By | Fateen Nazwa binti Yusof, Muhammad Izzat bin Yahood & Mohamad Nasrul Taufiq Bin Salleh
The Internet of Things (IoT) is a powerful industrial system through which end devices are interconnected and automated, allowing the devices to analyse data and execute actions based on the analysis. The interconnection enables the transfer of data over the network without the need for human-human or human-computer interaction. Now IoT is recognized as one of the most important technological fields and has received enormous attention from various key players.
The key players in the Internet of Things (IoT) can generally be categorized into providers and consumers. Providers are those who supply services or devices in the IoT ecosystem. Device manufacturers, service providers, vendors and retailers are some examples of providers. Meanwhile, consumers are the end users of IoT devices, products and ecosystem.
The security and threat landscape in IoT are constantly changing as new and more sophisticated attacks are developed to take advantage of newly discovered vulnerabilities.
What was previously in the realm of the theoretical may become very practical when new techniques are made available to security researchers and attackers alike.
An example of a security attack in the IoT ecosystem is related to the healthcare industry. A California hospital was attacked by ransomware that infected its network systems [1]. The attacker took control of the hospital’s computer system and stated that access would only be granted when a $17,000 redemption fee is paid in Bitcoin currency. Based on this case study, all medical equipment manufacturers and service providers should take preliminary action by performing audits to test equipment vulnerabilities and update their response plans to protect organizations against cyberattacks.
CyberSecurity Malaysia (CSM) developed an Internet of Things (IoT) Security Framework that serves as a guide to key players in developing, deploying and using IoT technology in a secure ecosystem. The framework is illustrated in Figure 1.
Based on research and a study by CSM, IoT is exposed to various cyber threats. This security framework was developed to improve the security of the IoT ecosystem and is suitable for use by various sectors. The framework is divided into 4 layers: 1. Things, 2. Communication, 3. Application and 4. Data Analytics. Each layer lists components for securing the implementation of the IoT ecosystem. A brief explanation of each component in the framework is provided in Table 1.
Figure 2 illustrates the IoT ecosystem in the healthcare industry. First, IoT medical devices collect data related to patients’ conditions using sensors attached to the patients. An IoT medical device may be a temperature sensor, blood pressure sensor, pulsioximeter or other medical sensor. The data is then sent to the cloud via a network gateway. The data stored in the cloud will be used for further monitoring and data analytics purposes. This data can be displayed on desktops, smartphones or even smartwatches. Thus doctors in hospitals are able to monitor patients’ conditions even when the patients are at home. Any alert triggered will inform the patient, guardian as well as doctor, so the emergency patient can be treated at a suitable medical facility as soon as possible.
One of the main challenges in implementing IoT is ensuring security and privacy in the IoT ecosystem. As more organizations are heading towards IoT technology, some disregard the importance of the security aspect in IoT deployment. The CSM IoT Security Framework acts as an initial guideline for key players to develop, deploy and implement a secure and trusted IoT ecosystem. Emphasis is on the Confidentiality, Integrity and Availability (CIA) triad in the framework to reduce cyber threats to a minimum and at the same time preserve data security and privacy in the IoT ecosystem.