Cable-Tec Expo: The Boogeyman Is Real in IoT Security

DENVER — Just over the past year, connected devices including light bulbs, refrigerators, televisions, automobiles, insulin pumps and the electricity grid in the Ukraine were successfully hacked. All are evidence that the security threat for IoT and connected devices is real, but not insurmountable, according to panelists at a Cable-Tec Expo session, “IoT Security: Is It Really a Risk?”

Answer: Yes. “Security is a process, not a one-time thing,” said Petr Peterka, CTO of Verimatrix. “We need to be thinking about these devices over their entire lifetime.”

Read More: Complete Coverage of Cable-Tec Expo 2017

“We have got to stop this,” said Brian Scriber, principal security architect at CableLabs. “We have the tools.”

Scriber pointed out that manufacturers have little to no economic incentive to provide post-sale updates or security measures, let alone for their anticipated lifetime, Scriber said.

Plus, patches to remedy hacks and not always designed for the everyday person. Light bulbs don’t usually come with USB ports, for instance; depending on the type of IoT device hacked, the remedies can range from requiring special adaptors, custom cables, and even soldering irons.

Hackers hack for different reasons, Peterka said: Academics do it to expose flaws “because they want to protect us.” So-called “hactivists” usually have a political leaning they want known; thieves hack to steal; terrorists hack to cause large-scale damage.

Peterka characterized four levels of threats, associated with IoT hacks: Threats to brand and reputation, threats to lives (e.g. medical aides we have in or on ourselves), threats to national security, and threats to critical infrastructure.

Because set-tops and gateways are, in essence, the very first “connected IP devices” in a home or business, some security elements have already been solved, and can be applied to the IoT scene, he said. In particular, his list of the four corners of IoT device security includes device integrity, secure boot-ups, authentication, and the security of collected data.

He referenced work happening within CableLabs and some of its members with the Open Connectivity Forum, or OCF, as a solid flanking mechanism. “We have leadership there — which matters, because IoT security will absolutely impact our networks … and the fact is that we’ve solved these problems before,” Scriber said.