systems including:

  • Cisco Security Advisories, which allows you to learn more about Cisco’s security vulnerability disclosure policies and publications;
  • Cisco Tactical Resources, which includes guidelines and best practices on network design, running a secure network and on how to respond to a security incident;
  • Cisco Security Blog, which includes blogposts and tips from leading Cisco cybersecurity experts.

To learn more about Cisco Security, you can click here.


Trend Micro’s IoT Security Depository

Trend Micro has created a large depository of articles and guidelines on how to ensure IoT devices are not exposed to risks or exploitations. The IoT Security16 mini-site, includes information on how consumers can stay safe with their connected devices, how connected cars can be secured, and on how smart factories and smart cities can improve their cybersecurity. The site also includes sector specific guidelines and tips for the retail, healthcare and utilities industry.

Trend Micro’s IoT Security guidelines and advice can be found here.


If it’s Smart, It’s Vulnerable

f-secure

In 2016, F-Secure’s Chief Research Officer Mikko Hypponen coined the term Hypponen’s Law, a simple yet powerful reminder about the reality of connected devices: if it’s smart, it’s vulnerable. 

It’s very important to remember that anything that can be programmed can be hacked. While hackers can easily get access to our smart air conditioning, they do so get to something else that’s far more interesting than just the ventilation system: our data. 

Find out more on the F-Secure blog site.


A holistic approach to cybersecurity

Cybersecurity is a critical capability in this increasingly electrified and digitally connected world. At Eaton, our enterprise-wide proactive and consistent approach combined with our industry partnerships is leading the way to achieve unified global cybersecurity standards. Learn about our advanced technologies and strategies for implementing a holistic approach to cybersecurity through the entire product life cycle to protect infrastructures and ensure a cybersecure world for all. 

Access our full library of cybersecurity resources here.