Secure IoT to enable trust and daily usage
Internet of Things is the new tsunami of connected products, beyond traditional IT end points and phones, with a pervasive presence in our day-to-day world.
Apart of connected vehicles which are IoTs on wheels (connected and soon autonomous cars and trucks), on wings (planes, drones and helicopters) or at sea (ships), the vast majority of the 30 billion connected products that are planned in 2020 will be mere sensors or actuators often deployed in common devices (fridge, elevators, scales…).
Their design and production are often led by very simple criteria to optimize their user experience, life cycle and total cost of ownership.
IoT devices are rarely designed with built-in security
Most IoTs must be low cost to enable new use cases: think about sensors to track container’s or pallet’s location in order to optimize supply chain. The lowest cost is a key criterion to support pervasive deployment. But this often means that operational features are delivered with the minimum or even zero protection functions or processes. To lower the costs, they may even be designed and produced offshore with processes that are difficult to monitor and control appropriately.
Sensors and actuators, that must be deployed everywhere in various conditions and situations, are designed for a long-life span, and they often contain off-the-shelves components with few or no maintenance. For instance, software updates for maintenance may require Over-The-Air (OTA) connectivity mechanism and this may cause battery intensive usage which may result in a shorter life span.
Cybersecurity criteria and opportunity to select IoT
New supply chains, e-health, smart home, smart cities, industry 4.0 do all rely on IoT at various critical level to deliver the right service at the right level, with the lowest risks.
Dysfunction, or specific attacks, may result in business impacts because of direct damage on finance or on reputation and branding trustworthiness, and even in human life losses when impacts on ecology and e-health are considered.
So far, cybersecurity has been an option, but it can emerge as a real opportunity and differentiator for IoT designers and manufacturers. On the other hand, large enterprise and organizations can leverage cybersecurity to select IoTs with new security criteria in mind to reduce risks right from the start of the purchasing process.
Assess IoT firmware cybersecurity : continuous integration
Moabi gives visibility on IoT built-in security and presents a clear assessment about the strengths and weaknesses of the IoT firmware and their binaries to rapidly answer to these questions:
Does this IoT comply with the standards in code security? Is the cypher function strong enough when cryptography is used? Can the defense-in-depth be improved? Does this firmware contain known vulnerabilities or 0Days detected by Moabi?
Moabi calculates the IoT Defense Surface that measures its overall security level to benchmark suppliers and IoTs so that organizations can select the best ones with built-in cybersecurity.
Moabi helps organizations select IoT platforms such as sensors and actuators with cybersecurity criteria in their procurement process to protect their business and operation. Moabi’s analytics and reports empower them to improve the security awareness of their suppliers and grow their security posture.