SECURITY AND GOVERNANCE IN IoT

KEY ASPECTS

• Definition of security and governance in iot

• Importance of security and governance in iot
• Challenges with IoT security
• Securing IoT devices
What is IoT security:
IoT security is a cybersecurity strategy and protection mechanism that safeguards against cyberattacks which specifically target IoT devices that are
connected to the network.
• When we talk about security in IoT we are talking about the technology segment focused on safeguarding connected devices and networks in
the internet of things (IoT.

The architecture of IoT systems usually consists of wireless networks, cloud databases for communication, sensors, data processing programs, and
smart devices that interact closely with each other. IoT systems use the following components to exchange and process data:
•Smart devices that collect, store, and share data about the environment and other devices and components
•Embedded systems used by smart devices — which can include various processors, sensors, and communication hardware — whose goal is to
collect, send, and act on data they acquire from environments
•IoT gateways, hubs, or other edge devices that route data between IoT devices and the cloud
•Cloud or on-premises data centers with remote servers that exchange data through wireless connections

Application of IoT
• IoT technologies are used within various industries: manufacturing, automotive, healthcare, logistics, energy, agriculture, and more. Smart
devices can range from simple sensors to DNA analysis hardware depending on a particular IoT system’s goals. The most popular IoT use cases
and devices are:
Devices we use IoT security in our daily lives
 CHALLENGES OF IOT SECURITY

▶ IoT security can be understood as a cybersecurity strategy and protection

mechanism that safeguards against the possibility of cyberattacks which
specifically target physical IoT devices that are connected to the network. Without
robust security, any connected IoT device is vulnerable to breach, compromise and
control by a bad actor to ultimately infiltrate, steal user data and bring down
systems.
▶ The overarching challenge for security in IoT is that as large volumes of diverse
IoT devices continue to connect to the network, a dramatic expansion of the attack
surface is happening in parallel. Ultimately the entire network security posture is
diminished to the level of integrity and protection offered to the least secure
device.
▶ Security teams are now faced with new and escalating challenges that are unique to
IoT security, including:
▶ Inventory – not having clear visibility and context for what IoT devices are in
the network and how to securely manage new devices.
▶ Threats – lack of well-embedded security into IoT device operating systems that
are hard or impossible to patch.
▶ Data volume – overseeing vast amounts of data generated from both managed
and unmanaged IoT devices.
▶ Ownership – new risks associated with the management of IoT devices by
disparate teams within the organization.
▶ Diversity – the sheer diversity of IoT devices in terms of their limitless forms
and functions.
▶ Operations – the unification crisis wherein IoT devices are critical to core
operations yet difficult for IT to integrate into the core security posture.
 How to secure the network

• Set up Your Router Correctly.

• Use Super Strong Passwords.
• Create a Separate Wi-Fi Network for IoT Devices.
• Disable Features You Don't Use.
• Keep Your Devices Up-To-Date.
• Enable Multi-Factor Authentication.
• Employ a Next-Generation Firewall (NGFW)
How to protect IoT systems and devices
1.Introduce IoT security during the design phase
2. Network security
3. API security
4. Network access control.
5. Security gateways.
6. Patch management/continuous software updates.

▶ At work:

• Employ Device Discovery for Complete Visibility

• Apply Network Segmentation for Stronger Defense

• Adopt Secure Password Practices

• Continue to Patch and Update Firmware When Available

• Actively Monitor IoT Devices at All Times

 Here are a few of the IoT security measures that enterprises can use to improve their data
protection protocols.

1. Introduce IoT security during the design phase

▶ Of the IoT security issues discussed, most can be overcome by better preparation, particularly
during the research and development process at the start of any consumer-, enterprise-
or industrial-based IoT device development. Enabling security by default is critical, as well as
providing the most recent operating systems and using secure hardware.
▶ IoT developers should, however, be mindful of cybersecurity vulnerabilities throughout each
stage of development -- not just the design phase. The car key hack, for instance, can be
mitigated by placing the FOB in a metal box, or away from one's windows and hallways.

2. PKI and digital certificates

▶ PKI is an excellent way to secure the client-server connections between multiple networked
devices. Using a two-key asymmetric cryptosystem, PKI is able to facilitate the encryption and
decryption of private messages and interactions using digital certificates. These systems help to
protect the clear text information input by users into websites to complete private transactions.
E-commerce wouldn't be able to operate without the security of PKI.
3. Network security

▶ Networks provide a huge opportunity for threat actors to remotely control others' IoT devices.
Because networks involve both digital and physical components, on-premises IoT security
should address both types of access points. Protecting an IoT network includes ensuring port
security, disabling port forwarding and never opening ports when not needed; using
antimalware, firewalls and intrusion detection systems/intrusion prevention systems; blocking
unauthorized IP (Internet Protocol) addresses; and ensuring systems are patched and up to
date.

NB:Protecting the network is a key component of IoT security.

4. API security
▶ APIs are the backbone of most sophisticated websites. They allow travel agencies, for
example, to aggregate flight information from multiple airlines into one location.
Unfortunately, hackers can compromise these channels of communication, making API
security necessary for protecting the integrity of data being sent from IoT devices to back-end
systems and ensuring only authorized devices, developers and apps communicate with APIs. T-
Mobile's 2018 data breach is a perfect example of the consequences of poor API security. Due
to a "leaky API," the mobile giant exposed the personal data of more than 2 million customers,
including billing ZIP codes, phone numbers and account numbers, among other data.
IMPORTANCE OF IOT SECURITY

▶ Hardware, software and connectivity will all need to be secure for IoT
objects to work effectively. Without security for IoT, any connected
object, from refrigerators to manufacturing bots, can be hacked. Once
hackers gain control, they can usurp the object's functionality and steal the
user's digital data.
DEFINITION

▶ Governance is a theoretical set of rules, actions, and processes used to

stabilize institutions, organizations and communities and to ensure a
persistent and stable outcome from the members of those entities.

▶ To understand the complexity of IoT and the pressing need to properly

govern this ecosystem, it is worth looking into the components that build
up this giant network of connected devices.
1 1. GATEWAYS

▶ Gateways enable the easy management of data traffic

flowing between IoT devices and networks.
▶ They also translate the network protocols and make sure
that the devices and sensors are connected appropriately
▶ . Gateways can also work to pre-process the data from
sensors and send them off to the next layer, as well as
providing proper encryption with the network flow and
data transmission.
 2. ANALYTICS

▶ The analog data that are derived from devices and sensors
are converted into a format that is easy to read and analyze.
▶ The key attribute of the IoT ecosystem is that it supports
real-time analysis that detects irregularities and prevents
data loss or data scams to prevent malicious attacks.
3. CONNECTIVITY OF DEVICES

▶ The main component completing the connectivity layer are

sensors and devices. Sensors collect information and send
it off to the next layer, where it is processed.
4. CLOUD COMPUTING

▶ With the help of the IoT ecosystem, organizations are able

to collect bulk amounts of data from sensors, devices, and
applications.
▶ There are various tools that are used for the purpose of data
collection that can collect, process, handle and store the
data efficiently and in real time; this can be performed by
using IoT Cloud.
5. USER INTERFACE

▶ The IoT ecosystem depends immensely on user interfaces,

which provide a visible and physical part that can be easily
accessed by the user
▶ It is important to have a userfriendly interface to ensure a
proper user and administrator experience.
▶ The term IoT governance is still in its
early stages and there are no definitive
limits on what IoT governance should
include, or which areas it should cover.
WHY DO WE NEED IOT GOVERNANCE?

▶ IoT governance framework should cover these three IT

sector which are as follows : data, infrastructure, and
architecture.
▶ An IoT governance framework should ensure data integrity
and data security for information shared by all IoT devices
in the enterprise network. It should also maintain the
trusted source of information across the different layers of
the IoT architecture
▶ In addition, the framework should ensure that all infrastructure devices, and
IoT devices in particular, are well protected, physically and digitally, to
prevent any unlawful intrusion or improper functioning
 ASPECTS WHICH SHOULD BE OF
HIGHER CONCERN TO ANY IOT
GOVERNANCE FRAMEWORK

▶ First is the applications associated with collecting, analyzing and monitoring the
data provided by the IoT devices. At a high level, these applications should be
well governed to protect the data acquired and processed by them. It should also
provide controls for accessing this data, such as role-based access,
▶ Second is the platform; all platforms related to data management,
application integration, and IoT device management should have a well-
defined framework as to how to register/de-register IoT devices, how to
collect data, how and where to publish this data, and how to interact with
upper and lower layers of the IoT reference architecture.
▶ Third is the communication. This refers to all communication between
devices at the physical end up to the consumption of the collected data. The
IoT framework should tap into the protocols of transporting this data across
all layers and take into consideration any regulatory requirements (local and
international), with the General Data Protection Regulation (GDPR) as an
example.
▶ Fourth is the IoT device itself. At this level, the IoT framework should tap
into the security of the device, the monitoring of the device, intrusion
detection, booting, remote control and firmware management,
▶ In the Technology dimension, the governance framework should ensure
interoperability across the different layers of the IoT reference architecture,
and this can be very specific to the organization’s needs and should align
with the communication standards and protocols (like periodic log
transmissions, detection of anomalies, etc.) of other digital ecosystems at
the organization.
▶ As part of the technology dimension, there should be a clear data lifecycle
management for all data sets generated by the IoT ecosystem, given its
specificity and frequency.
ROLES OF GOVERNANCE IN IOT

▶ Security breaches
Governance protect each layer from intrusions and hacking becomes a
complex process.

▶ Data governance
Governance in data collection is of great importance because it help to set
policies for the user to read and understand the use of data being collect by an
iot device
▶ Privacy rights

Governance in iot Privacy bring sense of security to the end user because
the government enforces policies which stress out and protect sensitive data
which is being exchanged between devices
 IOT GOVERNANCE CHALLENGES

▶ The first challenge facing the future governance of IoT is the increasing
number of different connected devices; this requires a great deal of
complex solutions to accommodate the heterogeneous connection of
devices along with the size of the connection, where the implementation of
protocols and algorithms of all devices has to be efficient.
▶ Data protection and anonymity is another factor threatening security that
must be addressed in order to keep users’ data secure
▶ Data governance
Big data platforms are usually made for supporting the
demands of largescale storage and for performing the
investigation which is required to extract the full advantages
of IoT
▶ Privacy rights

Wearable devices are being used by the healthcare sector, and will see steady
development
However, can you imagine all these medical devices using Cloud and storing
their images for intelligent systems? This will raise the question of data
privacy among citizens and government regulators.
▶ Security breaches
As the IoT ecosystem spans different layers, the ability to protect each layer
from intrusions and hacking becomes a complex process.
The fact that the number of physical devices is increasing in large numbers,
puts tremendous pressure on organizations and regulators to protect these
devices, both physically and digitally.