Security Archives - FutureIoT https://futureiot.tech/category/technology/security/ Delivering Connected Intelligence Thu, 21 Mar 2024 08:35:11 +0000 en-US hourly 1 https://futureiot.tech/wp-content/uploads/2018/08/cropped-site-icon-600px-1-32x32.png Security Archives - FutureIoT https://futureiot.tech/category/technology/security/ 32 32 PodChats for FutureIOT: The intersection of IoT and SASE in OT security https://futureiot.tech/podchats-for-futureiot-the-intersection-of-iot-and-sase-in-ot-security/ Wed, 20 Mar 2024 01:00:00 +0000 https://futureiot.tech/?p=13668 Securing IoT in the enterprise is complex because of the varying IoT devices and their diversity in form, function and purpose. While some IoT devices like smart devices may have some form of memory and computing, therefore operating system, others like sensors and telemetry modules merely capture data and pass this to other technologies in […]

The post PodChats for FutureIOT: The intersection of IoT and SASE in OT security appeared first on FutureIoT.

]]>
Securing IoT in the enterprise is complex because of the varying IoT devices and their diversity in form, function and purpose. While some IoT devices like smart devices may have some form of memory and computing, therefore operating system, others like sensors and telemetry modules merely capture data and pass this to other technologies in the workflow.

It is this diversity of form, function and technology, and the proliferation of multiple standards or protocols that has limited the ability of IT and security teams to integrate the security of IoT technologies into the enterprise.

According to Amit Bareket, VP for Secure Service Edge at Check Point Software Technologies, the challenge lies in the transformation of corporate networks due to mobility and cloud computing. He explained that this shift has redefined the Internet as the new corporate network.

“Employees accessing cloud resources from outside the office necessitates opening up corporate resources to the internet, introducing significant security risks,” he added. “Traditional network security measures are often inadequate in this new landscape.

Amit Bereket

“There's a pressing need to rethink security strategies to effectively mitigate various cyber threats, as evidenced by recent high-profile attacks like the oil pipeline incident in the United States. This shift will undoubtedly remain a top priority for every CIO and CISO over the next five years.”

Amit Bareket

Securing OT is not that easy

Bareket commented that part of the security challenge lies in the sheer number of devices that need to be connected to the network. Finding all the devices remains a challenge, he opined.

Reflecting on the transitions many organisations had to undergo during the COVID-19 pandemic, he pointed out that the rapid transformation caught many off guard. He cited the global shutdowns that occurred during the pandemic.

“Suddenly, businesses that never envisioned remote operations have to thrust themselves into a new reality where remote work became the norm almost overnight,” he commented. “This abrupt shift left CIOs and CISOs grappling with uncertainty: Would we revert to the old ways, or was this the new normal? It became increasingly clear that remote work was here to stay, challenging our preconceptions about the pace of change.”

He added that what was initially projected to take 5—10 years unfolded within a single year. “I think today we stand in a strong position with robust solutions to meet the demands of this new landscape,” he continued.

SASE to the rescue

Secure Access Service Edge (SASE) is the convergence of connectivity and security helping organizations to achieve a consistent security posture by implementing a decentralised concept where security is provided directly at the source, with the management of all involved components done in the cloud. Bereket says SASE is just a secure network over the internet. SASE is a secure network infrastructure over the internet, encompassing various components such as users, cloud resources, and IoT devices.

Unlike traditional endpoints, IoT devices cannot typically accommodate agent or app installations, necessitating a network-level approach to security. He used Check Point's integration with SD-WAN devices and gateways as an example claiming it facilitates the creation of a unified network under the SASE platform.

“This integration provides visibility into IoT devices and enables security enforcement at the network level. Check Point's IoT security features, including device discovery and policy enforcement, play a crucial role in securing these devices within the SASE framework,” he continued.

SASE promises to bring IoT into the security framework of the organisation.

Asked whether IT leaders have heard the SASE story and are incorporating the technology into the overall network architecture he opined it has already happened.

“It’s evident that the internet is now the new corporate network. It is here to stay,” he started. He recalled a recent conversation with a major bank: “It was clear that they recognise this shift and understand that embracing solutions like SASE is inevitable,” he revealed.

“The pace of digital evolution will only accelerate, with forecasts from Gartner projecting a 30% year-over-year growth in the market for the next three years. By 2027, this market is expected to reach US$25 to US$28 billion from US$9 billion in 2024, further emphasising the significance of this shift in networking and security paradigms,” he concluded.

Click on the PodChat player and listen to Bareket elaborate on the intersection of IoT and SASE in OT security.

  1. What are the top challenges faced in OT security in 2024?
  2. What are the key components of OT security?
  3. For a long time, the security of operational technology has been kept out of the IT portfolio. Given the recent rise in attacks against critical and industrial systems, do you see a convergence of IT and OT security and who will lead the charge?
  4. How does IoT fit into SASE (and vice versa)?

The post PodChats for FutureIOT: The intersection of IoT and SASE in OT security appeared first on FutureIoT.

]]>
AI and IoT are opening new vectors of cyberattack https://futureiot.tech/ai-and-iot-are-opening-new-vectors-of-cyberattack/ Tue, 19 Mar 2024 13:00:00 +0000 https://futureiot.tech/?p=13655 Interconnected technologies are the growing network of devices, systems and applications connected to the internet and each other. They transform enterprises, enabling them to gather more data and automate processes. But they also bring new risks and challenges when securing business assets and safeguarding customers. A recent Kaspersky study found that AI and IoT are […]

The post AI and IoT are opening new vectors of cyberattack appeared first on FutureIoT.

]]>
Interconnected technologies are the growing network of devices, systems and applications connected to the internet and each other. They transform enterprises, enabling them to gather more data and automate processes. But they also bring new risks and challenges when securing business assets and safeguarding customers.

A recent Kaspersky study found that AI and IoT are already used by 61% and 64% of companies respectively, while 28% and 26% of companies plans to adopt them within two years. Data spaces are used by 27% of businesses, with more than half (54%) intending to adopt them soon.

Other interconnected technologies (digital twins, AR, VR, web 3.0, 6G), are used by 8-20% of companies participating in the survey, but more than 70% are considering integrating them into their business processes soon.

The expanding use of AI and IoT has the potential to expose organisations to new vulnerabilities. According to the research, 13-14% of organisations from the region think AI and IoT are ‘very difficult’ or ‘extremely difficult’ to protect, while only 6% of the AI users and 10% of the IoT owners believe their companies are fully protected.

Adrian Hia

According to Adrian Hia, managing director for Asia Pacific at Kaspersky, “Undoubtedly, new technological tools play a vital role in improving the efficiencies and productivity of enterprises in the region. However, there are loopholes, particularly in cybersecurity, that need to be addressed. Our recent study showed more than half of the companies are using AI and IoT in their organisations, but 21% of them think AI and IoT are somewhat difficult to protect. It shows that there is a skills and knowledge gap that needs to be patched with urgency.”

Recommendations going forward

Source: Kaspersky 2024

Given the scale of change that interconnected technologies is likely to bring, organisations must develop a strategy to implement and protect them. Kaspersky recommends four effective ways to ensure organisations are prepared to protect interconnected technologies:

Adopt secure-by-design principles. By integrating cybersecurity into each stage of the software development lifecycle, secure-by-design software and hardware become resilient against cyberattacks, contributing to the overall security of digital systems. Cyber Immune solutions based on KasperskyOS, for instance, allow companies to minimize the threat surface and significantly decrease the ability of cybercriminals to perform a successful attack.

Train and upskill your workforce. Building a cyber-aware culture requires a comprehensive strategy that empowers employees to gain knowledge and put it into practice. With Kaspersky Expert training, InfoSec professionals can advance their skills and defend their companies against attacks.

Upgrade your cybersecurity solutions and use centralized and automated platforms such as Kaspersky Extended Detection and Response (XDR). As companies adopt interconnected technologies, they need cybersecurity solutions with more advanced features, enabling them to collect and correlate telemetry from multiple sources and provide effective threat detection and rapid automated response. 

As many AI solutions are built on containers, it’s important to secure the infrastructure they are integrated in with cybersecurity products – such as Kaspersky Container Security – that allows companies to detect security issues at every stage of the app lifecycle, from development to operation.

Meet regulations to avoid legal problems or reputational damage, by ensuring your cybersecurity practice meets changing standards and legal requirements.

The post AI and IoT are opening new vectors of cyberattack appeared first on FutureIoT.

]]>
Leader Church & Dwight uplevels OT and manufacturing security posture https://futureiot.tech/leader-church-dwight-uplevels-ot-and-manufacturing-security-posture/ Mon, 18 Mar 2024 02:00:00 +0000 https://futureiot.tech/?p=13643 The number of cyberattacks against manufacturing and critical infrastructure continues to rise. A recent report found critical manufacturing was one of the most frequently attacked verticals in the OT/industrial control system (ICS) sector. Church & Dwight (C&W), the company behind the brand Arm & Hammer, plans to strengthen the consumer goods company’s cybersecurity program. The […]

The post Leader Church & Dwight uplevels OT and manufacturing security posture appeared first on FutureIoT.

]]>
The number of cyberattacks against manufacturing and critical infrastructure continues to rise. A recent report found critical manufacturing was one of the most frequently attacked verticals in the OT/industrial control system (ICS) sector.

Church & Dwight (C&W), the company behind the brand Arm & Hammer, plans to strengthen the consumer goods company’s cybersecurity program. The goal was to gain a deeper understanding of its manufacturing risk profile by identifying critical assets, vulnerabilities, and security gaps.

It has chosen Rockwell to help build resiliency and minimise risks in its operational technology (OT) manufacturing security practices. The two collaborated to develop a remediation roadmap, new security policies, and other measures to minimize risks.

With several global consumer brands under its umbrella, C&W recognised the critical impact and importance of a strong OT security posture and enlisted Rockwell.

“We selected Rockwell Automation because we were looking for a new partner to help us uplevel our OT and manufacturing security posture. We knew we needed the best of the best who understood our vision,” said David Ortiz, chief information security officer (CISO) at Church & Dwight. “Throughout our work with Rockwell Automation on our OT cybersecurity program, we’ve gained a thorough understanding of our cybersecurity landscape and the tools needed.”

Commenting on the collaboration, Mark Cristiano, global commercial director at Rockwell, says: “We have implemented new security controls and processes and have already seen a dramatic shift in the company's OT practices. We are proud to leverage our best-in-class partnerships to help Church & Dwight achieve its cybersecurity goals.”

As a longtime Rockwell Industrial Solutions customer, C&W expanded its partnership in 2020 to advance their Manufacturing Cybersecurity Program initiative. Since then, Church & Dwight has achieved its cybersecurity objectives in mitigating risks and understanding its OT landscape.

Once threat detection capabilities were in place, Church & Dwight implemented continuous monitoring through managed OT services from Rockwell.

These managed services integrate and support Church & Dwight’s current IT Security Operations Centre, bridging the gap between IT and OT networks, and mitigating cyber risks across the enterprise.

The post Leader Church & Dwight uplevels OT and manufacturing security posture appeared first on FutureIoT.

]]>
Church & Dwight to Increase manufacturing cybersecurity resilience https://futureiot.tech/church-dwight-to-increase-manufacturing-cybersecurity-resilience/ Thu, 14 Mar 2024 01:00:00 +0000 https://futureiot.tech/?p=13623 The number of cyberattacks against manufacturing and critical infrastructure continues to rise. A recent report found critical manufacturing was one of the most frequently attacked verticals in the OT/industrial control system (ICS) sector. Consumer goods company, Church & Dwight recognized the critical impact and importance of a strong OT security posture and enlisted Rockwell. The […]

The post Church & Dwight to Increase manufacturing cybersecurity resilience appeared first on FutureIoT.

]]>
The number of cyberattacks against manufacturing and critical infrastructure continues to rise. A recent report found critical manufacturing was one of the most frequently attacked verticals in the OT/industrial control system (ICS) sector.

Consumer goods company, Church & Dwight recognized the critical impact and importance of a strong OT security posture and enlisted Rockwell. The goal was to gain a deeper understanding of its manufacturing risk profile by identifying critical assets, vulnerabilities and security gaps.

To strengthen the company’s cybersecurity program, Church & Dwight has chosen Rockwell Automation to help build resiliency and minimize risks in its operational technology (OT) manufacturing security practices.

“We selected Rockwell Automation because we were looking for a new partner to help us uplevel our OT and manufacturing security posture. We knew we needed the best of the best who understood our vision,” said David Ortiz, Church & Dwight CISO.

Rockwell’s global commercial director, Mark Cristiano, says: "Over the course of our partnership with Church & Dwight, we have implemented new security controls and processes and have already seen a dramatic shift in the company's OT practices. We are proud to leverage our best-in-class partnerships to help Church & Dwight achieve its cybersecurity goals.”

The post Church & Dwight to Increase manufacturing cybersecurity resilience appeared first on FutureIoT.

]]>
Rising risks from accelerated use of unchecked IoT in enterprise https://futureiot.tech/rising-risks-from-accelerated-use-of-unchecked-iot-in-enterprise/ Mon, 26 Feb 2024 01:00:00 +0000 https://futureiot.tech/?p=13574 Enterprises continue to embrace IoT strategies to streamline operations, boost efficiency, and improve customer experiences. From hospitals to manufacturers to public sector agencies, IoT device fleets are critical for meeting these modernization goals. However, the acceleration in connected device deployment opens new windows for cybercriminals and exposes networks to potential breaches. Kenan Frager, VP of […]

The post Rising risks from accelerated use of unchecked IoT in enterprise appeared first on FutureIoT.

]]>
Source: Keyfactor Research

Enterprises continue to embrace IoT strategies to streamline operations, boost efficiency, and improve customer experiences. From hospitals to manufacturers to public sector agencies, IoT device fleets are critical for meeting these modernization goals.

However, the acceleration in connected device deployment opens new windows for cybercriminals and exposes networks to potential breaches.

Kenan Frager, VP of Marketing at Asimily, warns that vulnerable IoT devices continue to be a glaring cybersecurity weak spot for many enterprises. He opines that businesses are lured by the benefits the devices offer but do not take the necessary effort to check if such technologies are sufficiently secure.

Kenan Frager

“Regardless of industry, an attack on IoT infrastructure can and will result in operational downtime, loss of IP, loss of revenue, and reputational harm.”

Kenan Frager

He notes that regulatory compliance adds another layer of pressure, with steep fines and sanctions looming for breaches that affect HIPAA, PCI DSS, NIST, SOC 2, and other increasingly stringent mandates.

Report findings

Breach tactics continue evolving: Cybercriminals seeking confidential proprietary data to sell for financial gain look for and infiltrate vulnerable and often-unsecured IoT devices to establish initial access to an enterprise’s network.

That tactic supports ransomware attacks as well, with criminals gaining access via IoT endpoints, encrypting data, and extorting ransoms. In other cases, nation-state-sponsored groups are motivated to shut down or disrupt the services of their targets.

A common tactic is harvesting vast fleets of vulnerable IoT devices to create botnets and utilize them to conduct DDoS attacks. Attackers also know they can rely on unresolved legacy vulnerabilities, as 34 of the 39 most-used IoT exploits have been present in devices for at least three years.

Source: IoT Device Security in 2024: The High Cost of Doing Nothing, Asimily 2024

Routers are the most targeted IoT devices, accounting for 75% of all IoT infections. Hackers exploit routers as a stepping stone to access other connected devices within a network. Security cameras and IP cameras are the second most targeted devices, making up 15% of all attacks.

Other commonly targeted devices include digital signage, media players, digital video recorders, printers, and smart lighting. The Asimily report, IoT Device Security in 2024: The High Cost of Doing Nothing also highlights the especially consequential risks associated with specialised industry equipment, including devices critical to patient care in healthcare (including blood glucose monitors and pacemakers), real-time monitoring devices in manufacturing, and water quality sensors in municipalities.

Cyber insurers are capping payouts. Cybersecurity insurance is becoming more expensive and difficult to obtain as cyberattacks become more common. More insurers are now requiring businesses to have strong IoT security and risk management in place to qualify for coverage—and increasingly denying or capping coverage for those that do not meet certain thresholds.

Among the reasons why cyber insurers deny coverage, a lack of security protocols is the most common, at 43%. Not following compliance procedures accounts for 33% of coverage denials. Even if insured, though, reputational damage remains a risk: 80% of a business’s customers will defect if they do not believe their data is secure.

Manufacturing is now the top target: Cybercriminals are increasingly focusing their attention on the manufacturing, finance, and energy industries. Retail, education, healthcare, and government organizations remain popular targets, while media and transportation have been de-emphasized over the past couple of years.

“There’s a clear and urgent need for more businesses to prioritise a more thorough risk management strategy capable of handling the unique challenges of the IoT,” said Shankar Somasundaram, CEO, Asimily.

Shankar Somasundaram

“While organisations often struggle with the sheer volume of vulnerabilities in their IoT device fleets, crafting effective risk KPIs and deploying tools to gain visibility into device behaviour empowers them to prioritise and apply targeted fixes.”

Shankar Somasundaram

He added that this approach, coupled with a deeper understanding of attacker behaviour, enables teams to distinguish between immediate threats, manageable risks, and non-existent dangers.

“The right strategy equips organizations to focus efforts where they matter most, maximising their resources while ensuring the security of their IoT ecosystem at scale,” he concluded.

The post Rising risks from accelerated use of unchecked IoT in enterprise appeared first on FutureIoT.

]]>
What the digital workplace will look like in 2024 https://futureiot.tech/what-the-digital-workplace-will-look-like-in-2024/ Fri, 23 Feb 2024 01:00:00 +0000 https://futureiot.tech/?p=13565 In 2023, Gartner posited that the digital workplace is the centrepiece of the employee experience with enterprise information technology, as well as an agent for changing workers’ behaviour as work becomes more technology-dependent. In the report, 2023 Strategic Roadmap For Digital Workplace Infrastructure and IT Operations (I&O), the analyst suggested that a successful digital workplace […]

The post What the digital workplace will look like in 2024 appeared first on FutureIoT.

]]>
In 2023, Gartner posited that the digital workplace is the centrepiece of the employee experience with enterprise information technology, as well as an agent for changing workers’ behaviour as work becomes more technology-dependent.

In the report, 2023 Strategic Roadmap For Digital Workplace Infrastructure and IT Operations (I&O), the analyst suggested that a successful digital workplace strategy strikes a cost-effective balance between hardware, employee support and cybersecurity while focusing on improving the digital employee experience.

Key findings of the report

Digital employee experience (DEX) is a major component of overall employee experience. This necessitates a greater focus on continually measuring and improving employee sentiment, technology adoption and solution performance.

Gartner posits that many digital workplace leaders are increasing investments in endpoint analytics and self-healing.

Traditional, siloed operating models are prone to gaps in DEX and are ill-equipped to support increased cybersecurity and operational demands, yet many organisations fail to adjust their structure.

Over 80% of digital workplace leaders have increased prioritisation on environmental sustainability. Success requires modern operations, selecting sustainable vendors, adopting new tooling and developing comprehensive reporting.

Gartner says I&O plays a crucial role in enabling and supporting the digital workplace and must improve its business acumen and ability to:

  • Adapt to ever-evolving employee, HR and line-of-business demands
  • Upskill team members
  • Evolve operating models
  • Keep pace with and prepare for the future
  • Free up resources to focus on employee enablement
  • Improve DEX
  • Eliminate technical debt

The post What the digital workplace will look like in 2024 appeared first on FutureIoT.

]]>
AI Investment critical for network performance and security https://futureiot.tech/ai-investment-critical-for-network-performance-and-security/ Wed, 21 Feb 2024 01:00:00 +0000 https://futureiot.tech/?p=13554 Global network operator spending on AI for network orchestration will generate US$20 billion by 2028; rising 240% from $6 billion in 2024. Juniper Research predicts that enterprises’ increasing use of cellular networks, including for smart manufacturing and autonomous vehicles, will necessitate further investment into AI that automates key network processes. These use cases require various […]

The post AI Investment critical for network performance and security appeared first on FutureIoT.

]]>
Global network operator spending on AI for network orchestration will generate US$20 billion by 2028; rising 240% from $6 billion in 2024.

Juniper Research predicts that enterprises’ increasing use of cellular networks, including for smart manufacturing and autonomous vehicles, will necessitate further investment into AI that automates key network processes.

These use cases require various degrees of high throughput, low latency and geographical coverage. Therefore, to maximise networks’ efficiency and reduce operational expenditure, the report urged operators to accelerate the incorporation of AI into core networks.

AI Investment critical for network performance & security

The report found that, as operators expand established 5G networks and build future 6G networks, AI must play an essential role. It identified performance optimisation and network security as the most important use cases; accounting for over 50% of global operator spend on AI by 2028.

Additionally, the ever-increasing virtualisation of network functions and demand for cellular data will drive operators to implement AI to decrease operational costs. It predicted that the ability to automate real-time network analysis and adjust network conditions accordingly will be crucial to minimising the costs associated with network management and service provision.

Frederick Savage

Research author Frederick Savage commented: “As operators compete on the quality of their networks, AI will be essential to maximising the value of using a cellular network for connectivity. High-spending users will gravitate to those networks that can provide the best service conditions.”

The post AI Investment critical for network performance and security appeared first on FutureIoT.

]]>
Beware of network anomalies and attacks https://futureiot.tech/beware-of-network-anomalies-and-attacks/ Wed, 14 Feb 2024 01:30:23 +0000 https://futureiot.tech/?p=13523 Network anomalies and attacks were the most prevalent threat to OT and IoT environments in the second half of 2023, increasing 19% over the previous reporting period. Included here was a 230% surge in vulnerabilities within critical manufacturing. The latest Nozomi Networks Labs OT & IoT Security Report revealed that “network scans” topped the list […]

The post Beware of network anomalies and attacks appeared first on FutureIoT.

]]>
Network anomalies and attacks were the most prevalent threat to OT and IoT environments in the second half of 2023, increasing 19% over the previous reporting period. Included here was a 230% surge in vulnerabilities within critical manufacturing.

The latest Nozomi Networks Labs OT & IoT Security Report revealed that “network scans” topped the list of network anomalies and attack alerts, followed closely by “TCP flood” attacks which involve sending large amounts of traffic to systems aiming to cause damage by bringing those systems down or making them inaccessible.

“TCP flood” and “anomalous packets” alert types exhibited significant increases in both total alerts and averages per customer in the last six months, increasing more than 2x and 6x respectively. 

Chris Grove

"These trends should serve as a warning that attackers are adopting more sophisticated methods to directly target critical infrastructure, and could be indicative of rising global hostilities,” said Chris Grove, director of cybersecurity strategy at Nozomi Networks.

He posited that the significant uptick in anomalies could mean that the threat actors are getting past the first line of defence while penetrating deeper than many would have initially believed, which would require a high level of sophistication. “The defenders have gotten better at protecting against the basics, but these alerts tell us that the attackers are quickly evolving to bypass them,” he added.

Alerts on access control and authorization threats jumped 123% over the previous reporting period. In this category “multiple unsuccessful logins” and “brute force attack” alerts increased 71% and 14% respectively.

This trend highlights the continued challenges in unauthorized access attempts, showing that identity and access management in OT and other challenges associated with user passwords persist.

The top critical threat activity seen in real-world environments over the last six months:

1.            Network Anomalies and Attacks – 38% of all alerts

2.            Authentication and Password Issues – 19% of all alerts

3.            Access Control and Authorization Problems – 10% of all alerts

4.            Operational Technology (OT) Specific Threats – 7% of all alerts

5.            Suspicious or Unexpected Network Behaviour – 6% of all alerts

ICS vulnerabilities

With this spike in network anomalies top of mind, Nozomi Networks Labs has detailed the industries that should be on highest alert, based on analysis of all ICS security advisories released by CISA over the past six months.

Manufacturing topped the list with the number of Common Vulnerabilities and Exposures (CVEs) in that sector rising to 621, an alarming 230% increase over the previous reporting period. Manufacturing, energy and water/wastewater remained the most vulnerable industries for a

third consecutive reporting period – though the total number of vulnerabilities reported in the

The energy sector dropped 46% and Water/Wastewater vulnerabilities dropped 16%. Commercial Facilities and Communications moved into the top five, replacing Food & Agriculture and Chemicals (which both dropped out of the top 10).

Healthcare & Public Health, Government Facilities, Transportation Systems and Emergency Services all made the top 10.

In the second half of 2023:

  • CISA released 196 new ICS advisories covering 885 Common Vulnerabilities and Exposures (CVEs) – up 38% over the previous six-month period
  • 74 vendors were impacted – up 19%
  • Out-of-Bounds Read and Out-of-Bounds Write vulnerabilities remained in the top CWEs for the second consecutive reporting period – both are susceptible to several different attacks including buffer overflow attacks

Data from IoT Honeypots

Findings reveal that malicious IoT botnets remain active this year, and botnets continue to use default credentials in attempts to access IoT devices. From July through December 2023, it was revealed that:

  • An average of 712 unique attacks daily (a 12% decline in the daily average compared to the previous reporting period) – the highest attack day hit 1,860 on October 6.
  • Top attacker IP addresses were associated with China, the United States, South Korea, India and Brazil.
  • Brute-force attempts remain a popular technique to gain system access – default credentials remain one of the main ways threat actors gain access to IoT. Remote Code Execution (RCE) also remains a popular technique – frequently used in targeted attacks, as well as in the propagation of various types of malicious software.

The post Beware of network anomalies and attacks appeared first on FutureIoT.

]]>
Cradlepoint AI functionality advances 5G for business https://futureiot.tech/cradlepoint-ai-functionality-advances-5g-for-business/ Wed, 31 Jan 2024 01:00:00 +0000 https://futureiot.tech/?p=13429 Cradlepoint announced new comprehensive AI functionality to make 5G networks smarter, simpler, and more secure. It claims it has been able to adopt an AI model uniquely focused on cellular networking. Organisations are also able to embrace the productivity benefits of generative AI tools without the risk of data leakage through a security service acquired […]

The post Cradlepoint AI functionality advances 5G for business appeared first on FutureIoT.

]]>
Cradlepoint announced new comprehensive AI functionality to make 5G networks smarter, simpler, and more secure. It claims it has been able to adopt an AI model uniquely focused on cellular networking. Organisations are also able to embrace the productivity benefits of generative AI tools without the risk of data leakage through a security service acquired from Ericom

“We are not only making 5G networks smarter, simpler, and more secure for our customers’ IT departments. We are also allowing our customers’ security organisations to take control over how their employees leverage generative AI tools, protecting them from misuse that could lead to a damaging data leak or a malware infection,” said Donna Johnson, CMO at Cradlepoint.

AI capabilities include:

NetCloud AIOps Dashboard – Simplifies the ongoing operations of enterprise networks leveraging 5G SASE capabilities. The NetCloud AI model aggregates learning into a single dashboard that identifies areas of performance degradation, isolates the cause of the issue, and pinpoints the affected sites, users, and applications. With a unique focus on cellular networking, NetCloud AIOps will turn cellular signal quality indicators, such as proximity to cell tower, signal quality, and signal strength into actionable insights to enhance performance.  

AI-based NetCloud Assistant (“ANA”) – Uses natural language processing to assist NetCloud users with everyday queries about the operation of their network. From providing recommendations on cellular endpoints for specific use cases, to effectively troubleshooting network performance issues, ANA will be an invaluable assistant to simplify day-to-day operations.

Network Traffic Analysis – Provides centralised flow-level visibility for traffic analysis and forensics. This service will evolve later this year to leverage AI to establish a baseline of normal traffic patterns for the most common 5G use cases (distributed IoT, vehicles, sites) and flag any anomalies indicating the signs of a breach. 

GenAI Data Loss Prevention – With 79% of organisations reporting generative AI adoption without established policies, this solution applies access policies to block confidential data, personally identifiable information, or other sensitive data from being submitted to the generative AI site which can be potentially exposed in future responses. Ericom’s remote browser isolation technology also protects against weaponised responses infecting employee assets.   

“As a provider of turn-key car wash solutions, our customer success model requires highly reliable and efficient car wash operations,” said Ian Beason, director of Technology and Innovation at Motor City Wash Works.

He added that Cradlepoint’s new AIOps capabilities will allow our lean IT team to scale with our growing customer base and manage our network more effectively while providing an enhanced level of service to our customers.

The post Cradlepoint AI functionality advances 5G for business appeared first on FutureIoT.

]]>
C-suite must discern between cybersecurity and cyber resilience https://futureiot.tech/c-suite-must-discern-between-cybersecurity-and-cyber-resilience/ Thu, 25 Jan 2024 01:00:00 +0000 https://futureiot.tech/?p=13438 Everest Group is calling on enterprises to make the critical shift in focus from cybersecurity to cyber resilience. While cybersecurity focuses on safeguarding against threats, cyber resilience emphasizes the ability to withstand, respond and recover quickly from them. “Cybersecurity is just one component of cyber resilience, but, unfortunately, many enterprises fail to understand the subtle […]

The post C-suite must discern between cybersecurity and cyber resilience appeared first on FutureIoT.

]]>
Everest Group is calling on enterprises to make the critical shift in focus from cybersecurity to cyber resilience. While cybersecurity focuses on safeguarding against threats, cyber resilience emphasizes the ability to withstand, respond and recover quickly from them.

Cybersecurity is just one component of cyber resilience, but, unfortunately, many enterprises fail to understand the subtle difference,” said Kumar Avijit, practice director of Information Technology Services at Everest Group. He opined that while most C-suite executives concentrate on preventive controls and response, equal importance needs to be allocated to the recovery, revamp, and reinforcement stages of cyber resilience.

“For any business, having a comprehensive cyber resilience strategy is critical in safeguarding long-term viability and success,” he added.

The “5 Rs of cyber resilience”

Ready – High: C-suite is extensively focusing on pre-emptive measures to secure itself from cyberattacks and are investing in cutting-edge technologies.

Respond – High: There is rapid adoption of extended detection and response (XDR) tools in the market, and service providers too are now focusing on automated incident response to cut down on the standard metric of Mean Time to Resolution (MTTR).

Recover – Medium: There is very little focus on the recovery aspect from the C-suite, underpinned by the challenges of data fragmentation, infected backups, and meeting Recovery Time Objective (RTO) that are visible across the C-suite.

Reinforce – Low: The C-suite is not focused on learning from cyberattacks on peer organisations and building defences accordingly. In most cases, the C-suite lacks a comprehensive vision of security and instead remains reactive.

Revamp – Low: The C-suite is not acting agile enough to focus on the next-generation technology and thinking a step beyond on how to secure itself from the new attack vectors that the new shine tech brings.

Selected highlights

  • Projections suggest the cybersecurity services market, currently valued at $US 70-73 billion, will surpass the $100 billion mark in 2025, exhibiting a CAGR of 16-18% between 2021 and 2025.
  • Identity and access management (IAM), cloud security, and application security form the largest segments of the cybersecurity market, collectively representing 56% of the overall market.
  • Cybersecurity consulting services are experiencing rapid growth, with a current market share of 25%. This is closely followed by design and implementation at 29% and managed security services leading at 46%.
  • North America remains the largest market (40%) followed by Europe (33%) and Asia (21%).
  • 63% of enterprises have mentioned lack of skills/talent as among their top three biggest challenges when it comes to cybersecurity.

The post C-suite must discern between cybersecurity and cyber resilience appeared first on FutureIoT.

]]>
Laying the groundwork for secure IoT https://futureiot.tech/laying-the-groundwork-for-secure-iot/ Thu, 18 Jan 2024 01:00:00 +0000 https://futureiot.tech/?p=13381 The number of Internet of Things (IoT) end-user devices and IoT edge nodes such as home appliances, personal wearables, industrial robots, and even connected drones is quickly increasing. ABI Research forecasts that by 2026, the installed base of connected devices will reach more than 70 billion installations, creating an expansive IoT attack vector in the […]

The post Laying the groundwork for secure IoT appeared first on FutureIoT.

]]>
The number of Internet of Things (IoT) end-user devices and IoT edge nodes such as home appliances, personal wearables, industrial robots, and even connected drones is quickly increasing.

ABI Research forecasts that by 2026, the installed base of connected devices will reach more than 70 billion installations, creating an expansive IoT attack vector in the IoT environment.

Most of these devices are low-power, storage limited, and with weak computational power, which means these devices are increasingly connecting to the cloud environment for centralized storage, data analytics, real-time monitoring, remote access, and updates in firmware and software.

Connecting to the cloud environment creates yet another compromise vector for these devices.  An effective IoT device-to-cloud security strategy should target security in three vital areas: device, network, and cloud.

Michael Amiri

“Device security often means securing the chipset and the data stored inside the device from being breached. Network security securely transfers data between the IoT device and the cloud. Cloud security allows the data to avoid intrusion while sitting in the cloud,” says Michael Amiri, senior industrial and IoT cybersecurity analyst at ABI Research.

In addition to embedded security in device design and cloud provider security offerings, end-users need to ensure the implementation of robust authentication practices, especially given the nature of remote access and remote work regarding the IoT environment.

Growth opportunities in network security

In such an environment, Amiri explains, “Security vendors need to include cloud security solutions at the forefront of their marketing strategies. Emphasising cloud solutions is fundamental in a market where IoT devices increasingly rely on the cloud for storage, data handling, computation, remote management, and updates.”

IoT security technology is already experiencing a surge in demand, which will probably accelerate if new regulations for IoT and cloud connections are passed. A case in point is a recent Software Bill of Materials (SBOMs) mandate for medical device manufacturers in the U.S. ABI Research spoke to SBOM service providers, and they unanimously believe regulation has been a significant driver for their services.

“An explosive increase in IoT connections and devices is evident in the next three to four years. North America and the Asia region show the highest level of growth, followed by Western Europe. These will be the largest markets for IoT and cloud security solutions. Traditional markets for IoT security solutions have been the consumer, financial, enterprise, and government verticals. Yet automobile, healthcare, and manufacturing have seen a strong push for IoT security,” Amiri concludes. 

The post Laying the groundwork for secure IoT appeared first on FutureIoT.

]]>
Advancing OT security with smart IoT https://futureiot.tech/advancing-ot-security-with-smart-iot/ Tue, 02 Jan 2024 01:00:00 +0000 https://futureiot.tech/?p=13372 “The free flow of connections and data between OT, Internet of Things (IoT) and information technology (IT) is driving organisations to look for better ways to holistically monitor and manage their security defences across the entire attack surface,” says Chet Namboodri, Nozomi Networks senior vice president of alliances & channel sales. Nozomi Networks and NetWitness […]

The post Advancing OT security with smart IoT appeared first on FutureIoT.

]]>
“The free flow of connections and data between OT, Internet of Things (IoT) and information technology (IT) is driving organisations to look for better ways to holistically monitor and manage their security defences across the entire attack surface,” says Chet Namboodri, Nozomi Networks senior vice president of alliances & channel sales.

Nozomi Networks and NetWitness are partnering to deliver what they claim is unified security and visibility across OT and IT solutions. Integrating operational technology (OT) data greatly improves the effectiveness of the security operations centre (SOC).

“A key differentiator for NetWitness is its radical visibility into an organisation’s data, no matter what type – logs, network, or endpoints -- or where it resides – on-premises, in the cloud, or hybrid,” said

From a security perspective, Tod Ewasko, chief product officer for NetWitness, says integrating critical OT and IoT data into the threat detection, investigation, and response functions increases the effectiveness of the SOC and protects an increasingly important avenue for attacks.

The post Advancing OT security with smart IoT appeared first on FutureIoT.

]]>
Cooperation to expand security solutions for OT and ICS https://futureiot.tech/cooperation-to-expand-security-solutions-for-ot-and-ics/ Tue, 26 Dec 2023 01:00:00 +0000 https://futureiot.tech/?p=13285 OT and industrial control systems in manufacturing sites are often operated in closed environments, with IT and OT systems separated from each other. However, the emergence of the Internet of Things (IoT) and digital transformation (DX) is enabling convergence between these two domains. As a result, cyberattacks targeting manufacturing sites in industries such as semiconductors […]

The post Cooperation to expand security solutions for OT and ICS appeared first on FutureIoT.

]]>
OT and industrial control systems in manufacturing sites are often operated in closed environments, with IT and OT systems separated from each other. However, the emergence of the Internet of Things (IoT) and digital transformation (DX) is enabling convergence between these two domains.

As a result, cyberattacks targeting manufacturing sites in industries such as semiconductors and automobiles have increased, leading to production disruptions and highlighting the growing need for more robust security measures in factories.

Mitsubishi Electric and TXOne Networks have signed a long-term cooperation agreement covering technology development and marketing, aiming at expanding the operational-technology (OT) security businesses of both companies.

The collaboration aims to create innovative new value in OT security by combining Mitsubishi Electric's assessment, maintenance and operation services as well as control equipment and systems with TXOne's OT security products.

The new OT security solutions are expected to improve manufacturing productivity, efficiency and safety as well as security levels throughout the supply chains of various industries.

"We look forward to creating new value in OT security by combining OT technology and expertise for manufacturing, infrastructure and building automation with security technology for information systems," said Kunihiko Kaga, Mitsubishi Electric's representative executive officer and industry and mobility business area owner.

"With the continued evolution of DX and the increasing sophistication and complexity of cyberattacks, OT security measures must extend from the information communication layer to the control communication layer and deeper into the network layer.” Kunihiko Kaga

“We are confident that our synergy with TXOne's OT network segmentation and defence technologies will enable us to contribute to greater safety and security in OT environments and the world beyond," he continued.

Dr. Terence Liu, CEO of TXOne Networks, concurs adding that the collaboration between Mitsubishi Electric and TXOne Networks creates a unique value with our deep-rooted expertise in both IT and OT, forming comprehensive and holistic security services to safeguard manufacturing assets against the ever-evolving cyber risks at once."

The post Cooperation to expand security solutions for OT and ICS appeared first on FutureIoT.

]]>
EMB3D – a threat model for critical infrastructure embedded devices https://futureiot.tech/emb3d-a-threat-model-for-critical-infrastructure-embedded-devices/ Mon, 25 Dec 2023 01:00:00 +0000 https://futureiot.tech/?p=13281 Critical infrastructure depends on embedded devices across industries such as oil and natural gas, electric, water management, automotive, medical, satellite, autonomous systems, and unmanned aircraft systems. However, these devices often lack proper security controls and are insufficiently tested for vulnerabilities. Sophisticated cyber adversaries increasingly attempt to exploit these devices, as evidenced by a growing number […]

The post EMB3D – a threat model for critical infrastructure embedded devices appeared first on FutureIoT.

]]>
Critical infrastructure depends on embedded devices across industries such as oil and natural gas, electric, water management, automotive, medical, satellite, autonomous systems, and unmanned aircraft systems.

However, these devices often lack proper security controls and are insufficiently tested for vulnerabilities. Sophisticated cyber adversaries increasingly attempt to exploit these devices, as evidenced by a growing number of CISA ICS advisories identifying significant threats to many life- and safety-critical devices.

The EMB3D Threat Model, a collaborative effort by MITRE, Red Balloon Security, and Narf Industries, provides a common understanding of the threats posed to embedded devices and the security mechanisms required to mitigate them.

“Together, we are committed to enhancing the cyber posture of critical infrastructure sectors that rely on Operational Technology (OT) technologies. This collaboration exemplifies the power of collective expertise and underscores MITRE's dedication to advancing the resilience and security of vital systems in today's interconnected world.”

What is EMB3D

EMB3D aligns with and expands on several existing models, including Common Weakness Enumeration, MITRE ATT&CK, and Common Vulnerabilities and Exposures, but with a specific embedded device focus.

It provides a cultivated knowledge base of cyber threats to devices, including those observed in the field environment or demonstrated through proofs-of-concept and/or theoretic research. These threats are mapped to device properties to help users develop and tailor accurate threat models for specific embedded devices.

For each threat, suggested mitigations are exclusively focused on technical mechanisms that device vendors should implement to protect against the given threat with the goal of building security into the device.

EMB3D is intended to offer a comprehensive framework for the entire security ecosystem—device vendors, manufacturers, asset owners, security researchers, and testing organisations.

“Utilities have been forced to extreme measures to secure our infrastructures because of concerns about ICS device insecurities,” says Niyo Pearson of ONEGas.

“The EMB3D model will provide a means for ICS device manufacturers to understand the evolving threat landscape and potential available mitigations earlier in the design cycle, resulting in more inherently secure devices. This will eliminate or reduce the need to ‘bolt on’ security after the fact, resulting in more secure infrastructure and reduced security costs.”

EMB3D is intended to be a living framework, where new threats and mitigations are added and updated over time as new threat actors emerge and security researchers discover new categories of vulnerabilities, threats, and security defences.

Anticipated to be released in early 2024, EMB3D will be a public community resource, where all information is openly available, and the security community can submit additions and revisions.

“We encourage device vendors, asset owners, researchers, and academia to review the threat model and share feedback, ensuring our collective efforts remain at the forefront of safeguarding our interconnected world,” said Yosry Barsoum, vice president and director, Centre for Securing the Homeland at MITRE.

“Insights, expertise, and a collaborative spirit are invaluable as we work together to strengthen the resilience of our digital infrastructure. Together, we can build a safer and more secure future.”

The post EMB3D – a threat model for critical infrastructure embedded devices appeared first on FutureIoT.

]]>
Biometrics will redefine security and UX https://futureiot.tech/biometrics-will-redefine-security-and-ux/ Tue, 19 Dec 2023 01:00:00 +0000 https://futureiot.tech/?p=13233 As the demand for heightened security and seamless user experiences continues to grow across various sectors, advanced biometric technologies are poised to redefine the authentication and identity verification processes. From ensuring secure financial transactions to enhancing border control and streamlining retail interactions, advanced biometrics' ability to provide robust security while improving user experience marks a […]

The post Biometrics will redefine security and UX appeared first on FutureIoT.

]]>
As the demand for heightened security and seamless user experiences continues to grow across various sectors, advanced biometric technologies are poised to redefine the authentication and identity verification processes.

From ensuring secure financial transactions to enhancing border control and streamlining retail interactions, advanced biometrics' ability to provide robust security while improving user experience marks a new era in sectors such as financial services, government & law enforcement, retail, automotive, healthcare, and consumer goods, says GlobalData.

Saurabh Daga

Saurabh Daga, associate project manager of disruptive tech at GlobalData, comments: “Biometric technologies are transforming various sectors by uniquely identifying individuals through traits like fingerprints, voice, and facial patterns. The integration of AI and machine learning has boosted their accuracy and ability to detect fraud, especially in finance and healthcare. As privacy regulations evolve, the providers and implementors of biometric technologies are also adapting upgraded secure and ethical data practices. This blend of innovation and security is positioning biometrics as a key ingredient in future technology solutions, balancing user experience with individual rights.”

GlobalData’s “Advanced biometrics: emerging trends and technologies in authentication” report delves into over 60 real-life implementations of biometric technologies. The report categorizes these implementations based on the end-use sectors and applications.

Daga says “Advanced biometrics are likely to be a game-changer for a multitude of industries. Their ability to enhance security, streamline processes, and offer personalized experiences is reshaping the way businesses and governments operate.”

“By harnessing the power of advanced biometrics in combination with technologies such as AI, blockchain, and IoT, industries can unlock new levels of security and convenience, ultimately shaping a more secure and user-friendly future,” he concluded.

The post Biometrics will redefine security and UX appeared first on FutureIoT.

]]>
Gartner: 4 action items to reduce 3rd-party cybersecurity risks https://futureiot.tech/gartner-4-action-items-to-reduce-3rd-party-cybersecurity-risks/ Fri, 15 Dec 2023 01:00:00 +0000 https://futureiot.tech/?p=13223 In a recent Gartner survey, 45% of organisations experienced third-party-related business interruptions. This is despite the increased investments in third-party cybersecurity risk management (TPCRM) over the last two years. “Third-party cybersecurity risk management is often resource-intensive, overly process-oriented and has little to show for in terms of results,” said Zachary Smith, Sr principal research at […]

The post Gartner: 4 action items to reduce 3rd-party cybersecurity risks appeared first on FutureIoT.

]]>
In a recent Gartner survey, 45% of organisations experienced third-party-related business interruptions. This is despite the increased investments in third-party cybersecurity risk management (TPCRM) over the last two years.

Zachary Smith
Zachary Smith

“Third-party cybersecurity risk management is often resource-intensive, overly process-oriented and has little to show for in terms of results,” said Zachary Smith, Sr principal research at Gartner. “Cybersecurity teams struggle to build resilience against third party-related disruptions and to influence third party-related business decisions.”

Effective TPCRM depends on delivery of three outcomes

Successful management of third-party cybersecurity risk depends on the security organisation’s ability to deliver three outcomes – resource efficiency, risk management resilience and influence on business decision-making. However, enterprises struggle to be effective in two out of those three outcomes, and only 6% of organisations are effective in all three (see Fig. 1).

Figure 1. Security organisations’ ability to deliver on three outcomes for effective TPCRM

Source: Gartner (December 2023)

Four actions to manage third-party cybersecurity risks

Based on the survey findings, Gartner identified four actions that security and risk management leaders must take to increase their effectiveness in managing third-party cybersecurity risk. The survey found that organisations that implemented any of these actions saw a 40-50% increase in TPCRM effectiveness.

These actions include:

Regularly review how effectively third-party risks are communicated to the business owner of the third-party relationship: Chief information security officers (CISOs) need to regularly review how well the business understands their messaging around third-party risks to ensure they are providing actionable insights around those risks.

Track third-party contract decisions to help manage risk acceptance by business owners: Business owners will often choose to engage with a third party even if they are well-informed about associated cybersecurity risks. Tracking decisions helps security teams align compensating controls for risk acceptances and alerts security teams to particularly risky business owners that may require greater cybersecurity oversight.

Conduct third-party incident response planning (e.g., playbooks, tabletop exercises): Effective TPCRM goes beyond identifying and reporting cybersecurity risks. CISOs must ensure the organisation has strong contingency plans in place to prepare for unexpected scenarios and to be able to recover well in the wake of an incident.

Work with critical third parties to mature their security risk management practices as necessary: In a hyperconnected environment, a critical third party’s risk is also an organisation’s risk. Partnering with critical third parties to improve their security risk management practices helps promote transparency and collaboration.

The post Gartner: 4 action items to reduce 3rd-party cybersecurity risks appeared first on FutureIoT.

]]>
Legacy device and outdate software to slow medical device growth https://futureiot.tech/legacy-device-and-outdate-software-to-slow-medical-device-growth/ Tue, 12 Dec 2023 02:00:00 +0000 https://futureiot.tech/?p=13213 The rapid integration of new technology and digital health devices into healthcare systems has revolutionized patient care and diagnostic processes. However, the increased reliance on these devices has also exposed the healthcare industry to cybersecurity threats. In the report, Cybersecurity in Medical Devices, GlobalData forecasts the market for cybersecurity in medical devices to grow at […]

The post Legacy device and outdate software to slow medical device growth appeared first on FutureIoT.

]]>
The rapid integration of new technology and digital health devices into healthcare systems has revolutionized patient care and diagnostic processes. However, the increased reliance on these devices has also exposed the healthcare industry to cybersecurity threats.

In the report, Cybersecurity in Medical Devices, GlobalData forecasts the market for cybersecurity in medical devices to grow at a CAGR of 12.2% between 2022 and 2027, reaching US$1.1 billion.

Persistent challenges that must be addressed

There are several cybersecurity challenges in the medical devices industry, including legacy devices and outdated software. The vulnerabilities in medical devices pose significant risks, as they can compromise patient safety, privacy, and the overall integrity of healthcare systems.

Legacy devices are older medical devices that operate on outdated software, making them hard to update and ultimately vulnerable to cyberattacks. Additionally, a key piece of cybersecurity is training healthcare professionals who are using the tools that are at risk. Healthcare professionals should be able to recognize cyber threats so that action can be taken quickly, avoiding the potential detrimental outcomes of cyberattacks.

Alexandra Murdoch, senior medical analyst at GlobalData, comments: “The increasing number of digital health tools and the need for cybersecurity is important. However, as many digital health devices are interconnected, there is a larger attack surface, putting medical devices at higher risk of cyberattacks.” 

According to GlobalData, the growth is largely driven by the increasing connectivity and digital integration of medical devices, which makes them more susceptible for cyberattacks.

While cyberattacks are more likely with the adoption of digital health and connected devices, several strategies can be employed to mitigate said risks.

Murdoch explains: “Manufacturers should ensure that their devices are compatible with regular software updates and patching to address vulnerabilities. Additionally, implementing encryption and authentication mechanisms can safeguard data transmitted between devices, and using network segmentation to isolate medical devices from other critical systems can limit the potential impact of cyberattacks.”

As medical devices advance, addressing cybersecurity concerns is necessary to ensure patient safety and to maintain the integrity of healthcare systems. Collaboration, awareness, and the adoption of robust cybersecurity measures are essential components of a comprehensive strategy to mitigate risks.

Murdoch concludes: “By implementing these strategies, the medical device industry can work toward creating a more secure and resilient healthcare system.”

The post Legacy device and outdate software to slow medical device growth appeared first on FutureIoT.

]]>
AI already adopted by 78% of software testers https://futureiot.tech/ai-already-adopted-by-78-of-software-testers/ Tue, 05 Dec 2023 01:00:00 +0000 https://futureiot.tech/?p=13183 2023 has seen several high-profile software failures in the USA, including affecting financial markets and air traffic suffering “its largest and most catastrophic disruption of service since 9/11.” Separately, recent research independently conducted by Dr Junade Ali found that 71% of software engineers agreed to a great or moderate extent that software reliability at their […]

The post AI already adopted by 78% of software testers appeared first on FutureIoT.

]]>
2023 has seen several high-profile software failures in the USA, including affecting financial markets and air traffic suffering “its largest and most catastrophic disruption of service since 9/11.” Separately, recent research independently conducted by Dr Junade Ali found that 71% of software engineers agreed to a great or moderate extent that software reliability at their workplace concerned them, with the percentage concerned to a great extent increasing by 68% since 2021.

Building on these findings, LambdaTest’s new research, Future of Quality Assurance 2023, has shown that companies are working to respond to the need for greater software reliability with 72% of organisations involving testers in “sprint” planning sessions, signalling a substantial shift towards software quality being considered earlier in the software development lifecycle.

The survey shows that there has been rapid adoption of AI technologies. Uses of AI reported by software testers have included automating the creation of test data (51%), writing code for automated tests (45%), test result analysis and reporting (36%), and formulating test cases (46%). Additionally, 89% of organisations are automating the deployment and running of tests through CI/CD (Continuous Integration and Continuous Delivery) tools.

Persistent gaps

The research has also highlighted that gaps continue to exist in software testing. Teams are spending 10% of their time on setting up and maintaining test environments and a further 8% of time is spent fixing flaky tests. 74% of teams lacked a structured prioritization system, potentially overlooking factors like risk levels and customer feedback when running automated tests.

Finally, many teams lack data-driven insights to measure software reliability – 29% lacked Test Intelligence infrastructure to provide insights on how automated tests are running and 12% lacked reporting systems.

Asad Khan, CEO and co-founder of LambdaTest, pointed out that the study highlights the need to address bottlenecks affecting productivity like brittle tests alongside the set-up and maintenance of test environments. “This presents us with an opportunity as well as a challenge – to develop and implement tools that will efficiently address these bottlenecks to keep driving software quality forward,” he continued.

Commenting on the study, Dr Ali noted that organisations are attempting to close the gap between the market’s expectations of software reliability and the current state. Artificial Intelligence has seen rapid adoption amongst software testers; however, efficiency challenges remain key to improving the cost, speed and effectiveness of software testing.

“Software testers and QA staff face great pressure in the software development lifecycle, whilst practices in the industry like engaging them earlier in the process is a step forward, new tools offer a significant opportunity to help close the gap.”

Dr Junade Ali

The post AI already adopted by 78% of software testers appeared first on FutureIoT.

]]>
Partnership to offer continuous OT cybersecurity threat detection https://futureiot.tech/partnership-to-offer-continuous-ot-cybersecurity-threat-detection/ Mon, 04 Dec 2023 15:00:00 +0000 https://futureiot.tech/?p=13239 Network Perception has partnered with Claroty to provide OT network auditors with a comprehensive, independent audit platform to track and verify system changes and enhance network visibility. The combined technology enables auditors to establish an accurate network architecture and cybersecurity posture baseline. This information can then be used to set up continuous monitoring that enables […]

The post Partnership to offer continuous OT cybersecurity threat detection appeared first on FutureIoT.

]]>
Network Perception has partnered with Claroty to provide OT network auditors with a comprehensive, independent audit platform to track and verify system changes and enhance network visibility.

The combined technology enables auditors to establish an accurate network architecture and cybersecurity posture baseline. This information can then be used to set up continuous monitoring that enables immediate response and adaptation to disruptions.

Network assessment automation is fundamental to cyber resiliency best practices, enabling security and audit teams to transition from point-in-time spot-checking to real-time verification.

“While performing regular reviews of compliance metrics is important, accessing that data and analysing it can be time-consuming, tedious, and limited depending on where you are looking,” said Robin Berthier, CEO of Network Perception. “As cybersecurity risks grow, reviews need to become more comprehensive and frequent and be managed in a way that will not overburden security and audit teams. Integrating technology with Claroty makes this critical assessment possible at a glance.”

According to Stephan Goldberg, VP of business development at Claroty the exponential growth of unmanaged OT and XIoT network assets has made critical infrastructure more vulnerable to external threats.

“Our integration with Network Perception empowers customers to quickly discover and protect their XIoT assets, detect and respond to the earliest indicators of threats, and seamlessly extend their existing enterprise security and risk infrastructure and programs to harden their industrial networks,” he continued.

The post Partnership to offer continuous OT cybersecurity threat detection appeared first on FutureIoT.

]]>
Netskope claims borderless SD-WAN to transform enterprise networks https://futureiot.tech/netskope-claims-borderless-sd-wan-to-transform-enterprise-networks/ Thu, 23 Nov 2023 01:00:00 +0000 https://futureiot.tech/?p=13119 Information technology teams today seek cloud-centric infrastructure solutions that elegantly converge network and security capabilities, reduce legacy technology maintenance, and support the performance demands of hybrid work environments. Gartner says SASE has emerged as a leading framework already influencing these enterprise buying decisions and forecasts that in 2026, 60% of new SD-WAN purchases will be […]

The post Netskope claims borderless SD-WAN to transform enterprise networks appeared first on FutureIoT.

]]>
Information technology teams today seek cloud-centric infrastructure solutions that elegantly converge network and security capabilities, reduce legacy technology maintenance, and support the performance demands of hybrid work environments.

Gartner says SASE has emerged as a leading framework already influencing these enterprise buying decisions and forecasts that in 2026, 60% of new SD-WAN purchases will be part of a single-vendor SASE offering, up from 15% in 2022.

SASE vendor Netskope claims that its Borderless SD-WAN will transform how organisations manage their most critical networking and security functions and optimise enterprise branches everywhere.

Brandon Butler

“The era of the hyper-distributed enterprise - where workers can be anywhere and applications are everywhere - is causing organisations across the globe to transform their network and security strategies,” said Brandon Butler, IDC research manager for enterprise networks. “Key capabilities for next-generation architectures include deeply integrated networking and context-aware security, cloud-based management, and advanced automation enhanced by AI/ML.

Challenges by current branch infrastructure

  • Rely on legacy SD-WAN and multiple disjointed network security technologies that were not built to extend performance to cloud-first, hybrid work environments;
  • Can’t accommodate the explosion of cloud applications or IoT devices now in use throughout the enterprise;
  • Struggle under collections of security point products and connectivity services that aren’t cleanly connected or integrated, but incur significant ongoing maintenance costs;
  • Contribute to an overall status quo of inefficient, un-optimized branch infrastructure and inadequate security controls.

The Netskope answer

The new Netskope Next Gen SASE Branch, powered by Borderless SD-WAN, converges a unified SD-WAN and security appliance (the Netskope SASE Gateway) with a context-aware SASE Fabric, zero trust-based security, and a SkopeAI-powered cloud orchestrator. Available as a single, cloud-delivered offering, the solution also includes a thin branch that optimizes and secures traffic from all locations and users to cloud and on-prem locations.

Parag Thakore

“We’ve designed the Next Gen SASE Branch with the biggest needs of enterprise businesses in mind, both today and in the future,” said Parag Thakore, SVP, Borderless SD-WAN at Netskope. “Organisations no longer need to manage a complex stack of solutions to properly operate their enterprise, nor do they need to sacrifice performance for security. With Next Gen SASE Branch, they can take full advantage of a one-platform, one-software, one-policy approach that’s uniquely and fully enabled by Netskope Borderless SD-WAN.”

The post Netskope claims borderless SD-WAN to transform enterprise networks appeared first on FutureIoT.

]]>
Network Automation and Orchestration Opportunities in 2024 https://futureiot.tech/network-automation-and-orchestration-opportunities-in-2024/ Mon, 06 Nov 2023 01:00:00 +0000 https://futureiot.tech/?p=13058 Analysys Mason forecasts that the network automation and orchestration (NAO) market is projected to grow at a CAGR of 9.4% from 2023 to 2028 to reach US$16.5 billion. The firm attributes the growth to the ongoing roll-out of 5G standalone (SA) by communications service providers (CSPs) and cloud-native digital transformation journeys, which demand higher levels […]

The post Network Automation and Orchestration Opportunities in 2024 appeared first on FutureIoT.

]]>
Analysys Mason forecasts that the network automation and orchestration (NAO) market is projected to grow at a CAGR of 9.4% from 2023 to 2028 to reach US$16.5 billion. The firm attributes the growth to the ongoing roll-out of 5G standalone (SA) by communications service providers (CSPs) and cloud-native digital transformation journeys, which demand higher levels of automation to overcome network complexity.

CSPs will be increasing their spending in multi-domain, multi-vendor and multi-technology network control, management and orchestration systems that support hybrid cloud networking environments.

By 2028, 60% of the total NAO expenditure will be dedicated to 5G, WAN automation and multi-domain orchestration predicts the firm.

Michelle Lam

Michelle Lam, an analyst at Analysys Mason, predicts the coming years will be a critical time for 5G, marked by maturing technology and evolving use cases that are prompting CSPs to invest heavily in advanced automation and orchestration capabilities.

“This investment serves the dual purpose of reducing total cost of ownership (TCO) by streamlining complex operational processes, and secondly, unlocking new revenue opportunities with service differentiation,” she elaborated.

According to Lam, 5G-related NAO spending is projected to grow at a CAGR of 27.2% during the forecast period to reach USD8.6 billion, aligning with CSPs’ imperative to modernise their 5G SA infrastructure to support end-to-end network slicing, cloud-native automation and intent-based orchestration.

“CSPs will look towards enhancing these capabilities with artificial intelligence/machine learning- (AI/ML) driven closed-loop automation to enable automated slice lifecycle management across multi-vendor, multi-cloud and multi-technology environments.”

She believes these efforts will rely on open standards and the adoption of Kubernetes-based network architectures to facilitate the orchestration of cloud-native network functions (CNFs).

“Open-source initiatives, such as the Nephio project, will be the driving force to unify CNF orchestration across the RAN, core and transport network and support CNF domain orchestration in multi-vendor cloud infrastructure across large-scale edge deployments,” she continued.

The post Network Automation and Orchestration Opportunities in 2024 appeared first on FutureIoT.

]]>
Manufacturing and education are most targeted by malware https://futureiot.tech/manufacturing-and-education-are-most-targeted-by-malware/ Wed, 25 Oct 2023 01:00:00 +0000 https://futureiot.tech/?p=12930 The Zscaler ThreatLabz 2023 Enterprise IoT and OT Threat Report says the increasing frequency of malware attacks targeting IoT devices is a significant concern for OT security, as the mobility of malware can facilitate movement across different networks, potentially endangering critical OT infrastructure. “Weak enforcement of security standards for IoT device manufacturers coupled with the […]

The post Manufacturing and education are most targeted by malware appeared first on FutureIoT.

]]>
The Zscaler ThreatLabz 2023 Enterprise IoT and OT Threat Report says the increasing frequency of malware attacks targeting IoT devices is a significant concern for OT security, as the mobility of malware can facilitate movement across different networks, potentially endangering critical OT infrastructure.

Deepen Dasai

“Weak enforcement of security standards for IoT device manufacturers coupled with the proliferation of shadow IoT devices at the enterprise level poses a significant threat to global organisations. Often, threat actors target ‘unmanaged and unpatched’ devices to gain an initial foothold into the environment,” said Deepen Desai, global CISO and head of security research at Zscaler.

He encourages organisations to enforce zero trust principles when securing IoT and OT devices - never trust, always verify, and assume breach. “Organisations can eliminate lateral movement risk by utilizing continuous discovery and monitoring processes to segment these devices,” he continued.

Consistent growth in attacks

With the steady adoption of IoT and personal connected devices, the report found an increase of over 400% in IoT malware attacks year-over-year. The growth in cyber threats demonstrates cyber criminals’ persistence and ability to adapt to evolving conditions in launching IoT malware attacks.

Additionally, research indicates that cybercriminals are targeting legacy vulnerabilities, with 34 of the 39 most popular IoT exploits specifically directed at vulnerabilities that have existed for over three years.

Source: Zscaler 2023

The Mirai and Gafgyt malware families continue to account for 66% of attack payloads, creating botnets from infected IoT devices that are then used to launch denial-of-service (DDoS) attacks against lucrative businesses.

Botnet-driven distributed DDoS attacks are responsible for billions of dollars in financial losses across industries around the globe. In addition, DDoS attacks pose a risk to OT by potentially disrupting critical industrial processes and even endangering human lives.

Industries favoured by attackers

Manufacturing and retail accounted for nearly 52% of IoT device traffic, with 3D printers, geolocation trackers, industrial control devices, automotive multimedia systems, data collection terminals, and payment terminals sending the majority of signals over digital networks.

However, the quantity of device traffic has created opportunities for cybercriminals, and the manufacturing sector now sees an average of 6,000 IoT malware attacks every week.

Moreover, these substantial IoT malware attacks can disrupt critical OT processes, which are integral in many industrial manufacturing plants like automotive, heavy manufacturing, and plastic & rubber.

This creates long-term challenges for security teams at manufacturing businesses but also demonstrates that industrial IoT holds a substantial lead in adopting unique IoT devices (nearly three times more than other sectors). This increase is critical as manufacturing organisations continue adopting IoT tools for automation and digitization of legacy infrastructure.

Education is another sector that suffered from outsized attention from cybercriminals in 2023, with the propagation of unsecured as well as shadow IoT devices within school networks providing attackers with easier access points.

The wealth of personal data stored on their networks has made educational institutions particularly attractive targets, leaving students and administrations vulnerable. In fact, the report found IoT malware attacks in the education sector increased by nearly 1000%.

The post Manufacturing and education are most targeted by malware appeared first on FutureIoT.

]]>
PodChats for FutureIoT: Mitigating OT and IoT cyber risks https://futureiot.tech/podchats-for-futureiot-mitigating-ot-and-iot-cyber-risks/ Mon, 23 Oct 2023 01:00:00 +0000 https://futureiot.tech/?p=12914 The 2023 SonicWall Cyber Threat Report claims that IoT malware globally was up 37%, resulting in 77.9 million attacks compared to the 57 million attacks during the same period in 2022. The IoT malware attack volume in Asia rose to 23 million, up 130%. The Nokia 20203 Threat Intelligence Report claims that 60% of attacks […]

The post PodChats for FutureIoT: Mitigating OT and IoT cyber risks appeared first on FutureIoT.

]]>
The 2023 SonicWall Cyber Threat Report claims that IoT malware globally was up 37%, resulting in 77.9 million attacks compared to the 57 million attacks during the same period in 2022. The IoT malware attack volume in Asia rose to 23 million, up 130%.

The Nokia 20203 Threat Intelligence Report claims that 60% of attacks against telecom mobile networks are linked to IoT bots scanning for vulnerable hosts for use in distributed denial of service attacks.

Impact of unmonitored technology on security

Many say the weakest link is humans. I'd argue that the IoT devices that have been quietly sitting in the business perimeter present just as big a clear and present danger to consumers and enterprises. This has been repeatedly highlighted in cyberattacks against critical infrastructure.

Steven Scheurmann, regional vice president for ASEAN at Palo Alto Networks, says the escalation of cyberattacks on IoT and OT devices is a significant concern in ASEAN, with 60% of organisations acknowledging increased security risks associated with IoT. He pointed out that Unit 42's IoT Threat Report highlights that 57% of IoT devices are susceptible to medium to high-severity attacks.

He opined that the primary reason behind this trend is the expansion of the attack surface, as hackers exploit unsecured IoT and OT devices newly connected to networks.

Steven Scheurmann

“These devices often lack security updates and configurations, making them easy targets. Also, they may store sensitive personal data, making them attractive to hackers, particularly in sectors like healthcare. This evolving threat landscape is deeply concerning.”

Steven Scheurmann

The sum of the parts is better

It is widely known that IT teams and those with operational technology oversight have not, traditionally, seen the need to work together. However, recent attacks against critical infrastructure and supply chains suggest that threat actors are looking at multiple channels to penetrate an organisation.

“Across ASEAN and globally, organisations possess a multitude of diverse devices, including traditional endpoints like PCs and smartphones, cloud-based applications, and a mix of on-premises and hybrid cloud systems,” said Scheurmann. “In recent years, this fragmentation has become prevalent, resulting in varied configurations, standards, and compliance measures. This lack of uniformity creates vulnerabilities that attackers exploit.”

He suggested that by integrating IoT and OT under the shared responsibility of IT and security departments, enterprises can establish consistency, standardisation, and compliance, making it more challenging for hackers to breach systems.

“While this transition is positive, there is a learning curve involved, and our role is to educate the market on achieving this level of standardisation,” continued Scheurmann.

Factors driving a convergence of oversight

A report from the Center for Strategic and International Studies (CSIS) in the USA noted that hackers targeted government, military, and civilian networks across the Asia Pacific leveraging malware to obtain confidential information. The malware targeted both the data on victim machines as well as audio captured by infected machines’ microphones.

Scheurmann says securing critical infrastructure, like airports and telecommunications, at the national level is paramount to safeguard citizens in countries like the Philippines, Malaysia, Singapore, and Thailand.

He pointed out that protecting these vital assets is essential to prevent catastrophic disruptions and ensure public safety.

“The supply chain is another critical aspect, with many organisations reliant on interconnected third-party systems. Disrupting the supply chain can affect the delivery of goods and services, impacting everyone,” he added.

He explained that legacy systems pose unique challenges; identifying and managing them is a fundamental step in cybersecurity. “Without visibility, it's impossible to secure these systems effectively. Addressing these issues is complex but essential for comprehensive security,” he elaborated.

Protecting an expanding attack surface

The pandemic has accelerated organisations’ use of connectivity solutions. As enterprises start to connect IoT devices, sensors and instrumentations into the corporate network to acquire real-time visibility of assets or processes may have had the unintended consequence of exposing an organisation to threats previously not thought of by both security and IT teams.

“5G technology presents an incredible opportunity for organisations to scale services dramatically, impacting various sectors such as manufacturing and healthcare. It enables real-time decision-making on production lines and allows doctors to provide remote guidance in critical medical situations,” said Scheurmann.

He pointed out that the challenge lies in the speed at which data is transferred and shared – a breach could result in data being disseminated and compromised within seconds.

“Moreover, the connectivity of critical infrastructure through 5G raises concerns about potential attacks disrupting vital services like transportation and financial markets,” he posited. Despite these risks, he opined, the focus should be on harnessing 5G's benefits through education, preparation, and expert support, ensuring responsible and transformative use.

Expanding the protection envelope

Asked what steps should organisations then take to mitigate cybersecurity risk related to operational technology and IoT? And, more importantly, who should get involved?

Scheurmann believes that bringing OT and IoT devices into the realm of security and business units offers an opportunity to establish standards, governance, and policies. He added that this includes clear procedures, ongoing training and awareness, and a risk mitigation framework to anticipate and respond to incidents effectively.

He explained that visibility and tracking become crucial as more devices connect, ensuring a swift response to potential attacks. Resilience plays a critical role, ensuring systems can recover swiftly in the event of an attack.

“Delays in system restoration can have a significant impact, such as prolonged ATM network outages affecting everyday transactions for millions of people, emphasising the importance of quick recovery in a robust governance framework,” warned Scheurmann.

Predictions and advice for 2024

Recognising that Asia will continue to experience a shortage in skills and expertise, particularly in the areas of cybersecurity, Scheurmann believes that automation is pivotal for IT departments. He explains that automation ensures consistency in compliance, policy enforcement, and standardisation, allowing IT teams to focus on higher-priority tasks.

“For IT leadership, rationalising and consolidating the security stack is essential, given the proliferation of disparate products in response to recent challenges like COVID-19. Streamlining security measures simplifies administration and enhances effectiveness.

“Beyond IT, cybersecurity discussions must become a central boardroom topic, with every organisation recognizing the risk of potential cyberattacks. Leaders should prioritise cybersecurity strategy, investment, and integration into their overall business framework for successful digitisation,” concluded Scheurmann.

Click on the PodChat player to hear in detail Scheurmann’s take on how enterprises in Asia can mitigate OT and IoT cyber risks.
  1. What is the impact of unmonitored and unsecured IoT devices on a system’s cybersecurity, and why is it one of the biggest cybersecurity challenges across ASEAN?
  2. Why do the majority of ASEAN organisations (82%) see value in having a common team that looks after IT and OT infrastructure and systems? Is this a good thing or a bad thing?
  3. What factors are driving organisations’ focus on securing IoT/OT in their future cybersecurity strategies?
  4. What are the specific cybersecurity concerns related to 5G-connected IoT devices, and how do organisations plan to address them?
  5. What steps should organisations take to mitigate cybersecurity risks related to OT? Who should get involved?
  6. Coming into 2024, more devices and sensors will be added to the enterprises. What is your advice for operations, IT and leadership to improve the overall organisational security posture?

The post PodChats for FutureIoT: Mitigating OT and IoT cyber risks appeared first on FutureIoT.

]]>
Embedding zero trust in the data centre https://futureiot.tech/embedding-zero-trust-in-the-data-centre/ Thu, 19 Oct 2023 01:00:00 +0000 https://futureiot.tech/?p=12935 With the adoption of edge computing, multi-cloud, 5G and IoT, business data is increasingly distributed across geographically dispersed locations, making it harder to secure and manage. To adapt to this changing environment, organisations need a new modern data centre architecture that delivers reliability through automated data centre operations, scalable performance to support the most stringent […]

The post Embedding zero trust in the data centre appeared first on FutureIoT.

]]>
With the adoption of edge computing, multi-cloud, 5G and IoT, business data is increasingly distributed across geographically dispersed locations, making it harder to secure and manage.

To adapt to this changing environment, organisations need a new modern data centre architecture that delivers reliability through automated data centre operations, scalable performance to support the most stringent workloads (e.g., AI model training) and comprehensive data security, regardless of where the data resides.

Mauricio Sanchez

"Data centre infrastructures are getting more complex and distributed. Traditional firewalls need to become more easily extensible to dynamically align with how the infrastructure is evolving. Juniper’s new security fabric meets market demands by allowing customers to integrate existing routers and firewalls," said Mauricio Sanchez, Sr. research director, enterprise networking and security at Dell’Oro Group. 

The new Juniper Connected Security Distributed Services Architecture integrates Juniper’s unified security management paradigm with (claimed) best-in-class routing and AI-predictive threat prevention to bring much-needed operational simplicity and scale to data centre security.

In addition, four new high-performance firewall platforms deliver unmatched performance in a compact footprint that minimizes cost, space and power consumption. 

The vendor claims its Connected Security portfolio provides a secure bridge for customers to facilitate their transition to a modern data centre, at their own pace.

This is achieved via the following unique innovations:

Juniper Connected Security Distributed Services Architecture: Juniper is the first in the industry to deliver an architecture design that fully decouples the forwarding and security services layers that have traditionally been combined in a single firewall appliance.

By decoupling these layers, customers can utilise their existing Juniper MX series routers as intelligent forwarding engines and load balancers. This unique design gives customers independent scaling flexibility without chassis limitations, multi-path resiliency and cost efficiency.

When coupled with Juniper Security Director Cloud, the operational experience is as simple as managing one logical element, regardless of the quantities and form factors of any additional firewall engines added to the architecture.

AI-predictive threat prevention: Building on Juniper’s Adaptive Threat Profiling and Encrypted Traffic Insights, AI-predictive threat prevention automatically generates custom signatures unique to the customer’s environment through a proxy-less architecture. Coupled with AI, customers gain even more effective malware prevention at line rate.

Additionally, the enhanced URL filtering solution provides more granular control, with more than 200 categories to choose from and support for up to 200 languages, as well as a new portal for better insights on web content and easy recategorization.

The AI-powered security solution enables customers and partners to predict and find real threats faster, leaving human experts to focus on more strategic security tasks.

Four new best-in-class high-performance firewalls: The new Juniper Networks SRX firewalls (SRX1600, SRX2300, SRX4300, SRX4700) are 1RU in size, scale up to 1.4 Tbps and include built-in Zero Trust capabilities, delivering the industry’s highest firewall throughput performance per rack unit.

The new platforms feature wire-speed MACsec along with natively embedded TPM 2.0 chips and cryptographically signed device IDs that allow security administrators and network operators to easily verify the trust posture of devices remotely and mitigate the risks of supply chain attacks.

These new firewalls, like the whole SRX family, support industry-standard EVPN-VXLAN Type 5 integration, providing full fabric awareness to security operators and allowing them to respond to threats faster.

Praveen Jain

“A new modern data centre architecture is needed that delivers reliable automated operations and high-performing connectivity, all without sacrificing security within and between data centre locations,” said Praveen Jain, SVP and GM, AI clusters and cloud-ready data centre, Juniper Networks.

When combined with Juniper’s Connected Security Distributed Services Architecture, these additions to the Juniper SRX series family offer customers even more options to build and expand their data centre architectures securely and with sustainability objectives top of mind.

The post Embedding zero trust in the data centre appeared first on FutureIoT.

]]>
Semtech adds hybrid cloud capabilities to its AirLink routers https://futureiot.tech/semtech-adds-hybrid-cloud-capabilities-to-its-airlink-routers/ Wed, 18 Oct 2023 01:00:00 +0000 https://futureiot.tech/?p=12944 Semtech says it has blended the flexibility of cloud technology and the customer control of on-site infrastructure, in its AirLink routers offering unparalleled security and control that aligns with Zero Trust strategies. The (hybrid) approach combines the scalability of cloud technology and the control of on-premise infrastructure. This means businesses can quickly scale up their […]

The post Semtech adds hybrid cloud capabilities to its AirLink routers appeared first on FutureIoT.

]]>
Semtech says it has blended the flexibility of cloud technology and the customer control of on-site infrastructure, in its AirLink routers offering unparalleled security and control that aligns with Zero Trust strategies.

The (hybrid) approach combines the scalability of cloud technology and the control of on-premise infrastructure. This means businesses can quickly scale up their operations while keeping security at the forefront.

According to the company, the hybrid cloud enables businesses to have full control over their cellular-connected networks, with on-site process controls. By requiring on-site authentication, the risk of hacking remotely is substantially reduced. This added security layer protects against potential cyber threats, similar to the added security that two-factor authentication provides.

The company says that integrating a business’ public key infrastructure (PKI), ensures companies retain full control over their environment. The company explains that all operations require local authorization, offering separation of duties and thorough auditing of the management system. This, combined with Semtech’s unique device-to-cloud security strategy, sets a new industry standard for security and control.

“In addition to the on-premise infrastructure security component, Hybrid Cloud features leverage the inherent advantages of cloud technology, providing scalable infrastructure that evolves with a customer’s business needs, minimizing the need for hefty hardware investments and enabling rapid deployment to meet operational demands,” said David Markland, vice president of AirLink Networking Solutions, Semtech.

He went on to explain that “With this new solution, customers can rely on the expertise and robust security framework of a premier cloud platform gaining the freedom to concentrate on what truly counts - their core business operations.”

Commenting on the announcement, Dan Shey, vice president at ABI Research says Semtech’s Hybrid Cloud is a new and unique approach to an industry-wide problem for securing management.

“With the introduction of this new network management feature, Semtech is offering a solution that combines the trust and controls of on-premise security services with the scalability benefits of the cloud. For any enterprise, Hybrid Cloud is an easy-to-implement, cost-effective way to start building their zero-trust security framework,” he continued.

The post Semtech adds hybrid cloud capabilities to its AirLink routers appeared first on FutureIoT.

]]>
Securing IoT and connected devices is a global challenge https://futureiot.tech/securing-iot-and-connected-devices-is-a-global-challenge/ Wed, 11 Oct 2023 01:00:00 +0000 https://futureiot.tech/?p=12898 The Keyfactor report, “Digital Trust in a Connected World: Navigating the State of IoT Security,” reveals 97% of surveyed organisations struggling to secure their IoT and connected products to some degree. The research survey also found that 98% of organisations experienced certificate outages in the last 12 months, costing an average of over US$2.25 million.  […]

The post Securing IoT and connected devices is a global challenge appeared first on FutureIoT.

]]>
The Keyfactor report, “Digital Trust in a Connected World: Navigating the State of IoT Security,” reveals 97% of surveyed organisations struggling to secure their IoT and connected products to some degree. The research survey also found that 98% of organisations experienced certificate outages in the last 12 months, costing an average of over US$2.25 million. 

“Organisations worldwide are under mounting pressure to ensure their IoT and connected devices are protected while navigating an increasingly complex digital landscape that requires complete trust,” said

Ellen Boehm, senior vice president, IoT Strategies and Operations at Keyfactor, says the survey demonstrates the importance of identity-first security for those who manufacture IoT devices and those who deploy and operate them in their environment to establish digital trust at scale.

She opines that most organisations implement PKI solutions in their IoT security strategy, which is a huge step in the right direction.

“Ensuring that IoT device security is managed throughout its lifecycle will go a long way in both eliminating costly certificate outages and enhancing the long-term viability of IoT within the enterprise.”  Ellen Boehm

Highlights of the survey

Unrelenting attacks: 89% of respondents’ organisations that operate and use IoT and connected products have been hit by cyberattacks at an average cost of US$250K. The March attack on Amazon’s Ring that exfiltrated sensitive customer data such as recorded footage and credit card numbers is an example of the increase in IoT attacks. 

In the past three years, 69% of organisations have seen an increase in cyberattacks on their IoT devices.

Boehm says many IoT security strategies fail to prevent and protect against IoT-targeted cyberattacks because organisations lack the proper education and support needed to fully understand the task at hand.

She added that over half of respondents agree that their organisation doesn’t have the proper awareness and expertise to prepare for IoT device cyberattacks, spotlighting the need for more guidance to fully secure their devices.

“Organisations can’t protect against what they cannot understand,” she called out.

Proliferating growth of IoT devices: Respondents reported a 20% average increase in the number of IoT and connected products used by organisations over a three-year period.

IT is not fully confident in the security of IoT and connected devices: About 88% of respondents agree that improvements are needed in the security of IoT and connected products in use within their organisation. 37% of respondents reporting that significant improvement is needed and 60% reported that some improvement is needed.

When it comes to specific strategies, 4 in 10 organisations report that they strongly agree they would benefit from using a PKI to issue digital identities on the IoT and IIoT devices in their environment.

IoT security budgets being diverted to cover costs from outages: While budgets for IoT device security are increasing year over year, with an anticipated increase of 45% in the next five years, 52% of that budget is at risk of being diverted to cover the cost of successful cyber breaches on IoT and connected products.

Pointing fingers on responsibility: 48% believed that the manufacturer of IoT or connected devices should be at least mostly responsible for cyber breaches on their products.

The post Securing IoT and connected devices is a global challenge appeared first on FutureIoT.

]]>
Radiflow to support NIS2 compliance https://futureiot.tech/radiflow-to-support-nis2-compliance/ Wed, 04 Oct 2023 01:00:00 +0000 https://futureiot.tech/?p=12887 Beyond its focus on securing critical infrastructure, the European Commission's NIS2 directive also has implications for periphery sectors, such as pharmaceutical, food & beverage, chemical manufacturing, and others that serve defence operations. In addition to securing facilities, CISOs of publicly traded companies throughout Europe are now required to run recurring vulnerability scans, report on cybersecurity […]

The post Radiflow to support NIS2 compliance appeared first on FutureIoT.

]]>
Beyond its focus on securing critical infrastructure, the European Commission's NIS2 directive also has implications for periphery sectors, such as pharmaceutical, food & beverage, chemical manufacturing, and others that serve defence operations.

In addition to securing facilities, CISOs of publicly traded companies throughout Europe are now required to run recurring vulnerability scans, report on cybersecurity breaches within a reasonable timeframe, and report their risk exposure.

To bring companies in line with the new requirements in addition to their existing regulations, Radiflow has developed a three-pillar approach consisting of OT network illumination, prioritizing security for business-critical assets, and a clear onboarding process. In addition, they help ease the transition to new regulations by offering risk assessment and compliance services for companies going through the NIS2 journey.

“Many companies are entering a new world of cybersecurity regulation, unsure of how to go from their current security systems to more advanced ones that comply with regional legislations,” said Ilan Barda, co-founder & CEO of Radiflow.

Ilan Barda

“The want to comply is there, however, it’s a big leap for many teams. We’ve found that a customer-first approach to onboarding is allowing for faster time to be cyber-secure while demanding fewer resources.”

Ilan Barda

Many companies utilize older cybersecurity practices, outdated tools, or have no OT cybersecurity program at all. This presents a large skill gap between OT cybersecurity professionals today and the capabilities of a modern platform.

The CIARA 4.0 platform allows teams to gain insights into best practices for security controls, allowing for better mapping and reporting of their security posture. Working with teams allows for a smooth transition while integrating into existing systems, CIARA V4.0 can assist with compliance by focusing on continuous risk monitoring, enabling analysis of actions caused by the recent changes to the risk score.

The post Radiflow to support NIS2 compliance appeared first on FutureIoT.

]]>
Zero trust and remote access analysis for OT environments https://futureiot.tech/zero-trust-and-remote-access-analysis-for-ot-environments/ Mon, 02 Oct 2023 01:00:00 +0000 https://futureiot.tech/?p=12881 Cyolo has partnered with KuppingerCole and released an industry analysis focused on zero trust and remote access for operational technology (OT) environments.  The analysis reveals key insights about the OT cybersecurity threat landscape, outlines high-level security architecture for OT, critical infrastructure systems (CIS) and industrial control systems (ICS), and evaluates key requirements of security regulations […]

The post Zero trust and remote access analysis for OT environments appeared first on FutureIoT.

]]>
Cyolo has partnered with KuppingerCole and released an industry analysis focused on zero trust and remote access for operational technology (OT) environments. 

The analysis reveals key insights about the OT cybersecurity threat landscape, outlines high-level security architecture for OT, critical infrastructure systems (CIS) and industrial control systems (ICS), and evaluates key requirements of security regulations and frameworks. 

OT environments experience the same kinds of threats as enterprise IT – including ransomware, account takeovers, APTs, and supply chains as vectors – while experiencing expanded OT-specific threats.

While traditional IT security tools may be adapted, developing robust security architectures for OT environments is inherently complex compared to their IT counterparts. Its unique nature, from equipment and software to communication protocols requires dedicated OT security solutions.

Key insights

OT threat landscape. Heightened geopolitical factors have intensified attacks on OT and ICS, posing significant consequences ranging from operational disruptions and service denial to financial repercussions and potential harm to human well-being.

Core cybersecurity regulations. The risks and consequences of cyber-attacks against critical infrastructure advanced regulations globally mandating secure architectures and technical controls. KRITIS and the follow-on IT Security Act 2.0 are related examples of such regulations, as well as the NIST Cybersecurity Framework.

OT security architectures and key functionalities. There are eight areas of functionality that are central to effective OT security architectures. Cybersecurity architectures for OT must address asset discovery, access control, IT security tool integration, detection and response capabilities, and OT protocol-level threats.

As the analysis breaks down, within critical infrastructure interruptions and downtime are not an option. To address the increasing need for secure access in OT environments, Cyolo introduced Cyolo 4.3, which expands key capabilities with more layers of security and makes the product easier than ever to use for both administrators and end users in the industrial space.  

With Cyolo 4.3, industrial organisations will be able to extend their multi-factor authentication (MFA) across environments through integration with Duo Security to support their physical tokens as required.

Cyolo has implemented another layer of security for file transfer within the OT/ICS environment, through query anti-virus software to scan files before they are delivered to their destination. The company is also adapting for further usability, allowing teams to securely invite external users by generating a secure one-time password; and import groups from existing IdPs, using System for Cross-domain Identity Management (SCIM).

“Ensuring the security of critical infrastructure and industrial processes has become increasingly critical as organisations unite their IT and OT systems. This convergence has expanded the OT threat landscape and introduced significant cybersecurity challenges, as the once-isolated OT networks are now vulnerable to the same threats that have targeted IT networks for years” said Joe O'Donnell, vice president ICS/OT of Cyolo.

“With Cyolo 4.3, industrial entities can confidently navigate the complexities of the modern threat landscape and fortify their defences against evolving cyber threats,” he added.

The post Zero trust and remote access analysis for OT environments appeared first on FutureIoT.

]]>
Wind energy data transparency project adopts OCF standard https://futureiot.tech/wind-energy-data-transparency-project-adopts-ocf-standard/ Tue, 26 Sep 2023 01:00:00 +0000 https://futureiot.tech/?p=12854 Data Performance Consultancy (DPC) and Enturi have partnered for a standards-based wind turbine and data management project. The collaboration will adopt the Open Connectivity Foundation (OCF) Secure IP Device Framework and pair Enturi’s wind turbine with DPC’s trusted data expertise to support both businesses and individuals in achieving their sustainability goals through the use of […]

The post Wind energy data transparency project adopts OCF standard appeared first on FutureIoT.

]]>
Data Performance Consultancy (DPC) and Enturi have partnered for a standards-based wind turbine and data management project. The collaboration will adopt the Open Connectivity Foundation (OCF) Secure IP Device Framework and pair Enturi’s wind turbine with DPC’s trusted data expertise to support both businesses and individuals in achieving their sustainability goals through the use of trusted and transparent data.

DPC is supporting the integration of sensors into Enturi’s portable and decentralised wind turbines. The turbines can then connect to DPC’s cloud platform to manage the secure communication and management of data.

Benefits of integration

  • A customer application to control the turbines remotely and access live and historical data, a current challenge for the industry.
  • Preventative maintenance via real-time data analysis.
  • Data analysis to monitor and understand the impact of decisions on journeys to net zero.
  • Transparency of data to, for example, open up data access for carbon accounting as part of companies’ decarbonization journeys.
Brian Bishop

Referring to the partnership as a perfect example of how a standardised approach to connectivity and trusted data is enhancing strategies across industries, Brian Bishop, CEO of DPC and OCF president commented that as the renewable energy industry innovates, both organisations and consumers must have complete confidence that their data is safe.

"By using the OCF framework, DPC is able to not only comply with UK green energy metering requirements but with ISO/IEC standards to ensure the secure communication of wind energy data."

Brian Bishop

In February 2023, Enturi was awarded £98,000 of Innovate UK funding to accelerate system development through advanced computational fluid dynamics (CFD) simulation and rapid prototyping.

Alex Shakeshaft, CEO and Co-Founder of Enturi, says monitoring and reporting on decarbonization in a secure yet transparent way is a huge challenge for the renewable energy industry.

Alex Shakeshaft

"We are thrilled to collaborate with DPC to ensure both organisations and individuals can easily monitor and report on their sustainability goals. Our vision is to diversify clean technologies to enable businesses and communities to access renewable energy solutions to make significant contributions towards net zero goals, energy security, and energy costs.”

Alex Shakeshaft

The post Wind energy data transparency project adopts OCF standard appeared first on FutureIoT.

]]>
Urgent need for proactive OT defences and incident response https://futureiot.tech/urgent-need-for-proactive-ot-defences-and-incident-response/ Wed, 20 Sep 2023 03:00:00 +0000 https://futureiot.tech/?p=12782 The findings of a Cyentia Institute study commissioned by Rockwell Automation report, Anatomy of 100+ Cybersecurity Incidents in Industrial Operations, finds nearly 60% of cyberattacks against the industrial sector are led by state-affiliated actors and often unintentionally enabled by internal personnel (about 33% of the time). “Energy, critical manufacturing, water treatment and nuclear facilities are […]

The post Urgent need for proactive OT defences and incident response appeared first on FutureIoT.

]]>
The findings of a Cyentia Institute study commissioned by Rockwell Automation report, Anatomy of 100+ Cybersecurity Incidents in Industrial Operations, finds nearly 60% of cyberattacks against the industrial sector are led by state-affiliated actors and often unintentionally enabled by internal personnel (about 33% of the time).

Mark Cristiano

“Energy, critical manufacturing, water treatment and nuclear facilities are among the types of critical infrastructure industries under attack in the majority of reported incidents,” said Mark Cristiano, commercial director of global cybersecurity services at Rockwell Automation.

He added that anticipating that stricter regulations and standards for reporting cybersecurity attacks will become commonplace, the market can expect to gain invaluable insights regarding the nature and severity of attacks and the defences necessary to prevent them in the future.

Key findings

OT/ICS cybersecurity incidents in the last three years have already exceeded the total number reported between 1991-2000.

Threat actors are most intensely focused on the energy sector (39% of attacks) – over three times more than the next most frequently attacked verticals, critical manufacturing (11%) and transportation (10%).

Phishing remains the most popular attack technique (34%), underscoring the importance of cybersecurity tactics such as segmentation, air gapping, Zero Trust and security awareness training to mitigate risks.

In more than half of OT/ICS incidents, Supervisory Control and Data Acquisition (SCADA) systems are targeted (53%), with Programmable Logic Controllers (PLCs) as the next most common target (22%).

More than 80% of threat actors come from outside organisations, yet insiders play an unintentional role in opening the door for threat actors in approximately one-third of incidents. 

In the OT/ICS incidents studied, 60% resulted in operational disruption and 40% resulted in unauthorized access or data exposure. However, the damage of cyberattacks extends beyond the impacted enterprise, as broader supply chains were also impacted 65% of the time.

The research indicates strengthening the security of IT systems is crucial to combatting cyberattacks on critical infrastructure and manufacturing facilities. More than 80% of the OT/ICS incidents analyzed started with an IT system compromise, attributed to increasing interconnectivity across IT and OT systems and applications.

The IT network enables communication between OT networks and the outside world and acts as an entryway for OT threat actors. Deploying proper network architecture is critical to strengthening an organisation’s cybersecurity defences.

It is no longer enough to simply implement a firewall between IT and OT environments. Because networks and devices are connected daily into OT/ICS environments, this exposes equipment in most industrial environments to sophisticated adversaries.

Having a strong, modern OT/ICS security program must be a part of every industrial organisation’s responsibility to maintain safe, secure operations and availability.

Sid Snitkin

“The dramatic spike in OT and ICS cybersecurity incidents calls for organisations to take immediate action to improve their cybersecurity posture or they risk becoming the next victim of a breach," said Sid Snitkin, vice president of cybersecurity advisory services, ARC Advisory Group.

He added that the threat landscape for industrial organisations is constantly evolving, and the cost of a breach can be devastating to organisations and critical infrastructure. "The report’s findings underscore the urgent need for organisations to implement more sophisticated cybersecurity strategies," he concluded.

The post Urgent need for proactive OT defences and incident response appeared first on FutureIoT.

]]>
IDC: UTM and firewall spur growth in security appliance spending https://futureiot.tech/idc-utm-and-firewall-spur-growth-in-security-appliance-spending/ Thu, 14 Sep 2023 01:00:00 +0000 https://futureiot.tech/?p=12804 According to IDC's Worldwide Quarterly Security Appliance Tracker, total market revenue in the overall security appliance market grew 7.6% year over year in the second quarter of 2023 (2Q23) to more than US$4.2 billion. This represents a US$298 million increase compared to the same quarter in 2022. In the same period, security appliance shipments grew […]

The post IDC: UTM and firewall spur growth in security appliance spending appeared first on FutureIoT.

]]>
According to IDC's Worldwide Quarterly Security Appliance Tracker, total market revenue in the overall security appliance market grew 7.6% year over year in the second quarter of 2023 (2Q23) to more than US$4.2 billion. This represents a US$298 million increase compared to the same quarter in 2022. In the same period, security appliance shipments grew 22.0% year over year to 1.1 million units.

The performance of the combined unified threat management (UTM) and firewall markets drove the growth of the overall market in 2Q23 with revenue growth of 9.7% compared to 2Q22. The intrusion prevention systems (IPS) market grew 2.3% year over year, while content management and virtual private networks (VPN) both experienced a single-digit year-over-year decline in the quarter.

Carlo Dávila

"Supply chain constraints that have impacted the hardware-based markets continue to improve and IDC expects the security appliance market to maintain a healthy rate of growth in the years ahead as hardware-based security platforms remain a key component in a customer's cybersecurity investment strategy," said Carlo Dávila, research manager, Enterprise Trackers at IDC.

Competitive landscape

Source: IDC Worldwide Quarterly Security Appliance Tracker Q2 2023, September 7, 2023

* Note: IDC declares a statistical tie in the worldwide security appliances market when there is a difference of 1.0% or less in the share of revenues or shipments among two or more vendors.

The post IDC: UTM and firewall spur growth in security appliance spending appeared first on FutureIoT.

]]>
The riskiest assets introducing threats to global businesses https://futureiot.tech/the-riskiest-assets-introducing-threats-to-global-businesses/ Thu, 07 Sep 2023 01:00:00 +0000 https://futureiot.tech/?p=12765 New research from Armis identified the riskiest connected assets posing threats to global businesses. The findings highlight the risks of being introduced to organisations through a variety of connected assets across device classes and emphasise a need for a comprehensive security strategy to protect an organisation’s entire attack surface in real-time. “Continuing to educate global […]

The post The riskiest assets introducing threats to global businesses appeared first on FutureIoT.

]]>
New research from Armis identified the riskiest connected assets posing threats to global businesses. The findings highlight the risks of being introduced to organisations through a variety of connected assets across device classes and emphasise a need for a comprehensive security strategy to protect an organisation’s entire attack surface in real-time.

Nadir Izrael

“Continuing to educate global businesses about the evolving and increased risk being introduced to their attack surface through managed and unmanaged assets is a key mission of ours,” said Nadir Izrael, Armis CTO and Co-Founder. “This intelligence is crucial to helping organisations defend against malicious cyberattacks. Without it, business, security and IT leaders are in the dark, vulnerable to blind spots that bad actors will seek to exploit.”

Armis’ research, analysed from the Armis Asset Intelligence Engine, focuses on connected assets with the most attack attempts, weaponised Common Vulnerabilities and Exposures (CVEs) and high-risk ratings to determine the riskiest assets.

Assets with the highest number of attack attempts

Armis found the top 10 asset types with the highest number of attack attempts were distributed across asset types: IT, OT, IoT, IoMT, Internet of Personal Things (IoPT) and Building Management Systems (BMS).

This demonstrates that attackers care more about their potential access to assets rather than the type, reinforcing the need for security teams to account for all physical and virtual assets as part of their security strategy.

Top 10 device types with the highest number of attack attempts:

Engineering workstations (OT)

Imaging workstations (IoMT)

Media players (IoT)

Personal computers (IT)

Virtual machines (IT)

Uninterruptible power supply (UPS) devices (BMS)

Servers (IT)

Media writers (IoMT)

Tablets (IoPT)

Mobile phones (IoPT)

“Malicious actors are intentionally targeting these assets because they are externally accessible, have an expansive and intricate attack surface and are known weaponised CVEs,” said Tom Gol, CTO of Research at Armis.

He pointed out that the potential impact of breaching these assets on businesses and their customers is also a critical factor when it comes to why these have the highest number of attack attempts.

Tom Gol

"Engineering workstations can be connected to all controllers in a factory, imaging workstations will collect private patient data from hospitals and UPSs can serve as an access point to critical infrastructure entities, making all of these attractive targets for malicious actors with varying agendas, like deploying ransomware or causing destruction to society in the case of nation-state attacks. IT leaders need to prioritise asset intelligence cybersecurity and apply patches to mitigate this risk,” explained Gol.

Assets with unpatched, weaponised CVEs vulnerable to exploitation

Researchers identified a significant number of network-connected assets susceptible to unpatched, weaponised CVEs published before 1/1/2022.

Zooming in on the highest percentage of devices of each type that had these CVEs between August 2022 and July 2023, Armis identified the list reflected in Figure A. Unpatched, these assets introduce significant risk to businesses.

Assets most susceptible to unpatched, weaponised CVEs published before Jan 1 2022

Source: Armis, 2023

Assets with a High-Risk Rating

Armis also examined asset types with the most common high-risk factors:

  • Many physical devices on the list that take a long time to replace, such as servers and Programmable Logic Controllers (PLCs), run end-of-life (EOL) or end-of-support (EOS) operating systems. EOL assets are nearing the end of functional life but are still in use, while EOS assets are no longer actively supported or patched for vulnerabilities and security issues by the manufacturer.
  • Some assets, including personal computers, demonstrated SMBv1 usage. SMBv1 is a legacy, unencrypted and complicated protocol with vulnerabilities that have been targeted in the infamous Wannacry and NotPetya attacks. Security experts have advised organisations to stop using it completely. Armis found that 74% of organisations today still have at least one asset in their network vulnerable to EternalBlue – an SMBv1 vulnerability.
  • Many assets identified in the list exhibited high vulnerability scores, have had threats detected, have been flagged for unencrypted traffic or still have the CDPwn vulnerabilities impacting network infrastructure and VoIPs.
  • Half (50%) of pneumatic tube systems were found to have an unsafe software update mechanism.

The post The riskiest assets introducing threats to global businesses appeared first on FutureIoT.

]]>
Elevating digital protection with IoT security labeling schemes https://futureiot.tech/elevating-digital-protection-with-iot-security-labeling-schemes/ Mon, 04 Sep 2023 01:00:00 +0000 https://futureiot.tech/?p=12750 Devices connected through the Internet of Things (IoT) have become deeply embedded in our everyday lives, thoroughly transforming how we engage with technology. From advanced home automation to wearable health monitors, the presence of IoT is so ingrained that we frequently overlook its existence, making it truly remarkable. However, many of these consumer IoT devices […]

The post Elevating digital protection with IoT security labeling schemes appeared first on FutureIoT.

]]>
Devices connected through the Internet of Things (IoT) have become deeply embedded in our everyday lives, thoroughly transforming how we engage with technology. From advanced home automation to wearable health monitors, the presence of IoT is so ingrained that we frequently overlook its existence, making it truly remarkable.

However, many of these consumer IoT devices prioritise features and affordability, often sidelining essential cybersecurity provisions. This oversight makes them susceptible to digital threats, jeopardising user privacy and data. The 2016 Mirai botnet attack, which exploited IoT gadgets, underscores the looming dangers of poorly secured IoT systems.

Government intervention

Thankfully, governments globally are recognising these risks and acting on the security concerns raised, empowering consumers with the knowledge to make safer choices. The US has recently introduced the Cyber Trust Mark, a discretionary labelling system that promotes the understanding of a smart device's security provisions before a purchase is made.

This initiative mirrors others that have emerged prior, like the EU's Cyber Resilience Act. Closer to home, Australia has also implemented a similar cybersecurity label scheme for IoT devices. Notably, Singapore took the lead in the APAC region with their Cybersecurity Labelling Scheme (CLS) presented by the Cyber Security Agency of Singapore (CSA).

Given the collaborative efforts of businesses and governments worldwide to fortify IoT devices and develop universal IoT security benchmarks, we sit down with Kelvin Lim, director of security engineering, Asia Pacific, at Synopsys Software Integrity Group to understand more about how the CLS IoT labelling scheme has been doing in Singapore so far, and the lessons other organisations can take away in the space of security.

Given the rise of similar regulations in various regions, how has Singapore's Cybersecurity Labelling Scheme (CLS) fared locally?

Kelvin Lim: The CLS has garnered positive feedback from both industry experts and manufacturers. A mix of international, regional, and local IoT product manufacturers are getting their products assessed in Singapore. As of 14 August, this year, there are over 200 products endorsed under the CLS initiative.

"This track record speaks volumes, and the subsequent introduction of another scheme that has since been rolled out specifically for medical devices — the Cybersecurity Labelling Scheme for Medical Devices (CLS(MD)) — underlines Singapore's proactive approach to ensuring a digitally secure and advanced nation."

Kelvin Lim

The CLS initiative will bolster Singapore's cybersecurity standards, positioning it as a preferred hub for smart device production. From consumers, intuitive labels will help even those without technical expertise to navigate their decision process when purchasing IoT devices.

How has this influenced the medical device industry?

Kelvin Lim: More medical device manufacturers will adopt the standard as it gains recognition and traction in Singapore. By extending the CLS to medical devices, Singapore has emphasised the importance of cybersecurity in healthcare technologies.

This will compel medical device manufacturers to prioritise the security of their devices, ensuring the safety and privacy of patients.

How has the introduction of these labelling schemes impacted consumer preference?

Kelvin Lim: Today’s consumers are judicious. Increasingly so, they are invested in how their personal data is being used and stored, and how businesses are handling their private information. Consequently, consumers are more likely to buy a smart product sporting the CLS label.

It serves as a reassuring quality seal that the smart products they purchase and use have gone through stringent checks and are perceived as more secure, compared to one without.

However, those unfamiliar with CLS might gravitate towards renowned brands or manufacturers with a global footprint.

These renowned brands have built trust in consumers over many years, and are automatically associated with offering secure devices, regardless if they have the CLS certification or are on par with the security benchmark in Singapore.

Since its inception, how has the mutual recognition with Germany’s labelling scheme fared, and did it bring any value since it was finalised in October last year?

Kelvin Lim: The joint effort between Singapore and Germany epitomises the significance of global alliances in fortifying IoT security. This mutual acknowledgement has been warmly received by the industry and manufacturers. Beyond saving resources and avoiding repetitive tests, this accord also grants entry to new markets.

The path ahead for IoT

The horizon looks bright for IoT labelling. Such labels serve as badges of trust, assuring consumers of a device's compliance with rigorous cybersecurity norms. They also prompt manufacturers to prioritise cybersecurity in their product development process.

As the IoT landscape continues to evolve, it is imperative that consumers, manufacturers, and government work together to build a secure and resilient IoT ecosystem. By understanding the emerging risks in IoT security and implementing robust application protection measures, we can harness the full potential of IoT.

The post Elevating digital protection with IoT security labeling schemes appeared first on FutureIoT.

]]>
Safeguarding OT in a connected world https://futureiot.tech/safeguarding-ot-in-a-connected-world/ Wed, 30 Aug 2023 01:00:00 +0000 https://futureiot.tech/?p=12744 OT security is no longer an afterthought but a focal point of a company’s digital transformation thanks to Industry 4.0 and increasing digitisation. Organisations are now aware that state-sponsored actors and cybercriminals are capable of exploiting security gaps in key infrastructure to cause serious harm and supply chain issues. According to Frost & Sullivan, major […]

The post Safeguarding OT in a connected world appeared first on FutureIoT.

]]>
OT security is no longer an afterthought but a focal point of a company’s digital transformation thanks to Industry 4.0 and increasing digitisation.

Organisations are now aware that state-sponsored actors and cybercriminals are capable of exploiting security gaps in key infrastructure to cause serious harm and supply chain issues.

According to Frost & Sullivan, major corporations throughout the world want to increase their spending on OT security.

The growing need for OT security

Vinay Biradar, associate director at Frost & Sullivan, says OT systems become significantly more vulnerable to cyber threats as they integrate with IT infrastructure. Biradar points to market data which reveals that 90% of firms experienced at least one OT system intrusion incident in the previous calendar year.

He opines that worries are worsened by the expansion of zero-day threat vectors in this field and the inadequate security features built into Internet of Things (IoT) and OT equipment.

He explains that security is compromised by problems such as system-level attacks, lax device management, and inefficient authentication.

"Risks are exacerbated by poor patch management and program updates. Non-compliance by IoT manufacturers, inadequate network segmentation between IT and OT, public OT network access, and weak identity management further increase vulnerability," he elaborates.

According to Biradar, weak encryption, insecure data transfer, misconfigurations, firmware glitches, and a lack of secure update mechanisms add to the security woes of these systems leading to a variety of different attacks:

Unauthorised Access to SCADA (Supervisory Control and Data Acquisition) systems – where attackers infiltrate them to manipulate machinery, potentially causing safety risks or equipment damage.

Device Hijacking – where attackers gain control of OT devices, enabling eavesdropping, data theft, and operational disruption.

Data Manipulation – where cybercriminals target SCADA or Industrial Control Systems (ICS) devices to tamper with or delete stored data, leading to misinformation and compromised decision-making.

Man-in-the-Middle Attacks – where attackers intercept and modify communication between devices, altering device instructions and causing malfunctions.

Permanent Denial-of-Service – where attackers destroy firmware, rendering devices or systems inoperable and requiring extensive recovery efforts.

Fraudulent Identity and Control Panel Access – where attackers use fake identities to access control panels, compromising system settings and operational integrity.

Biradar opines that addressing these challenges demands a multi-pronged approach involving collaboration among manufacturers, regulatory bodies, and end-users to build industry standards.

"Consistent adherence to security, establishment of guidelines, conformance enforcement, and widespread adoption of best practices are essential throughout the lifecycle of OT devices," he suggested.

Growth areas in OT security

According to Frost, infrastructure security and smart buildings are quickly becoming important growth areas for OT security for businesses. Building Management Systems (BMS) security is seeing a noticeable increase in spending and budgetary allocation from organisations, in our market studies.

Biradar argues that BMS security is no longer the sole responsibility of the facility and operations teams; instead, CISOs are taking a more active role in harmonising the security stack as a whole and in developing Standard Operating Procedures (SOPs).

"While the traditional BMS Providers have started to invest in expanding their portfolio into smart buildings cybersecurity services, IT security vendors have started to perceive smart buildings cybersecurity as a new growth area and a vital component of their OT security offerings," he continued.

How organisations can prepare themselves

Biradar says the growth of the OT security market provides opportunities for both security vendors as well as end customers alike.

He posits that as an end client, "you can choose from the best-of-the-breed solutions and approaches as providers significantly increase their R&D in this area."

He acknowledges grey areas in comprehensively understanding the market opportunities and the key areas of investment.

"By embracing comprehensive market landscape analysis – which can feed into the organisation’s business as well as the technology roadmap, fostering industry collaboration, and prioritising security throughout the lifecycle of OT devices – organisations can stay prepared for the future," he concluded.

The post Safeguarding OT in a connected world appeared first on FutureIoT.

]]>
New report quantifies hospitals’ IoT and IoMT cybersecurity risk https://futureiot.tech/new-report-quantifies-hospitals-iot-and-iomt-cybersecurity-risk/ Fri, 25 Aug 2023 01:00:00 +0000 https://futureiot.tech/?p=12713 Healthcare Delivery Organisations (HDOs) have a low tolerance for service interruptions to network-connected devices and equipment because of their crucial role in patient outcomes and quality of care. Resource-constrained HDO security and IT teams continue to face operational difficulties in sufficiently securing critical systems from increasingly sophisticated attacks, as their vast and heterogeneous IoMT device […]

The post New report quantifies hospitals’ IoT and IoMT cybersecurity risk appeared first on FutureIoT.

]]>
Healthcare Delivery Organisations (HDOs) have a low tolerance for service interruptions to network-connected devices and equipment because of their crucial role in patient outcomes and quality of care.

Resource-constrained HDO security and IT teams continue to face operational difficulties in sufficiently securing critical systems from increasingly sophisticated attacks, as their vast and heterogeneous IoMT device fleets complicate management and, left unchecked, offer a broad attack surface.

Asimily's Total Cost of Ownership Analysis on Connected Device Cybersecurity Risk report highlights the unique cybersecurity challenges that healthcare delivery organisations (HDOs) face and the true costs of their IoT and IoMT security risks.

Key findings

Emerging cybersecurity trends and challenges: The report reveals the top cyberattack strategies impacting HDO medical devices right now: ransomware attacks that spread to devices and disrupt services, third-party-introduced malware that impacts device performance, and devices communicating with unknown IP addresses to enable remote breaches.

Cyberattacks on healthcare providers have become remarkably common: the average HDO experienced 43 attacks in the last 12 months. Unfortunately, many of those attacks are successful, with 44% of HDOs suffering a data breach caused by a third party within the last year alone.

The high cost of doing nothing: For HDOs, today’s high-failure status quo can be catastrophic. Cyberattacks cost HDOs an average of US$10,100,000 per incident. Worse, cyber incidents are directly responsible for a 20% increase in patient mortality. 64% of HDOs also reported suffering from operational delays, and 59% had longer patient stays due to cybersecurity incidents.

Those financial and operational burdens are pushing many HDOs to the brink: the average hospital operating margin sits at 1.4% in 2023. Currently, more than 600 rural U.S. hospitals risk closure, in an environment where a single cyberattack can put a smaller HDO out of business.

Poor device health leads to poor outcomes: HDO security and IT teams face a high-risk environment where the average medical device has 6.2 vulnerabilities. Adding to this challenge, more than 40% of medical devices are near end-of-life and poorly supported (or unsupported) by manufacturers.

Cybersecurity resources and staffing are limited: Even when device vulnerabilities are recognised, HDO security teams can fix only 5-20% of known vulnerabilities each month.

Cyber insurance is no longer enough: As ransomware attacks and breaches have skyrocketed in recent years, cyber liability insurers are introducing coverage limits and capped payouts, making it a less and less effective recourse for HDOs. At the same time, cyber insurance also fails to address the costly reputational damage an HDO suffers following a breach.

The report concludes that adopting a holistic risk-based approach is the most cost-efficient and long-term-effective path for HDOs to secure their critical systems and IoMT devices.

The post New report quantifies hospitals’ IoT and IoMT cybersecurity risk appeared first on FutureIoT.

]]>
Melbourne to use AI to keep city streets safe and clean https://futureiot.tech/melbourne-to-use-ai-to-keep-city-streets-safe-and-clean/ Tue, 22 Aug 2023 01:00:00 +0000 https://futureiot.tech/?p=12694 To decrease the frequency of waste contractor visits to busy areas, the City of Melbourne has offered residents and businesses subscription-based access to large-capacity compactor facilities. With the compactor in place, Council then wanted to understand how the service was being utilised and how to mitigate illegal waste dumping, which can quickly create safety and […]

The post Melbourne to use AI to keep city streets safe and clean appeared first on FutureIoT.

]]>
To decrease the frequency of waste contractor visits to busy areas, the City of Melbourne has offered residents and businesses subscription-based access to large-capacity compactor facilities. With the compactor in place, Council then wanted to understand how the service was being utilised and how to mitigate illegal waste dumping, which can quickly create safety and hygiene issues in the area.

Under its ‘emerging technology testbed’ initiative, the City of Melbourne worked with Nokia to leverage an existing network of installed cameras as Internet of Things (IoT) sensors to monitor one of the compactors.

The Nokia Scene Analytics solution employs an AI-powered algorithm to filter and collate data from the cameras, while also combining other data sources, such as operational data on the compactor itself, to create real-time alerts and produce reports.

Initial tests show

Initial trial results demonstrate that Scene Analytics can support the City’s objectives for better, safer citizen experiences while simultaneously lowering maintenance and downtime costs for waste management services.

Sally Capp

Lord Mayor Sally Capp, City of Melbourne, says the solution is a great example of using new technology to help remove illegal waste more quickly, make our city cleaner and protect the environment.

"This innovative project will help to avoid hazards and make our streets even cleaner by allowing our waste services to better understand behaviour trends related to the illegal and dangerous dumping of waste,” she continued. 

How the technology works

The trial allowed for real-time monitoring and detection of activity in the vicinity of the compactor using a virtual tripwire. Object detection and object counting was used to identify and count items to show how the compactor was impacted by items incorrectly placed within it, while also identifying potentially dangerous items.

Anomaly detection identified unusual movements, such as illegal waste dumping during the night, while face and license plate blurring maintained individual privacy during the trial.

Using these reports, the City of Melbourne can better understand the correlation between illegal waste-dumping activities and compactor downtime, to keep maintenance teams better informed and minimize issues.

It also allows them to swiftly address waste dumping activities before they become a hazard, viewing locations in real-time to observe any obstructions to service vehicle access, and adapting their schedule to reduce unnecessary visits and minimize their carbon footprint.

By understanding patterns of compactor usage and waste dumping activities, the city of Melbourne is also able to patrol the area more effectively, while developing an ongoing campaign to better inform and educate the community.

The post Melbourne to use AI to keep city streets safe and clean appeared first on FutureIoT.

]]>
Surveillance driving demand for storage solutions https://futureiot.tech/surveillance-driving-demand-for-storage-solutions/ Fri, 18 Aug 2023 01:00:00 +0000 https://futureiot.tech/?p=12671 Video surveillance revenue models are evolving as customers search for advanced data storage and video analytics services. ABI Research says customers will increasingly demand scalable data-centric solutions, creating ample opportunity for cloud providers and driving global cloud data and analytics services revenue in the video surveillance market to US$25 billion in 2030. “The video surveillance […]

The post Surveillance driving demand for storage solutions appeared first on FutureIoT.

]]>
Video surveillance revenue models are evolving as customers search for advanced data storage and video analytics services. ABI Research says customers will increasingly demand scalable data-centric solutions, creating ample opportunity for cloud providers and driving global cloud data and analytics services revenue in the video surveillance market to US$25 billion in 2030.

“The video surveillance market is experiencing a transformation as more cloud video surveillance systems emerge, diversifying a market that capital expenditure costs have historically dominated,” says Lizzie Stokes, IoT networks & services analyst at ABI Research.

Lizzie Stokes

“Enterprise companies, lines of business, and small and medium enterprises (SMEs) are looking to take advantage of surveillance insights and are searching for new storage and analytics service models to ease implementation, drive faster time to market, lower costs, and improve ROI.”

Lizzie Stokes

According to ABI Research, high upfront on-premises installation and integration costs traditionally drove video surveillance market service revenue. Professional services revenue dominated the market, facilitated by System Integrators (SIs) who often design and install customers’ surveillance systems.

Market trends

However, two prominent market trends have led video surveillance users to divert investments away from new camera deployments to cloud data services.

Stokes explains that as video resolutions have improved, data loads have become heavier and more costly to store. At the same time, regulation is driving more firms to save their video footage.

Stokes says these market dynamics have created a demand for scalable and cost-effective cloud data storage solutions.

The other trend she observes has to do with video surveillance users increasingly viewing video data as untapped business intelligence.

"Video surveillance cameras are already tracking employee behaviour, observing customer actions, and monitoring goods as they journey through the supply chain and the factory floor. Many video surveillance users—enterprises and SMEs—are searching for streamlined cloud video analytics services to mine raw video data for operational insights,” she adds.

Video Surveillance-as-a-Service (VSaaS) companies are responding to these market trends, offering cloud data storage, cloud video analytics, and Software-as-a-Service (SaaS) applications that produce vertical-specific insights.

New customer demand will eventually diversify the market’s revenue structures, with more customers paying for video surveillance services through recurring fees. Traditional video surveillance companies providing on-premises and cloud offerings include Honeywell, Milestone Systems, and Bosch. Newer companies featuring cloud video surveillance services include Verkada, Eagle Eye Networks, and Wasabi Technologies.

“VSaaS vendors are redefining how video surveillance can be offered and deployed,” Stokes concludes. “As video analytics applications expand and video data in the market explodes, new video surveillance companies have the opportunity to disrupt the market’s traditional revenue structure.”

Early stages

Sunny Chua, Wasabi Technologies' general manager for Singapore, acknowledges that the transition to the cloud for video surveillance is still in the early stages but certainly picking up speed. He points to the 5G deployment across the region as facilitating the use of intelligent video surveillance devices as well as advanced analytics at the edge.

Sunny Chua

"The ability for these smart cameras to relay information back in real-time is contributing to innovative use cases in digitally advanced markets like Singapore, such as live footage used complementarily with 3D mapping technology to provide live insights on crowd management and weapon detection via virtual patrols," he elaborated.

Another area where he sees an opportunity for VSaaS is smart cities where spending in the region is expected to more than double between 2023 and 2028 to reach US$42 billion.

"Intelligent video surveillance is an especially important part of the puzzle in smart city development - enabling everything from smart traffic management to furthering sustainability ambitions by providing predictive insights on facilities utilisation in buildings," added Chua.

He believes these ongoing digital developments will ultimately drive workflow modernisation and transformation. "This makes Asia a ripe ground for VSaaS providers that can offer domain-specific services for the deep and reliable automation that a digital era demands while expediting the transition and minimising risks," he concluded.

The post Surveillance driving demand for storage solutions appeared first on FutureIoT.

]]>
Schneider Electric debuts MSS for OT environments https://futureiot.tech/schneider-electric-debuts-mss-for-ot-environments/ Wed, 09 Aug 2023 23:30:00 +0000 https://futureiot.tech/?p=12633 As a vendor-agnostic solution, MSS fits into an organisation's existing IT/OT infrastructure, scaling to their budget and maturity.

The post Schneider Electric debuts MSS for OT environments appeared first on FutureIoT.

]]>
Schneider Electric has launched a Managed Security Services (MSS) offering to help customers in operational technology (OT) environments tackle the increased cyber risk associated with the demand for remote access and connectivity technologies.

As a vendor-agnostic solution, MSS fits into an organisation's existing IT/OT infrastructure, scaling to their budget and maturity.

Jay Abdallah, Schneider Electric

"Managed Security Services will help our customers implement cybersecurity practices, proactively address risk, and align to regulatory requirements, giving them the ability to focus on their core operations," said Jay Abdallah, vice president of cybersecurity solutions and services at Schneider Electric.

With the manufacturing industry reporting the highest share of cyberattacks in 2022, business owners increasingly recognise the need for innovative cybersecurity solutions to help minimise downtime, loss of intellectual property and other disruption caused by system vulnerabilities.

Few companies, especially those in the OT space, have specialised cybersecurity resources or expertise in house.

"As part of our wide range of solutions to make organisations run more efficiently, this new cybersecurity offering is continuously evolving, helping to protect our customers against new cyber threats that can, and will, arise."

Powered by Schneider Electric's global Cybersecurity Connected Service Hub (CCSH), the new MSS offering provides technologies as flexible services to monitor cyber threats and proactively respond on behalf of customers.

It monitors known risks and protects networks, systems and data across IT, OT and cloud environments – each of which has specific protocols and attack vectors. This new service can help customers to reduce the risk of emerging threats and sophisticated attacks that these unique technical and operational environments face.

Backed by advanced machine learning capabilities and trend analysis, MSS continuously optimises processes and addresses real-time threats. The services include 24/7/365 support through Schneider Electric's CCSH, with a global engineering and support team available around the clock.

The post Schneider Electric debuts MSS for OT environments appeared first on FutureIoT.

]]>
IT-OT investments to resolve exposed weaknesses in supply chains https://futureiot.tech/it-ot-investments-to-resolve-exposed-weaknesses-in-supply-chains/ Thu, 27 Jul 2023 01:00:00 +0000 https://futureiot.tech/?p=12543 Investment in warehouse automation and management systems continues to rise as supply chains look to resolve exposed weaknesses and create greater resilience to macroeconomic headwinds. ABI Research forecasts that automated storage & retrieval system (AS/RS) revenues are expected to surpass US$15 billion globally by 2030, and warehouse management system (WMS) revenues are expected to exceed […]

The post IT-OT investments to resolve exposed weaknesses in supply chains appeared first on FutureIoT.

]]>
Investment in warehouse automation and management systems continues to rise as supply chains look to resolve exposed weaknesses and create greater resilience to macroeconomic headwinds.

ABI Research forecasts that automated storage & retrieval system (AS/RS) revenues are expected to surpass US$15 billion globally by 2030, and warehouse management system (WMS) revenues are expected to exceed US$10 billion by the same period.

Ryan Wiggins

"Global supply chain challenges over the last three years have highlighted the need for digitalisation and a deeper restructuring of inventory management. Labour constraints, geopolitical trade shifts, and inventory gluts continue to pressure warehouse operations, and the most impacted organisations continue to be those with lower focus on digital transformations," states Ryan Wiggin, supply chain management & logistics industry analyst at ABI Research.

The present and future competitive landscape

AS/RS vendors, including AutoStore, Ocado, and Swisslog, as well as autonomous mobile robot (AMR) vendors such as inVia Robotics, Locus Robotics, and Vecna Robotics, are leading the structural automation charge.

Established and emerging WMS vendors such as Blue Yonder, Manhattan Associates, and Snapfulfil continue to add new functionalities to orchestrate and optimise both manual and automated workflows.

In addition to the growth in automation and management systems, high investment in hardware and devices is expected to increase worker productivity, as manual worker involvement remains necessary alongside the adoption of automated equipment. Global shipments of handheld devices for warehouse workers will grow at a CAGR of 20% to 2030, led by market leaders such as Zebra and Honeywell.

The new warehouse building is expected to drop by as much as 35% in 2023 compared to 2022. It is creating an even greater incentive to invest in the automation of current facilities to ease operational constraints.

Disruption to new developments will be short-lived, with steady growth in warehouse construction expected to 2030, led by a much greater CAGR in global e-commerce fulfilment centre development at 18%.

"Successful deployments by Tier One organisations continue to spur the adoption of technologies within small-medium enterprises. Solutions providers must continue to offer accessible adoption through as-a-service models and scalable structures, and exploring partnerships with complementary technology will be key to deploying market-leading end-to-end solutions," concludes Wiggin.

The post IT-OT investments to resolve exposed weaknesses in supply chains appeared first on FutureIoT.

]]>
Coming in phases: secure 5G connectivity to address extended enterprise https://futureiot.tech/coming-in-phases-secure-5g-connectivity-to-address-extended-enterprise/ Wed, 26 Jul 2023 01:00:00 +0000 https://futureiot.tech/?p=12539 Cradlepoint announced its phased rollout strategy for the industry’s first 5G-optimised Secure Access Service Edge (SASE) solution designed for the enterprise and purpose-built for Wireless Wide Area Network (WAN) deployments. With unique cellular capabilities and the simplicity of Cradlepoint’s cloud-based management platform, NetCloud Manager, Cradlepoint 5G SASE features zero trust, cellular intelligence along with cloud […]

The post Coming in phases: secure 5G connectivity to address extended enterprise appeared first on FutureIoT.

]]>
Cradlepoint announced its phased rollout strategy for the industry’s first 5G-optimised Secure Access Service Edge (SASE) solution designed for the enterprise and purpose-built for Wireless Wide Area Network (WAN) deployments.

With unique cellular capabilities and the simplicity of Cradlepoint’s cloud-based management platform, NetCloud Manager, Cradlepoint 5G SASE features zero trust, cellular intelligence along with cloud and SIM-based security to address the challenges and threats faced by today’s extended enterprise.

As enterprises evolve beyond fixed sites to include mobile and IoT, they are looking to the flexibility and agility of Wireless WAN and 5G. These geographically dispersed networks, combined with the proliferation of connected devices and ill-fitting network security solutions, can significantly increase security vulnerability.

With IoT device deployments projected to reach 30 billion by 2027, and the perennial IT talent shortage, the seamless integration of 5G-centric SASE solutions to manage Wireless WAN infrastructure is critical.

"A full SASE solution that is optimised for 5G will allow IT organisations to manage network security, network access policies, and observability across wireless connectivity in any hybrid WAN," said Shamus McGillicuddy, vice president of research at Enterprise Management Associates (EMA).

The Cradlepoint 5G SASE will be delivered in phases over the next 12 months:

Cradlepoint Cellular Intelligence: Available today, cellular telemetries, such as signal strength and data plan usage, can be leveraged for SD-WAN traffic steering. As 5G StandAlone (SA) networks become mainstream, Cradlepoint’s network slicing capabilities will work with carriers’ services to offer prioritisation and slice-based isolation.

SIM-based Security: Cradlepoint offers SIM management and GPS tracking to secure the physical devices and to detect rogue movement. Cradlepoint’s vision for the future is to work with carriers for tighter SIM-based security using SIMs as the basis for authentication, regardless of the connecting hardware.

Connect-and-Go Zero Trust Security: Creating WANs in just a few clicks, 5G SASE replaces complex VPNs. Zero trust shrinks the lateral attack surface—devices connected to a Cradlepoint router are immediately dark to the outside world and other sites. Soon, this capability will be delivered from the cloud, offering an easier deployment option.

Cloud-Delivered Security: Ericom’s full suite of SSE solutions, including SWG, CASB, RBI and DLP, protects users browsing in fixed and mobile environments from threats such as phishing and ransomware. Cradlepoint will integrate these capabilities with existing zero trust and SD-WAN solutions into Cradlepoint NetCloud for a single pane of glass user experience for IT teams.

"As enterprises evolve and become more diverse in terms of their connectivity to branch, mobile and IoT, they need a more 5 G-centric approach to security and management. An updated approach to SASE is essential for today’s modern organisation to defend against elevated attack surfaces," said Todd Krautkremer, CMO, Cradlepoint.

"Current SASE solutions are not optimised for 5G. Cradlepoint’s strategy is to provide lean IT organisations with a security solution that is aligned with the realities of a changing business and network profile."

Todd Krautkremer

The post Coming in phases: secure 5G connectivity to address extended enterprise appeared first on FutureIoT.

]]>
Cradlepoint outlines 5G SASE Strategy for cellular and hybrid WAN security https://futureiot.tech/cradlepoint-outlines-5g-sase-strategy-for-cellular-and-hybrid-wan-security/ Tue, 25 Jul 2023 01:00:00 +0000 https://futureiot.tech/?p=12533 Cradlepoint announced its phased rollout strategy for the industry’s first 5G-optimised Secure Access Service Edge (SASE) solution designed for the enterprise and purpose-built for Wireless Wide Area Network (WAN) deployments. With unique cellular capabilities and the simplicity of Cradlepoint’s cloud-based management platform, NetCloud Manager, Cradlepoint 5G SASE features zero trust, cellular intelligence along with cloud […]

The post Cradlepoint outlines 5G SASE Strategy for cellular and hybrid WAN security appeared first on FutureIoT.

]]>
Cradlepoint announced its phased rollout strategy for the industry’s first 5G-optimised Secure Access Service Edge (SASE) solution designed for the enterprise and purpose-built for Wireless Wide Area Network (WAN) deployments.

With unique cellular capabilities and the simplicity of Cradlepoint’s cloud-based management platform, NetCloud Manager, Cradlepoint 5G SASE features zero trust, cellular intelligence along with cloud and SIM-based security to address the challenges and threats faced by today’s extended enterprise.

As enterprises evolve beyond fixed sites to include mobile and IoT, they are looking to the flexibility and agility of Wireless WAN and 5G. These geographically dispersed networks, combined with the proliferation of connected devices and ill-fitting network security solutions, can significantly increase security vulnerability.

With IoT device deployments projected to reach 30 billion by 2027, and the perennial IT talent shortage, the seamless integration of 5G-centric SASE solutions to manage Wireless WAN infrastructure is critical.

Shamus McGillicuddy

“A full SASE solution that is optimised for 5G will allow IT organisations to manage network security, network access policies, and observability across wireless connectivity in any hybrid WAN,” said Shamus McGillicuddy, vice president of research at Enterprise Management Associates (EMA).

As an industry leader in Wireless WANs and with the recent acquisition of Ericom, Cradlepoint is uniquely positioned to deliver a comprehensive 5G-optimised SASE solution that enables organisations to seamlessly match the security challenges of extended networks. Cradlepoint 5G SASE will be delivered in phases over the next 12 months:

Cradlepoint Cellular Intelligence: Available today, cellular telemetries, such as signal strength and data plan usage, can be leveraged for SD-WAN traffic steering. As 5G StandAlone (SA) networks become mainstream, Cradlepoint’s network slicing capabilities will work with carriers’ services to offer prioritisation and slice-based isolation.

SIM-based Security: Cradlepoint offers SIM management and GPS tracking to secure physical devices and to detect rogue movement. Cradlepoint’s vision for the future is to work with carriers for tighter SIM-based security using SIMs as the basis for authentication, regardless of the connecting hardware.

Connect-and-Go Zero Trust Security: Creating WANs in just a few clicks, 5G SASE replaces complex VPNs. Zero trust shrinks the lateral attack surface—devices connected to a Cradlepoint router are immediately dark to the outside world and other sites. Soon, this capability will be delivered from the cloud, offering an easier deployment option.

Cloud-Delivered Security: Ericom’s full suite of SSE solutions, including SWG, CASB, RBI and DLP, protects users browsing in fixed and mobile environments from threats such as phishing and ransomware. Cradlepoint will integrate these capabilities with existing zero trust and SD-WAN solutions into Cradlepoint NetCloud for a single pane of glass user experience for IT teams.

“As enterprises evolve and become more diverse in terms of their connectivity to branch, mobile and IoT, they need a more 5 G-centric approach to security and management. An updated approach to SASE is essential for today’s modern organisation to defend against elevated attack surfaces,” said Todd Krautkremer, CMO, Cradlepoint.

Todd Krautkremer

“Current SASE solutions are not optimised for 5G. Cradlepoint’s strategy is to provide lean IT organisations with a security solution that is aligned with the realities of a changing business and network profile.”

Todd Krautkremer

The post Cradlepoint outlines 5G SASE Strategy for cellular and hybrid WAN security appeared first on FutureIoT.

]]>
Advanced TTPs against the industrial sector utilise cloud infrastructure https://futureiot.tech/advanced-ttps-against-the-industrial-sector-utilise-cloud-infrastructure/ Thu, 20 Jul 2023 01:00:00 +0000 https://futureiot.tech/?p=12524 A Kaspersky investigation into cyber attacks targeting the industrial sector in Eastern Europe revealed the use of advanced tactics, techniques, and procedures (TTPs) by threat actors to compromise industrial organisations in the region. Industries such as manufacturing, industrial control system (ICS) engineering and integration have been particularly affected, emphasising the urgent need for enhanced cybersecurity […]

The post Advanced TTPs against the industrial sector utilise cloud infrastructure appeared first on FutureIoT.

]]>
A Kaspersky investigation into cyber attacks targeting the industrial sector in Eastern Europe revealed the use of advanced tactics, techniques, and procedures (TTPs) by threat actors to compromise industrial organisations in the region.

Industries such as manufacturing, industrial control system (ICS) engineering and integration have been particularly affected, emphasising the urgent need for enhanced cybersecurity preparedness.

The investigation uncovered a series of targeted attacks with the objective of establishing a permanent channel for data exfiltration. These campaigns exhibited significant resemblances to previously researched attacks, such as ExCone and DexCone, suggesting the involvement of APT31, also known as Judgment Panda and Zirconium.

There was also the use of advanced implants designed for remote access, showcasing the threat actors' extensive knowledge and expertise in bypassing security measures. These implants enabled the establishment of persistent channels for data exfiltration, including from highly secure systems.

The threat actors were extensively using DLL Hijacking techniques again (that is abusing legitimate 3rd party executables, that are vulnerable to loading malicious dynamic linked libraries into their memory) to try and avoid detection while running multiple implants used during 3 attack stages.

Cloud-based data storage services like Dropbox and Yandex Disk, as well as temporary file-sharing platforms, have been used to exfiltrate data and deliver subsequent malware. They also deployed command and control (C2) infrastructure on Yandex Cloud as well as on regular virtual private servers (VPS) to maintain control over compromised networks.

Within these attacks, new variants of the FourteenHi malware were implemented. Discovered in 2021 during the ExCone campaign targeting government entities, this malware family has since evolved, with new variants surfacing in 2022 to target specifically the infrastructure of industrial organisations.

Also discovered is a novel malware implant, dubbed MeatBall – a backdoor implant that possesses extensive remote access capabilities.

"We cannot underestimate the significant risks posed to industrial sectors by the targeted attacks they face," comments Kirill Kruglov, a senior security researcher at Kaspersky ICS CERT.

"As organisations continue to digitise their operations and rely on interconnected systems, the potential consequences of successful attacks on critical infrastructure are undeniable."

Kirill Kruglov

"This analysis emphasises the critical importance of implementing resilient cybersecurity measures to protect industrial infrastructure against existing and future threats," he added.

Recommendations

Conducting regular security assessments of OT systems to identify and eliminate possible cyber security issues.

Establishing continuous vulnerability assessment and triage as a basement for effective vulnerability management process. Dedicated solutions like Kaspersky Industrial CyberSecurity may become an efficient assistant and a source of unique actionable information, not fully available to the public.

Performing timely updates for the critical components of the enterprise’s OT network; applying security fixes and patches or implementing compensating measures as soon as it is technically possible is crucial for preventing a significant incident that might cost millions due to the interruption of the production process.

Using EDR solutions for timely detection of sophisticated threats, investigation, and effective remediation of incidents.

Improving the response to new and advanced malicious techniques by building and strengthening your teams’ incident prevention, detection, and response skills. Dedicated OT security training for IT security teams and OT personnel is one of the key measures helping to achieve this.

The post Advanced TTPs against the industrial sector utilise cloud infrastructure appeared first on FutureIoT.

]]>
ABI Research forecasts strong demand for biometric hardware https://futureiot.tech/abi-research-forecasts-strong-demand-for-biometric-hardware/ Fri, 14 Jul 2023 00:45:48 +0000 https://futureiot.tech/?p=12515 ABI Research’s Biometrics Technologies and Applications market data report forecasts revenues for biometric hardware devices are set to reach US$9 billion worldwide by 2027. The report noted that alongside strong growth in biometric devices, rising in revenue from US$7 billion in 2022, consumer electronics (smartphone, tablet, wearable) biometric capability will markedly increase in future years. […]

The post ABI Research forecasts strong demand for biometric hardware appeared first on FutureIoT.

]]>
ABI Research’s Biometrics Technologies and Applications market data report forecasts revenues for biometric hardware devices are set to reach US$9 billion worldwide by 2027.

The report noted that alongside strong growth in biometric devices, rising in revenue from US$7 billion in 2022, consumer electronics (smartphone, tablet, wearable) biometric capability will markedly increase in future years. Fingerprint sensor revenues will remain at a steady US$1.5 billion annually, with attach rates for face, voice, vein, ECG, and gesture biometrics increasing rapidly.

Lucas Stuart

There are two angles to look at regarding the biometrics market. “First, we have dedicated devices, predominantly in the government and security space, as well as in enterprise, healthcare, and BFSI institutions. These are often specialised by application, for instance, a biometric enrolment kit for citizens’ identities, or eGate systems which use biometric verification to clear those crossing a border,” explains Lucas Stewart, research analyst at ABI Research. “Second, we can look at smartphones and tablets as a vessel for biometric authentication.”

ABI Research notes a strong uptick in the biometric capabilities of said devices, with low-end models increasingly equipped with biometric technologies and the overall smartphone user base seeing growing biometric penetration.

Stuart posits that given convenience and user experience, we see a trend of biometric verification often going through a personal device where possible, that is using your smartphone or other to capture or verify your own biometric data, where apps and web pages increasingly incorporate biometric means of authentication as a password replacement or way to verify oneself.

“Alongside the usability factor, this trend is underpinned by a clear need for mobility. In terms of standalone biometric devices, the need for mobility in these larger scale kits manifests with movement toward more handheld and portable devices,” Stuart continues.

Biometric locks are a key area of opportunity and something we will see more and more of as smart home concepts progress. Regarding other key growth areas, the border control market should also be closely monitored.

Stewart reiterates that there is a significant opportunity here with the need for more efficient and secure international border crossing becoming clear post-COVID as traveller volumes continue to rise.

ABI Research forecasts biometric locks as the most rapidly growing device type within the wider market, rising from 9.3 million shipments in 2022 to 35.5 million in 2027. Similarly exhibiting strong growth are eGates, at 12.8% CAGR from 2022 through 2027. These key figures sit alongside additional detail and granularity for multiple device types, by submarket and biometric modality.

The post ABI Research forecasts strong demand for biometric hardware appeared first on FutureIoT.

]]>
Getting IIoT networks ready for the future https://futureiot.tech/getting-iiot-networks-ready-for-the-future/ Tue, 11 Jul 2023 01:00:00 +0000 https://futureiot.tech/?p=12497 It may even be ready for foreseeable application requirements over the next several years. But what about the next decade? Change is always in the air, and you need to be prepared. Since the early days of industrial automation, manufacturers have adopted a variety of purpose-built protocols and systems for highly specialised control applications, instead […]

The post Getting IIoT networks ready for the future appeared first on FutureIoT.

]]>
It may even be ready for foreseeable application requirements over the next several years. But what about the next decade? Change is always in the air, and you need to be prepared.

Since the early days of industrial automation, manufacturers have adopted a variety of purpose-built protocols and systems for highly specialised control applications, instead of using standard Ethernet technologies.

As the IIoT continues to expand, industrial networks in the future will be required to transmit much larger volumes of data between interconnected devices and to collect information from remote devices for both OT and IT engineers to access. With these growing demands on the horizon, network preparedness may determine an enterprise's success.

Moxa offers three tips to prepare IIoT networks for the future. These include:

Achieve greater integration with a unified infrastructure

Over the years, various devices using different protocols have been deployed on industrial networks to provide diverse services. Under these circumstances, network integration usually costs more than expected or becomes more difficult to achieve.

Manufacturers can either choose the status quo, that is, maintain their pre-existing isolated automation networks with numerous purpose-built protocols of the past, or seek solutions to deterministic services and that can integrate these “islands of automation” into one unified network.

If the goal is to be ready for future demands, the choice is obviously the latter. The rule of thumb is to take potential industrial protocols into consideration and ensure you can redesign networks in case any new demands arise in the market.

One approach is Time-Sensitive Networking (TSN), a set of new standards introduced by the IEEE 802.1 TSN Task Group as an advanced toolbox. With TSN, you can build open, unified networks with standard Ethernet technologies that reserve flexibility for the future.

Enable anywhere access with hassle-free cloud services

Cloud-based remote access offers many benefits to IIoT customers, such as reducing the travel time and expenses of sending maintenance engineers to multiple remote sites. Furthermore, cloud-based secure remote access can offer flexible and scalable connections to meet dynamic, fast-changing requirements.

However, operational technology (OT) engineers may find it cumbersome to set up and maintain their own cloud servers for new services and applications. Indeed, there is considerable effort associated with setting up new infrastructure, even in the cloud.

Fortunately, OEMs and machine builders can now deliver secure cloud-based services and remote access to their customers, therefore eliminating the need to maintain in-house cloud servers.

One key issue that demands scrutiny is the cloud server license scheme. Often, upfront costs may seem low for limited server hosts. Yet these apparent cost savings on server hosts may actually make a project uneconomical due to a limited scale of connections.

Second, you may also need to consider central management capabilities in order to flexibly expand remote connections as your needs change. With this said, carefully weigh the costs and benefits of incorporating secure remote access to industrial networks. Always select solutions that minimise hassles and will help deliver more value to customers.

Get better visibility of network status

When complexity increases due to greater connectivity on industrial networks, it can become very difficult to identify the root cause of problems and maintain sufficient network visibility.

Control engineers often must revert to trial and error to get the system back to normal, which is time-consuming and troublesome.

To facilitate and manage growing industrial networks, network operators need integrated network management software to make informed decisions throughout network deployment, maintenance, and diagnostics.

In addition, as systems continue to grow, it is important that you pay attention to several network integration concerns. First, only managing industrial networks in local control centres may not be feasible three or five years from now, especially when existing systems need to be integrated with new ones.

It is therefore important to use network management software with integration interfaces, such as OPC DA tags for SCADA system integration or RESTful APIs for external web services. Furthermore, an interface to facilitate third-party software integration is also a key criterion for ensuring future flexibility.

For many industries, the IIoT presents as many challenges as opportunities. It is this new frontier where traditional OT and IT silos converge is clearly the way of the future. Successfully deploying an IIoT application requires careful planning and attention to detail from the moment you decide to begin the journey.

The post Getting IIoT networks ready for the future appeared first on FutureIoT.

]]>
IoT ecosystem is driving demand for high-performance systems https://futureiot.tech/iot-ecosystem-is-driving-demand-for-high-performance-systems/ Wed, 05 Jul 2023 01:00:00 +0000 https://futureiot.tech/?p=12479 High-performance embedded secure hardware has long been the prerogative of high-compute devices like PCs and smartphones. As penetration into these devices flattens, fresh demand is coming from the IoT ecosystem, says ABI Research. “While embedded security is not new for IoT, which have leveraged secure elements and integrated circuits for some time to offer secure […]

The post IoT ecosystem is driving demand for high-performance systems appeared first on FutureIoT.

]]>
High-performance embedded secure hardware has long been the prerogative of high-compute devices like PCs and smartphones. As penetration into these devices flattens, fresh demand is coming from the IoT ecosystem, says ABI Research.

“While embedded security is not new for IoT, which have leveraged secure elements and integrated circuits for some time to offer secure storage of certificates and keys, it is the integration of high-performant hardware that is breaking through,” says Michela Menting, senior research director of trusted device solutions at ABI Research.

“Securing application execution, for example, through the use of trusted execution environment (TEE) technology, is in greater demand than ever for IoT devices; and not just for mission-critical or functional safety use cases, but also for general purpose use cases.”

Michela Menting

This is largely due to better technological developments from the semiconductor vendors themselves, with the adaptation of TEEs to microcontrollers. A greater competitive ecosystem is emerging, with incredible advances by companies like ARM for security in Cortex-M cores, but also from open-source movements such as RISC-V. 

While TEE shipments for SoCs continue to dominate at almost US$1 billion in 2023 (notably selling into the smartphone market), the growth rate remains at a stable 14% year-on-year, while shipments for TEE-enabled Microcontrollers are expected to triple in that same period. 

The post IoT ecosystem is driving demand for high-performance systems appeared first on FutureIoT.

]]>
VODChat: Operational and functional safety in plants and critical infrastructures https://futureiot.tech/vodchat-operational-and-functional-safety-in-plants-and-critical-infrastructures/ Fri, 30 Jun 2023 01:00:00 +0000 https://futureiot.tech/?p=12459 The Cybersecurity & Infrastructure Security Agency of the United States defines critical infrastructure as "assets, systems, and networks that provide functions necessary for our way of life. CISA identifies 16 critical infrastructure sectors including chemical, commercial facilities, communications, critical manufacturing, dams, defence industrial base, emergency services, energy, financial services, food & agriculture, government facilities, healthcare […]

The post VODChat: Operational and functional safety in plants and critical infrastructures appeared first on FutureIoT.

]]>
The Cybersecurity & Infrastructure Security Agency of the United States defines critical infrastructure as "assets, systems, and networks that provide functions necessary for our way of life.

CISA identifies 16 critical infrastructure sectors including chemical, commercial facilities, communications, critical manufacturing, dams, defence industrial base, emergency services, energy, financial services, food & agriculture, government facilities, healthcare and public health, information technology, nuclear reactors, transportation systems, and water and wastewater systems.

https://www.youtube.com/watch?v=HHTBcGSJyeM

Friedhelm Best, vice president for APAC at HIMA, noted that within the industries the company operates in, every operator has an operation which has risk involved. "Within the oil & gas industry, the mining and processing of raw materials involves risks. A rail operator, who has an infrastructure for rail, with rolling stock, with rail track, there is some risk associated with that," he pointed out.

According to Best, the objective is to maintain risk at levels that are tolerable for people, assets and the environment. "Functional safety is specifically that part of risk management – beyond all of the mechanical and operational measures – can be achieved by an electrical or electronic system, is called safety integrated systems," he further elaborated.

He acknowledged that critical infrastructure typically involves significant investments carried out over decades. "These complex investments are not replaced as and when new technologies become available.

"Rather, changes have to wait for the next phase of modernisation, or when there is a test run of new technology. That’s why it seems like there is a lot of old technology," he continued.

He also noted that in some cases, changes only happen following regulators' call for system management evidence or data to bring.

Impact of COVID on critical infrastructure

Best recalls that historically safety-related automation was often performed onsite, meaning the operator or the manufacturer of the equipment has to send an engineer on site.

"However, with travel restrictions and health regulations during COVID, remote access was allowed in a secure way as there was a need for that to happen. Now this option will stay because they are more used to working with remote access," observed Best.

Responding to market forces

The world remains vulnerable to market forces. A case in point is the ongoing Russia-Ukraine war saw global energy prices increase 20% for five straight months. Rising energy prices may decrease social surplus, which in turn, would slow economic growth.

Best stressed that the world needs stable energy over the long run. Disruptions, be they man-made or natural forces some operators, particularly in directly affected markets, to run operations continually without shutting down the plant for any turnaround.

"They are now prolonging their operations for as long as possible but well aware that their equipment needs maintenance and repair, hence using technology such as predictive maintenance and other options to help them," he opined.

Responding to digital threats

The May 2021 attack on the Colonial Pipeline in the US, reveals just how vulnerable critical infrastructures are from digital threats.

"Digital threats are very real today and everyone who runs a critical infrastructure has to act now," acknowledged Best. "It (digital threats) should be treated the same way as how safety systems were implemented at the beginning when they build a plant – where they analyse and study the requirements and put measures in place."

He points out that with new threats emerging constantly, more proactive measures and investments must be put into this in Asia Pacific as organisations become more aware of the cost to them in terms of potential loss of production hours and damage to infrastructure.

New challenges ahead

Best identified the changing environment and changing market conditions as top of mind when considering the challenges facing operators of critical infrastructure. "In the past, you can build a plant and keep it running for 10 or 20 years. Today, size and design need to adapt to changes often, which affects safety systems. Hence, the management of change is more important now than ever," he continued.

The other challenge he was quick to point out is the constantly changing security threats coming from outside which are hard to predict.

Click on the link to watch the full VODChat with FutureIoT.

  1. Describe operational and functional safety at plants and critical infrastructure in APAC.
  2. Critical infrastructure usually means operational technologies that are decades old. Why is that?
  3. How has COVID impacted how critical infrastructure operators go about their business?
  4. How do you see critical infrastructure operators responding to market forces?
  5. What is hampering the digitization/modernisation of critical infrastructure?
  6. How are critical infrastructure operators in APAC responding to digital threats today?
  7. What is the problem that HIMA is solving?
  8. What is your advice to critical infrastructure operators as regards safety?
  9. What are the challenges of critical infrastructure today as it relates to safety?

The post VODChat: Operational and functional safety in plants and critical infrastructures appeared first on FutureIoT.

]]>
Partnership to optimise healthcare capital cycle end-to-end https://futureiot.tech/partnership-to-optimise-healthcare-capital-cycle-end-to-end/ Thu, 29 Jun 2023 01:00:00 +0000 https://futureiot.tech/?p=12465 Healthcare systems have access to increasingly innovative new technologies that enable unprecedented connectivity between medical devices and capital equipment—directly affecting medical provider effectiveness and patient outcomes. But with this broader connectivity comes more entry points for potential attackers, and capital decision-makers depend on up-to-date cybersecurity threat information to properly prioritise asset replacement and manage asset […]

The post Partnership to optimise healthcare capital cycle end-to-end appeared first on FutureIoT.

]]>
Healthcare systems have access to increasingly innovative new technologies that enable unprecedented connectivity between medical devices and capital equipment—directly affecting medical provider effectiveness and patient outcomes.

But with this broader connectivity comes more entry points for potential attackers, and capital decision-makers depend on up-to-date cybersecurity threat information to properly prioritise asset replacement and manage asset requests.

Yet many still lack a comprehensive strategy for incorporating medical device risk reduction into capital planning, which is increasingly concerning as cyber threats—and healthcare-industry data breaches that now average more than US$10 million per incident—continue to rise.

Hospitals must consider cyber risk when evaluating equipment purchases, maintenance, and device lifecycle management—including risk assessment, monitoring, and remediation.

Peter Hancock

“As security threats against healthcare systems continue to escalate, understanding and prioritising the current risk profile of each piece of connected equipment is critical for healthcare systems to avoid the kind of attacks that are costly to budgets and reputation,” said Peter Hancock, VP of global partnerships at Asimily.

Asimily announced plans to integrate its Internet of Medical Things (IoMT) risk management platform, with the CCM (Capital Cycle Management) solution from HANDLE Global to provide a single platform where healthcare system supply chain, security, and IT teams gain a holistic and always-current view of their organisation’s internet-connected assets.

This equipment visibility enables healthcare organisations to determine which assets or manufacturers are at risk of cybersecurity issues, and to track the status of cyber-related warnings and recalls.

Asimily uses AI-fuelled analysis to prioritise exploitable vulnerabilities and prescribe targeted, clinically-viable remediations—and identify when remediations are not possible and which assets may need to be replaced.

This critical information is dispatched to CCM to ensure that it is considered a key priority during the capital planning process and can empower a shift from reactive to proactive cybersecurity risk management.

CCM allows health systems to tailor priorities based on customisable risk thresholds for threats to cybersecurity, patient safety, product standardisation, and other factors provided by Asimily’s IoMT risk remediation platform.

Kyle Green

“This integration with Asimily gives HANDLE’s CCM customers the ability to understand cybersecurity risks and precisely measure utilisation so they feel confident that they are making well-informed decisions about where to focus their capital spend,” said Kyle Green, CEO, HANDLE Global. "This is especially crucial as health system budgets continue to tighten and healthcare leaders are forced to make difficult budgeting decisions."

The post Partnership to optimise healthcare capital cycle end-to-end appeared first on FutureIoT.

]]>
Moxa solution boosts transmission speeds in industrial networks https://futureiot.tech/moxa-solution-boosts-transmission-speeds-in-industrial-networks/ Tue, 27 Jun 2023 01:00:00 +0000 https://futureiot.tech/?p=12450 Industrial communications and networking vendor Moxa has introduced the AWK-3252A wireless AP/bridge/client to meet the growing need for faster data transmission speeds. The AWK-3252A aims to optimise mobile automation and IP surveillance systems in mining, manufacturing, healthcare, transportation, and other industries, driving improved outcomes especially where Autonomous Guided Vehicles (AGVs) and Autonomous Mobile Robots (AMRs) […]

The post Moxa solution boosts transmission speeds in industrial networks appeared first on FutureIoT.

]]>
Industrial communications and networking vendor Moxa has introduced the AWK-3252A wireless AP/bridge/client to meet the growing need for faster data transmission speeds.

The AWK-3252A aims to optimise mobile automation and IP surveillance systems in mining, manufacturing, healthcare, transportation, and other industries, driving improved outcomes especially where Autonomous Guided Vehicles (AGVs) and Autonomous Mobile Robots (AMRs) are at the heart of boosting productivity and operational safety.

Capable of concurrent dual-band Wi-Fi, the Moxa AWK-3252A offers 802.11ac performance with DFS channel support, the latest WPA3 encryption for an additional layer of WLAN security, aggregated data rates up to 1.267 Gbps, and millisecond-level client-based Turbo Roaming for <150 ms recovery time between APs.

Two redundant DC power inputs increase the reliability of the power supply, and the AWK-3252A can be powered via PoE to facilitate flexible deployment. Combined, these features simplify industrial wireless operations and the integration of mobile systems outfitted with complex sensors and cameras, while ensuring high performance to address the requirements for reliable and futureproof systems.

The AWK-3252A is compliant with IEC 62443-4-2 and IEC 62443-4-1 industrial cybersecurity certifications -- which cover both product security and secure development life-cycle requirements -- helping system integrators meet the compliance requirements of secure industrial network design, resulting in lower development risk, time, and cost.

Source: Moxa

Built for demanding industrial use, the AWK-3252A is protected within a metal IP30-rated housing with DIN-Rail mounting or optional wall mounting. Integrated antenna isolation safeguards against external electrical interference.

For those installing network devices in hazardous locations, the AWK-3252A is certified for Class 1, Division 2 (C1D2) areas where the risk of explosion exists. An extended temperature version of the device is safe to use from -40 to 75°C to ensure smooth wireless communication in exceptionally harsh environments.

The post Moxa solution boosts transmission speeds in industrial networks appeared first on FutureIoT.

]]>
Biometric update expected to surge following drop during pandemic https://futureiot.tech/biometric-update-expected-to-surge-following-drop-during-pandemic/ Thu, 15 Jun 2023 01:00:00 +0000 https://futureiot.tech/?p=12420 Global trends have certainly affected the banking, financial services, and insurance (BFSI) market related to biometric hardware. Geopolitical and macroeconomic events, including the conflict in Ukraine, the shortage in semiconductor supply, and downturns in supply chains, have resulted in turbulent market dynamics over the last few years. ABI Research estimates that the overall worldwide biometric […]

The post Biometric update expected to surge following drop during pandemic appeared first on FutureIoT.

]]>
Global trends have certainly affected the banking, financial services, and insurance (BFSI) market related to biometric hardware. Geopolitical and macroeconomic events, including the conflict in Ukraine, the shortage in semiconductor supply, and downturns in supply chains, have resulted in turbulent market dynamics over the last few years.

ABI Research estimates that the overall worldwide biometric device shipments fell from 4.1 million in 2019 to 3.4 million in 2021 and recovered slightly to 3.6 million in 2022.

With a CAGR of 11.3%, fingerprint recognition will expand from 1.7 million to 2.9 million shipments in 2022 and 2027 to claim the lion's share of the biometric modalities market. However, due to simplicity and the expanding use of liveness detection, facial recognition biometrics will experience the fastest growth over the same period, with a CAGR of 11.9%,” said Sam Gazeley, digital payment technologies analyst at ABI Research.

He went on to explain that in terms of biometric hardware technology shipment share, ID/Authentication will account for 64% of the BFSI market in 2023.

"This is partly because, aside from smartphone-centric biometric technologies, user registration and authentication are the key use cases for biometrics in the BFSI sector,” he added.

Getting worst before it gets better

Exacerbated by the increasing integration of biometrics in mobile banking apps and with more customers turning to mobile banking apps, several BFSI businesses are including biometric authentication methods like fingerprint and facial recognition in their solutions.

While this applies predominantly to the smartphone industry, the BFSI market's growing use of biometrics will encourage the deployment of biometric hardware in branches.

"The customer experience as it relates to the client authentication processes is being streamlined by deploying biometrics such as fingerprint and facial recognition, which improves the entire experience with BFSI services and combating fraud by eliminating the need for passwords,” explained Gazeley.

However, it is also important to remember that branchless banking is growing in popularity and will limit the accessible market for biometric hardware providers as we enter the forecast period, particularly regarding neo and challenger banks.

The post Biometric update expected to surge following drop during pandemic appeared first on FutureIoT.

]]>
Partnership to accelerate digital transformation in OT https://futureiot.tech/partnership-to-accelerate-digital-transformation-in-ot/ Wed, 14 Jun 2023 01:00:00 +0000 https://futureiot.tech/?p=12418 Paessler announced a partnership with PATLITE, a manufacturer of signal towers, audible and visual alarms, and other indicating devices for the factory automation and Industry 4.0 markets. This alliance will bring together Paessler’s expertise in IT network monitoring and PATLITE’s capability in operational technology (OT) to help enterprises across Southeast Asia accelerate digital transformation in […]

The post Partnership to accelerate digital transformation in OT appeared first on FutureIoT.

]]>
Paessler announced a partnership with PATLITE, a manufacturer of signal towers, audible and visual alarms, and other indicating devices for the factory automation and Industry 4.0 markets.

This alliance will bring together Paessler’s expertise in IT network monitoring and PATLITE’s capability in operational technology (OT) to help enterprises across Southeast Asia accelerate digital transformation in OT.

“The convergence of IT and OT is proving to be a boon for enterprises, whether it is optimizing operations or gaining a competitive edge. However, siloed stacks of IT and OT can result in challenges that prevent organisations from reaping the full benefits of digital transformation at scale," said Jim Lee, business development manager of Paessler for Asia Pacific

He claimed that tje partnership with PATLITE is designed to help customers take a comprehensive and coordinated approach to monitor both IT and OT systems which will enable organisations to better understand their infrastructure, increase business agility and ultimately drive business growth.

The partnership will enable Paessler to combine its PRTG network monitoring solution with its extensive experience in OT to provide its customers with comprehensive visibility into their entire infrastructure.

Paessler's PRTG network monitoring solution is designed to help organisations monitor their IT infrastructure, which includes servers, switches, routers, and other devices, while PATLITE’s expertise in OT includes signalling devices, industrial network devices, and other products that can help organisations gain visibility into their operational infrastructure.

“We fully comprehend the significance of technology and expertise in driving successful transformation journeys for industrial businesses,” said Edmund Gan, general manager of PATLITE Singapore.

He added that the collaboration between PATLITE and Paessler will benefit all its customers with the simplified joint solutions, namely the PATLITE Network Tower Light and Paessler PRTG monitoring software.

He further noted that these solutions are easy to understand and facilitate improved productivity and comprehensive process understanding for our customers.

The alliance is said to help organisations across the Southeast Asia region achieve a holistic view of their entire infrastructure, enabling them to make better decisions and improve operational efficiency.

The post Partnership to accelerate digital transformation in OT appeared first on FutureIoT.

]]>
Malware targeting manufacturing, utilities and energy industry up 238% https://futureiot.tech/malware-targeting-manufacturing-utilities-and-energy-industry-up-238/ Tue, 13 Jun 2023 01:00:00 +0000 https://futureiot.tech/?p=12412 The Unit 42 Network Threat Trends Research Report, Volume 2 reveals a 55% increase in attacks targeting vulnerabilities, known and unknown, including remote code execution (RCE), emails, compromised websites, newly registered domains (NRDs), ChatGPT/AI scams and crypto miner traffic. "Today's threat actors are like shape-shifting masters, continuously adapting their tactics to slip through the cracks […]

The post Malware targeting manufacturing, utilities and energy industry up 238% appeared first on FutureIoT.

]]>
The Unit 42 Network Threat Trends Research Report, Volume 2 reveals a 55% increase in attacks targeting vulnerabilities, known and unknown, including remote code execution (RCE), emails, compromised websites, newly registered domains (NRDs), ChatGPT/AI scams and crypto miner traffic.

"Today's threat actors are like shape-shifting masters, continuously adapting their tactics to slip through the cracks of our interconnected network. With a cunning blend of evasion tools and camouflage methods, the bad actors have weaponized the threats,” says Steven Scheurmann, regional vice president for ASEAN at Palo Alto Networks.

Steven Scheurmann

"Threat actors have become adept at exploiting vulnerabilities, and by the time security researchers and software vendors close the door on one vulnerability, cybercriminals have already found the next door to creak open."

Steven Scheurmann

Organisations must, therefore, simultaneously guard against malware designed to exploit older vulnerabilities while proactively staying ahead of sophisticated new attacks," he added.

Some of the key findings from the report include:

The exploitation of vulnerabilities has increased: There was a 55% increase in vulnerability exploitation attempts, per customer, on average, compared to 2021.

PDFs are the most popular file type for delivering malware: PDFs are the primary malicious email attachment type, being used 66% of the time to deliver malware via email.

ChatGPT scams: Between November 2022-April 2023, Unit 42 saw a 910% increase in monthly registrations for domains, both benign and malicious, related to ChatGPT, in an attempt to mimic ChatGPT.

Malware aimed at industries using OT technology is increasing: The average number of malware attacks experienced per organisation in the manufacturing, utilities and energy industry increased by 238% (between 2021 and 2022).

Linux malware is on the rise, targeting cloud workload devices: An estimated 90% of public cloud instances run on Linux. Attackers seek new opportunities in cloud workloads and IoT devices running on Unix-like operating systems. The most common types of threats against Linux systems are botnets (47%), coinminers (21%) and backdoors (11%).

Cryptominer traffic is on the rise: Doubling in 2022, cryptomining continues to be an area of interest to threat actors, with 45% of sampled organisations having a signature trigger history that contains cryptominer-related traffic.

Newly Registered Domains: To avoid detection, threat actors use newly registered domains (NRDs) for phishing, social engineering and spreading malware. Threat actors are more likely to target people visiting adult websites (20.2%) and financial services (13.9%) sites with NRDs.

Evasive Threats will Continue to Become Increasingly Complex: While attackers' continued use of old vulnerabilities shows that they will reuse code as long as it proves lucrative, there comes a point where creating newer, more complex attack techniques is necessary. When basic evasions became popular and security vendors started detecting them, attackers responded by moving toward more advanced techniques.

Encrypted Malware in Traffic will Keep Increasing: 12.91% of malware traffic is already SSL encrypted. As threat actors adopt more tactics that mimic those of legitimate businesses, it's expected malware families using SSL-encrypted traffic to blend in with benign network traffic will continue growing.

"As millions of people use ChatGPT, it's unsurprising that we see ChatGPT-related scams, which have exploded over the past year, as cybercriminals take advantage of the hype around AI. But, the trusty email PDF is still the most common way cybercriminals deliver malware," says Sean Duca, VP and Regional Chief Security Officer at Palo Alto Networks.

Sean Duca

"Cybercriminals, no doubt, are looking at how they can leverage it for their nefarious activities, but for now, simple social engineering will do just fine at tricking potential victims. Organisations must therefore take a holistic view of their security environment to provide comprehensive oversight of their network and ensure security best practices are followed at every level of the organisation."

Sean Duca

The post Malware targeting manufacturing, utilities and energy industry up 238% appeared first on FutureIoT.

]]>
Malicious IoT botnet activity up sharply https://futureiot.tech/malicious-iot-botnet-activity-up-sharply/ Fri, 09 Jun 2023 01:00:00 +0000 https://futureiot.tech/?p=12394 The Nokia Threat Intelligence Report 2023 has found that IoT botnet DDoS (Distributed Denial of Service) traffic, originating from a large number of insecure IoT devices with the aim of disrupting telecom network services for millions of users, increased fivefold over the past year, following Russia’s invasion of Ukraine and stemming from the growing increase […]

The post Malicious IoT botnet activity up sharply appeared first on FutureIoT.

]]>
The Nokia Threat Intelligence Report 2023 has found that IoT botnet DDoS (Distributed Denial of Service) traffic, originating from a large number of insecure IoT devices with the aim of disrupting telecom network services for millions of users, increased fivefold over the past year, following Russia’s invasion of Ukraine and stemming from the growing increase in profit-driven hacking collectives operated by cybercriminals.

This sharp increase, also supplemented by the increased use of IoT devices by consumers around the world, was first noticed at the beginning of the Russia-Ukraine conflict but has since spread to other parts of the world, with botnet-driven DDoS attacks being used to disrupt telecom networks as well as other critical infrastructure and services.

The number of IoT devices (bots) engaged in botnet-driven DDoS attacks rose from around 200,000 a year ago to approximately 1 million devices, generating more than 40% of all DDoS traffic today.

The most common malware in telecommunication networks was found to be a bot malware that scans vulnerable devices, a tactic associated with a variety of IoT botnets. There are billions of IoT devices worldwide, ranging from smart refrigerators, medical sensors, and smartwatches; many of which have lax security protections.

The report also found that the number of trojans targeting personal banking information in mobile devices has doubled to 9%, putting millions of users around the world at heightened risk of having their personal financial and credit card information stolen. A trojan is nefarious software code disguised as being safe for use.

The report, however, did find some encouraging news, showing that malware infections in home networks declined from a Covid-high of 3% to 1.5%, close to the pre-pandemic level of 1%, as malware campaigns targeting the wave of at-home workers tapered off, and more people returned to office work environments.

Based on data aggregated from monitoring network traffic on more than 200 million devices globally where Nokia NetGuard Endpoint Security product is deployed, the report underlines both the scale and sophistication of cybercriminal activity today.

Hamdy Farid, senior vice president for business applications at Nokia noted that a single botnet DDoS attack can involve hundreds of thousands of IoT devices, representing a significant threat to networks globally.

"To mitigate the risks, it’s essential that service providers, vendors, and regulators work to develop more robust 5G network security measures, including implementing telco-centric threat detection and response, as well as robust security practices and awareness at all company levels."

Hamdy Farid

The post Malicious IoT botnet activity up sharply appeared first on FutureIoT.

]]>
Radix IoT Mango 5 optimises IoT scalability for mission-critical monitoring https://futureiot.tech/radix-iot-mango-5-optimises-iot-scalability-for-mission-critical-monitoring/ Thu, 08 Jun 2023 01:00:00 +0000 https://futureiot.tech/?p=12391 Radix IoT released Mango 5, advancing large-scale IoT multi-site deployments and monitoring scalability to unprecedented heights. Radix IoT’s Mango 5 streamlines installation and deployment activities with new features that allow integrators, contractors, and end-users to easily, and intuitively, scale and unify tens of thousands of mission-critical locations into one ecosystem for remote monitoring and management. […]

The post Radix IoT Mango 5 optimises IoT scalability for mission-critical monitoring appeared first on FutureIoT.

]]>
Radix IoT released Mango 5, advancing large-scale IoT multi-site deployments and monitoring scalability to unprecedented heights. Radix IoT’s Mango 5 streamlines installation and deployment activities with new features that allow integrators, contractors, and end-users to easily, and intuitively, scale and unify tens of thousands of mission-critical locations into one ecosystem for remote monitoring and management.

Radix IoT's chief product officer, Michael Skurla, claims Radix IoT’s Mango 5 is the future of effortless scalability for global commercial portfolio asset monitoring. "Without compromising flexibility, enterprises can now scale remote management and triage in half the time legacy monitoring solutions require. No other comparable product in today’s market offers this level of intuitive monitoring scalability and stability for critical facilities’ owners and operators,” he added.

Mango 5’s streamlined, automated workflow features include:

The Portfolio Manager Configuration Tool–transforms enterprise owners and operators into data experts,­ with instant set-up and views of globally distributed property portfolios with access to site-level metrics and device-level data without dashboards or complex tagging structures.

Integrators and end-users can instantly access KPI overviews and site-level historical graphs and maps with a drag-and-drop interface, create information tabs personalised to roles and needs, and make changes instantaneously without touching a line of code.

Pi-Link–expands on the highly popular TCP Publisher by simultaneously enabling events operations at the edge and in the cloud using gRPC. Scheduled events and logging at the edge are unhindered with lost connectivity to the cloud, and instantly re-synchronise with the cloud when reconnected.

This unparalleled resilience level, critical in environments with unstable or highly constrained cloud connectivity (e.g., over cellular, LoRaWAN, and satellite), increases Edge to Cloud security with mTLS certificates. Mango administration panel allows connection authentication with integrated setup and management–and the TCP Publisher is fully backwards compatible.

Pi-Mesh–this revolutionary database, designed specifically for storing and querying IoT data at scale–with 100 times faster query processing speed than the traditional database technology–is fully optimised for time-based data critical to most distributed SCADA and BMS (building management systems) solutions.

Whether Mango runs at the edge or in the cloud, it can handle tens of millions of data points in real-time and historical context. Compatible with Pi-Link, its rapid, small-size data and events transfer between locations reduces traffic while assuring constancy amidst outages.

Optimised for Mango data and long-term storage, Pi-Mesh takes up a fraction of the typical storage space required by traditional database solutions.

Pi-Flow–the reimagined Mango UI accommodates a highly intuitive workflow for commissioning and setup by integrators, contractors, and end-users. The redesign allows systems deployments to scale and change instantly–whether onboarding 100 or two million points of data–across one to tens of thousands of locations.

CSV Toolbox–brings new tools to streamline and automate with an escalated systems’ configuration ability. In addition to the JSON store, Mango 5 supports tooling for CSV importing/exporting from devices, tags, and events–enabling automated, at-scale operations with conversant tools contractors and enterprise customers are fully accustomed to.

Mango 5 enhances all Mango 4 features including alarming, event management, full HTML (desktop and mobile) compliance, native cloud capability (or cloud of choice)–scaling to tens of thousands of sites–with simple device integration across 40+ protocols without vendor lock. Best of all, upgrades from Mango 4 are simple to deploy.

The post Radix IoT Mango 5 optimises IoT scalability for mission-critical monitoring appeared first on FutureIoT.

]]>
CIARA 4.0 to simplify OT risk management https://futureiot.tech/ciara-4-0-to-simplify-ot-risk-management/ Wed, 07 Jun 2023 01:00:00 +0000 https://futureiot.tech/?p=12388 CISOs and security teams are responsible for the cybersecurity of OT facilities. However, they lack the ability to evaluate the cybersecurity risks to their operations. They cannot easily assess risk exposure or the effectiveness of specific security activities. Radiflow claims to solve this problem with the release of CIARA 4.0 – a data-driven platform that […]

The post CIARA 4.0 to simplify OT risk management appeared first on FutureIoT.

]]>
CISOs and security teams are responsible for the cybersecurity of OT facilities. However, they lack the ability to evaluate the cybersecurity risks to their operations. They cannot easily assess risk exposure or the effectiveness of specific security activities.

Radiflow claims to solve this problem with the release of CIARA 4.0 – a data-driven platform that continuously monitors changes in the site topology as well as vulnerabilities and threats. It constantly re-evaluates the risk posture of facilities and their digital components. This continuous monitoring enables the CISO to review the strategic and tactical OT security plans and adapt them if needed.

To further assist the CISO with the evaluation of their risk posture, Radiflow is introducing a new free-to-use cloud benchmark tool. Utilising collected industry-specific benchmark information based on Radiflow’s experience and enriched with CS2AI surveys, the new benchmark tool provides the user with a quick risk posture assessment compared to the industry status and best practices.

Ilan Barda

“CISOs are under enormous pressure to do more with less, making it challenging to understand their current standing across the OT Cybersecurity landscape,” said Ilan Barda, Radiflow CEO, and Co-founder. “Data-driven CIARA 4.0 automates the delivery of the necessary insights concerning the changes in the risk posture that actually direct users toward optimal security actions.”

At the same time that threat actors are getting more sophisticated, and vulnerabilities are becoming more diverse, national and industrial regulatory bodies are tightening cybersecurity regulations. But these are often highly complicated and challenging.

For example, while the widely accepted IEC62443 international series of standards provides a detailed map of security controls, it is often too complex for companies to understand and implement.

For these situations, CIARA 4.0 delivers a view of Best Practices of Security Controls which are simpler to understand and map better to the planning of security projects in an individual factory or across a sprawling, geographically diverse complex of interlinked facilities.

“A centralised, highly intelligent solution that enables OT cybersecurity teams to identify vulnerabilities and stay up to date with industry standards and/or best practices, while prioritising and evaluating mitigation efforts, slashes the investment in time and effort required to conduct secure operations,” explained Michael Langer, Radiflow’s chief product officer.

He added that with the accelerating pace of so many new devices being interconnected via expanding OT networks alongside decades of legacy versions, CIARA 4.0’s ability to automate accurate risk analyses and furnish actionable insights becomes vital for ensuring zero downtime.

The post CIARA 4.0 to simplify OT risk management appeared first on FutureIoT.

]]>
Low rate of security automation in North Asia https://futureiot.tech/low-rate-of-security-automation-in-north-asia/ Tue, 06 Jun 2023 01:00:00 +0000 https://futureiot.tech/?p=12401 “There is a real opportunity for organisations to leverage automation to drive operational efficiency and address known security incidents, allowing operational teams to focus on higher risk threats. This has the potential to reduce staff burnout and better safeguard vital business assets,” said Paul Abfalter, Head of North Asia at Telstra. The OMDIA survey of […]

The post Low rate of security automation in North Asia appeared first on FutureIoT.

]]>
“There is a real opportunity for organisations to leverage automation to drive operational efficiency and address known security incidents, allowing operational teams to focus on higher risk threats. This has the potential to reduce staff burnout and better safeguard vital business assets,” said Paul Abfalter, Head of North Asia at Telstra.

The OMDIA survey of 250 senior technology leaders in North Asia revealed that 32% of firms have seen an increase in cyber-attacks over the past 12 months across their entire IT stack, most notably endpoints, network, and operational technology devices. Also, 66% of those that experienced significantly increased serious security incidents also observed a surge in serious breaches.

n=250
21% of organisations have seen an increase in serious breaches, especially across endpoints, networks and IoT resources
Source: Omdia, Telstra

The research also revealed that 40% of firms lost revenue due to these attacks, whilst 38% suffered reputational damage and 34% sustained operational downtime. However, security leaders are confident that with better security automation, they could reduce nearly 50% of all serious security incidents.

The research found that only 24% of regional organisations are advanced in leveraging security automation, confirming that the rate of security automation is relatively low in North Asia, with limited use across the region.

Adam Etherington, a senior principal analyst for digital enterprise services at OMDIA, says security is becoming a growing concern and a potential constraint to digital ambitions in the region. He stressed that security automation is vital to address this challenge.

Adam Etherington

"Leveraging automation in SecOps can enrich threat telemetry, unify toolsets, and harness AI/ML advancements to better protect, detect and respond to advanced persistent threats. However, technology alone won't solve the problem."

Adam Etherington

"Third-party expertise is critical to address people, process and tool impacts within each firm's industry context, regulatory requirements, and corporate objectives,” he continued.

Toolset sprawl

Although many organisations are investing in additional cybersecurity platforms to overcome rising incidents and breaches, this has resulted in sprawling toolsets that generate a higher volume of alerts and false positives.

The survey found that a large volume of threat alerts, alarms, tickets, and possible incidents generated by various security tools are causing issues for security professionals.

The false positives overwhelming security teams are caused by a dramatic increase in the attack surface as more operational technology (OT) devices become integrated with IT systems, lagging patch and device management across legacy technologies and a wide variety of non-integrated toolsets.

“Security executives must continually assess their organisational cybersecurity resilience to support ongoing digital transformation, leverage the right cyber partner and unlock value from security tools. Reaching optimised automation can be a long journey."

Paul Abfalter
Adam Abfalter

"It is important to work with experienced and trusted specialists to discover the best adoption and operational model for your organisation,” Abfalter added.

The post Low rate of security automation in North Asia appeared first on FutureIoT.

]]>
Secure remote access: awareness is high, confidence is low https://futureiot.tech/secure-remote-access-awareness-is-high-confidence-is-low/ Wed, 24 May 2023 00:30:00 +0000 https://futureiot.tech/?p=12328 Industrial operational technology (OT) and industrial control systems (ICS) are typically complex and specialised systems that are installed, maintained, and supported by product vendors and often third-party technicians, operators, and contractors. This cadre of external parties provides product/system support and maintenance due to their specific technical expertise and industry knowledge. Additionally, owing to the locations […]

The post Secure remote access: awareness is high, confidence is low appeared first on FutureIoT.

]]>
Industrial operational technology (OT) and industrial control systems (ICS) are typically complex and specialised systems that are installed, maintained, and supported by product vendors and often third-party technicians, operators, and contractors. This cadre of external parties provides product/system support and maintenance due to their specific technical expertise and industry knowledge.

Additionally, owing to the locations where most industrial facilities are built, remote access to OT assets and operations is all but mandatory. The TakePoint Research report, The State of Industrial Secure Remote Access, states that remote access is now a universal and fundamental requirement for most industrial enterprises.

The same report, however, noted that ensuring all access is safe and secure and cannot be exploited or abused by malicious actors, whether external or internal, remains a challenge.

The report concludes that industrial secure remote access (I-SRA) strategies have become a critical building block for every OT environment. The report recommends that securing remote access and building an overall cybersecurity strategy should be approached like any other business decision, with advantages and associated risks that must be reviewed.

The report cautions that many challenges around people, technologies, and processes need to be considered and that these will likely vary between and within industries. It also recommends that organisations begin by identifying their operational objectives and risk appetite to develop an appropriate strategy.

"A diverse, multidisciplinary approach will help organizations align with various stakeholders and expectations while successfully deploying and securing remote access to industrial environments."

TakePoint Research

The sponsor of the report, Cyclo, picked three key findings:

1. Third-party access is the top reason for enabling I-SRA

Across all industries, 72% of respondents ranked third-party access as the number-one reason for securing remote access.

"This isn’t too surprising, as OT environments tend to depend heavily on third parties due to a significant skills gap, original equipment manufacturer (OEM) maintenance requirements, and risk mitigation, among other factors," said Kevin Kumpf, chief OT/ICS security strategist at Cyclo.

2. I-SRA is not just a “big company” problem

The TakePoint report reveals a linear relationship between company size and the sheer volume of remote connections: the bigger the company, the more connections (see Figure 1).

Kumpf acknowledged that larger companies may have a larger attack surface to secure, but they are also more likely to have teams robust enough to do so. "In contrast, small companies may lack the budget, headcount, and experience necessary to adequately defend their systems," he added.

Figure 1: Concern about remote access threats to OT/ICS systems

Source: The State of Industrial Secure Remote Access, TakePoint Research

3. Across all industries, concerns outweigh confidence

Kumpf says the most striking finding of the survey is that across all industries, respondents were more concerned about threats than confident in their current I-SRA solutions. "A common practice is to give teams remote access to critical systems because operations depend on it. However, that access is far less secure than these organisations would like them to be," he noted.

Figure 1: Concern about access risks vs confidence in current solutions

Source: The State of Industrial Secure Remote Access, Takepoint Research
Source: The State of Industrial Secure Remote Access, TakePoint Research

Kumpf opined that industrial settings have built brittle workarounds for securing remote access, like firewalls and virtual private networks (VPNs), and have sought to implement frameworks like NIST 800-82 or ISA/IEC62443.

"Still, they recognise that the problem is not solved," commented Kumpf who wrote that VPNs struggle to scale and cannot cover the full range of OT use cases.

Kevin Kumpf

"Due to a lack of SRA solutions built specifically for OT, there’s a frequent need to rely on tools designed for IT. These are far from ideal because they often require a cloud connection, need regular patching that requires downtime, or interrupt sensitive OT processes."

Kevin Kumpf

The post Secure remote access: awareness is high, confidence is low appeared first on FutureIoT.

]]>
IoT red flags kickstart 2023 https://futureiot.tech/iot-red-flags-kickstart-2023/ Tue, 25 Apr 2023 01:00:00 +0000 https://futureiot.tech/?p=12228 Heard on the street.  The dark web’s criminal minds see the Internet of Things as the next big hacking prize Elizabeth MacBride@EDITOREMACB.  2022 may have marked an inflexion point due to the rapid proliferation of IoT devices Gartner Digs Deeper. A new Magic Quadrant for Managed IoT Connectivity Services report published on January 30, ranked […]

The post IoT red flags kickstart 2023 appeared first on FutureIoT.

]]>
Heard on the street.  The dark web’s criminal minds see the Internet of Things as the next big hacking prize Elizabeth MacBride@EDITOREMACB.  2022 may have marked an inflexion point due to the rapid proliferation of IoT devices

Gartner Digs Deeper. A new Magic Quadrant for Managed IoT Connectivity Services report published on January 30, ranked 19 managed IoT connectivity service providers.

IoT and Security?  There is a lack of understanding of IoT security best practices and the need for a comprehensive security approach for devices, communications infrastructure, and applications.

New this past year were enterprises looking for providers with leadership, with a robust and diverse ecosystem of technology alliances and service delivery partnerships, spanning IT, OT and IoT. These leaders also had the size and scale in their operations, sales and marketing, formal bid, and product management to pursue large multinational opportunities for IoT connectivity.

Maybe you don’t need a leader?  An IoT-enabled business can use this analysis to select a provider that delivers enough critical functions to match its business objectives.

I&O leaders must insert themselves into the process of solution and vendor selection to determine whether providers of managed IoT connectivity services can provide a pre-integrated IoT solution. This strategy will ensure the cost-effectiveness and security of these solutions, as well as potentially reduce the opportunity costs of due diligence.

Major IoT market forces at work will continue in 2023.

While some enterprises interoperate IoT together with OT, Gartner sees many others bouncing among invisible silos within operating units and regional business units. Not an effective or efficient approach. Play nicer in the sandbox.

Inflation? Not. Gartner has observed price reductions of 10% to 15% in some regions and for certain connectivity types.

On the technical side, 3GPP LPWA network connections (NB-IoT, LTE-M) doubled since last year, reaching 20 million. Why important?  Managed IoT connectivity is a bridge to 5G, Private Mobile Networks and Edge Computing.

Effective IoT implementation and management require stronger security. Enterprises the analysts are talking to admit they struggle with security risks to their network and ecosystems.

First published on Gartner Blog Network

The post IoT red flags kickstart 2023 appeared first on FutureIoT.

]]>
Logs are not enough to secure the network infrastructure https://futureiot.tech/logs-are-not-enough-to-secure-the-network-infrastructure/ Mon, 17 Apr 2023 01:00:00 +0000 https://futureiot.tech/?p=12203 Gartner defines the Application Performance Monitoring and Observability Market as software that enables the observation and analysis of application health & user experience. The targeted roles are IT operations, site reliability engineers, cloud and platform ops, application developers and product owners. A 650 Group report posits that the Observability market grew by 60% in 2022 […]

The post Logs are not enough to secure the network infrastructure appeared first on FutureIoT.

]]>
Gartner defines the Application Performance Monitoring and Observability Market as software that enables the observation and analysis of application health & user experience. The targeted roles are IT operations, site reliability engineers, cloud and platform ops, application developers and product owners.

A 650 Group report posits that the Observability market grew by 60% in 2022 and that cloud and subscription-based offerings are predicted to be most of the revenue during the forecast period as enterprises move to hybrid and multi-cloud infrastructure.

The Deep Observability Market is a critical growth component for Observability Infrastructure vendors, as enterprises need to extract a significant amount of data from networks beyond logs to secure and automate their infrastructure.

Alan Weckel

“Operation teams, such as SecOps, NetOps, and CloudOps, are key beneficiaries of Deep Observability. These teams stress the importance of being proactive and less reactive to application performance, vulnerability detection, and issues in their production networks,” said Alan Weckel, founder and technology analyst at 650 Group.

“Deep Observability continues to add additional value-add features like decryption, application filtering, application metadata, and deduplication. Over the forecast years, this will help drive networking automation and AI-based networks.”

Alan Weckel

The post Logs are not enough to secure the network infrastructure appeared first on FutureIoT.

]]>
HSM convergence creates a service-based market https://futureiot.tech/hsm-convergence-creates-a-service-based-market/ Wed, 29 Mar 2023 01:00:00 +0000 https://futureiot.tech/?p=12155 Hardware Security Module (HSM) technologies continue accelerating toward application-first market solutions. ABI Research claims this growth is underpinned by converged platform offerings, vendors now focus on the opportunities delivered from a service-based perspective. “The strict separation between general-purpose and payment HSMs is dissolving quickly,” explains Michela Menting, a cybersecurity applications research director at ABI Research. […]

The post HSM convergence creates a service-based market appeared first on FutureIoT.

]]>
Hardware Security Module (HSM) technologies continue accelerating toward application-first market solutions. ABI Research claims this growth is underpinned by converged platform offerings, vendors now focus on the opportunities delivered from a service-based perspective.

Michela Menting

“The strict separation between general-purpose and payment HSMs is dissolving quickly,” explains Michela Menting, a cybersecurity applications research director at ABI Research.

“In their latest flagships, many HSM original equipment manufacturers opt to provide just one converged hardware platform tailored to the applications through software packages.”

Michela Menting

Market-making opportunity

Most HSM OEMs seek to provide all the necessary certifications (FIPS 140-3, PCI PTS HSM v2, and increasingly CC+ EAL) as a baseline for that converged hardware. The differentiation becomes a software and licensing matter that can be easily modified and configured remotely, enabling users to service new applications as their business evolves.

This malleability from a software perspective is key to unlocking the potential of the service-based HSM opportunity, whether managed or hosted (HSM-as-a-Service). Both for enterprise users and managed service providers, it allows for repurposing the HSM for other applications without purchasing new hardware.

With advanced hardware capabilities for multi-tenancy and virtualisation, HSMs can offer greater multi-usage performance. ABI Research forecasts service-based revenue to reach US$229 million globally by 2027. 

“Better understanding by enterprises of the need to leverage trusted services for their cloud migration and digital transformation is a significant driver for HSM applications, with OEMs targeting new markets and use cases not only in the enterprise (SMBs) but also in manufacturing, automotive, telco, and utilities. The HSM market is constantly evolving and ripe for innovation,” concluded Menting.

Competitive landscape

Top HSM OEMs in the space include Crypto4A, Entrust, Futurex, IBM, Kryptus, Marvell, Sansec, Securosys, Thales, and Utimaco.

The post HSM convergence creates a service-based market appeared first on FutureIoT.

]]>
New opportunities for processor security applications using IoT Edge https://futureiot.tech/new-opportunities-for-processor-security-applications-using-iot-edge/ Fri, 10 Mar 2023 01:00:00 +0000 https://futureiot.tech/?p=12090 From machine learning to image recognition, compute-intense processes are increasingly moving to the IoT edge. ABI Research sees demand to protect those operations driving a solid market for secure processor capabilities on-device. The security hardware market is at an inflexion point, where real-time functional safety requirements from the microcontroller space are converging with trusted computing […]

The post New opportunities for processor security applications using IoT Edge appeared first on FutureIoT.

]]>
From machine learning to image recognition, compute-intense processes are increasingly moving to the IoT edge. ABI Research sees demand to protect those operations driving a solid market for secure processor capabilities on-device.

The security hardware market is at an inflexion point, where real-time functional safety requirements from the microcontroller space are converging with trusted computing base and secure execution environments capabilities popular in SoC applications.

“A richness in security IP offerings on the market is enabling plenty of use cases for leveraging a trusted hardware foundation in IoT edge, with chipset manufacturers able to offer features such as advanced high assurance boot, hardware firewall domains, run-time attestation, and secure enclaves,” explains Michela Menting, research director at ABI Research.

She opines that most importantly, these capabilities allow building secure edge devices that can run trusted applications and securely communicate over networks to various front and backend services.

There is a democratization of the building blocks for designing secure edge devices: greater availability, more choice, better pricing, and improved functionality. Many security capabilities used to be offered to distinctive markets almost exclusively (microcontroller vs. CPU).

Still, a convergence in the space, driven by the demand for creating trusted applications in a myriad of IoT use cases, is breaking down those barriers. Demand for secure processors spans automotive, industrial, retail, logistics, healthcare, and consumer.

With heavyweights from the processor computing space like Intel, AMD, and TI to smartphone chipmakers including Qualcomm, MediaTek, and Samsung, and microcontroller leaders such as Microchip, NXP, Renesas, and STM, the market for secure processors for the IoT edge is vibrant and highly competitive, all offering innovative and highly performant technology solutions that can meet the modern demands of the IoT edge.

The post New opportunities for processor security applications using IoT Edge appeared first on FutureIoT.

]]>
New solution facilitates mobile device validation across the workflow https://futureiot.tech/new-solution-facilitates-mobile-device-validation-across-the-workflow/ Mon, 06 Mar 2023 01:00:00 +0000 https://futureiot.tech/?p=12076 Keysight Technologies announced its new E7515R solution based on its 5G Network Emulation Solutions platform, a streamlined network emulator specifically designed for protocol, radio frequency (RF), and functional testing of all cellular internet of things (CIoT) technologies, including RedCap. The E7515R expands Keysight’s 5G Network Emulation Solutions portfolio, the industry’s most robust, which is used […]

The post New solution facilitates mobile device validation across the workflow appeared first on FutureIoT.

]]>
Keysight Technologies announced its new E7515R solution based on its 5G Network Emulation Solutions platform, a streamlined network emulator specifically designed for protocol, radio frequency (RF), and functional testing of all cellular internet of things (CIoT) technologies, including RedCap.

The E7515R expands Keysight’s 5G Network Emulation Solutions portfolio, the industry’s most robust, which is used in mobile device validation across the workflow, from early design to acceptance and deployment.

The 5G RedCap specification introduces support for wireless devices with reduced 5G capabilities. These devices are less complex, and consume less power, allowing them to address new CIoT use cases such as industrial sensors and wearables such as smartwatches.

Like other cellular devices, RedCap devices require time-consuming and expensive certification from accredited labs before they can be released to the market. By performing lab validation ahead of time to identify and correct design issues, device and module manufacturers can shorten the certification process for RedCap and other CIoT devices.

The Keysight E7515R addresses this need as a network emulation test platform designed specifically for 5G RedCap and supporting all CIoT technologies. The solution features streamlined capabilities for RedCap without the additional features needed to test a full-spec 5G device.

Benefits of E7515R solution

  • Specifically built for RedCap and CIoT: The E7515R supports 5G Release 17 RedCap along with legacy CIoT technologies, including Narrowband IoT (NB-IoT), LTE Category M, and LTE Cat-1bis.
  • Integrated Platform: The E7515R is a complete solution offering RF, protocol, functional, and performance testing in a compact footprint.
  • Built on Keysight’s Proven Technology: The E7515R is built on the same architecture as the market-leading 5G Network Emulation Solutions platform. The E7515R uses the same proven software solutions employed by the 5G Network Emulation Solutions platform, providing workflow consistency and reduced learning curves.
  • End-to-End Solution: The E7515R supports the entire RedCap and CIoT device development workflow, from early design and development through acceptance and certification testing, and deployment.

 The release of the E7515R solution builds on Keysight’s ongoing achievements supporting RedCap device development, including establishing a data call using the 5G RedCap specification. Through this demonstration, Keysight’s 5G Network Emulation Solutions validated RedCap connectivity on a 5G chipset.

Mosaab Abughalib, general manager of Keysight’s wireless device development R&D group, said: “The E7515R solution is optimised for the development of devices that do not require full 5G NR capability, which allows our customers to maximize their return on investment.”

The post New solution facilitates mobile device validation across the workflow appeared first on FutureIoT.

]]>
Palo Alto Networks simplifies OT security https://futureiot.tech/palo-alto-networks-simplifies-ot-security/ Mon, 27 Feb 2023 01:00:00 +0000 https://futureiot.tech/?p=12045 The usage and connectivity of operational technology (OT) is rapidly growing as are the number of cyberattacks on OT environments. These attacks can disrupt operations, causing damage that can reach far beyond revenue and reputation to supply chain, human safety and critical infrastructure. To help companies keep their OT environments secure, Palo Alto Networks launched […]

The post Palo Alto Networks simplifies OT security appeared first on FutureIoT.

]]>
The usage and connectivity of operational technology (OT) is rapidly growing as are the number of cyberattacks on OT environments. These attacks can disrupt operations, causing damage that can reach far beyond revenue and reputation to supply chain, human safety and critical infrastructure.

To help companies keep their OT environments secure, Palo Alto Networks launched what it claims is the most comprehensive Zero Trust OT Security solution.

A key component of the solution is the new cloud-delivered Industrial OT Security service, which can be easily enabled — without the need to install additional sensors — by any of the 61,000+ active customers of Palo Alto Networks network security products: hardware and software Next-Generation Firewalls (NGFW) and Prisma SASE. Built on an AI-powered foundation with ease of deployment in mind, the new solution enables customers to secure their OT environments from the most sophisticated threats while simplifying their operations.

The challenges around security OT

OT devices can be hard to secure because many lack built-in security and were not designed to be patched. In addition, high uptime requirements limit the ability to do regular security maintenance. OT environments are also at risk as organisations adopt new technologies like 5G, which enable mass connectivity, and open up remote access.

Anand Oswal

“Most OT security solutions in the market fall short because they can’t identify all the assets and can only alert but don’t prevent threats. This leads to a patchwork of siloed security technologies, which can lead to security gaps,” said Anand Oswal, SVP for network security at Palo Alto Networks. “Our OT Security solution is designed to help organisations stay secure through granular visibility and effective inline security while meeting their availability and uptime requirements.”

Implementation

Using the industry’s first ML-powered OT visibility engine, the Industrial OT Security service recognises hundreds of unique OT device profiles, and over 1,000 OT/Industrial Control System (ICS) applications, and has hundreds of distinct OT threat signatures to help protect these hard-to-secure assets.

Dave Gruber

“As industrial OT systems and IT systems become more interconnected, so does the size of the attack surface available to the adversary. Defending against increasingly sophisticated threats requires expanded security strategies that can provide visibility, context, and Zero Trust capabilities across both OT and IT networks, devices, applications, and users,” said Dave Gruber, principal analyst, Enterprise Strategy Group. “The Palo Alto Networks solution embraces this unified security model, promising to help protect complex OT environments.”

A notable feature of the service is its ability to help security teams proactively understand risk and apply controls. It continuously observes, categorises, and visualizes asset behaviour so anomalies can be discovered immediately and addressed with a firewall policy.

Jared Mendenhall

“Manufacturing has come into the crosshairs of many recent cyberattacks. Palo Alto Networks Industrial OT Security is a must-have to ensure security best practices are in place,” said Jared Mendenhall, director of information security at Impossible Foods. “We look forward to Palo Alto Networks’ dedicated OT Security solution to help us further secure our manufacturing plant, and remote operations, and realise our broader Zero Trust vision.”

Palo Alto Networks’ Zero Trust OT Security solution secures multiple OT use cases with consistent Zero Trust policies, all managed centrally:

  • OT assets and networks using Palo Alto Networks NGFWs, along with the new Industrial OT Security service.
  • Remote access using Prisma SASE.
  • 5G-connected devices using NGFWs with Palo Alto Networks 5G-Native Security.

The post Palo Alto Networks simplifies OT security appeared first on FutureIoT.

]]>
Frost predicts significant use of contactless sensing tech https://futureiot.tech/frost-predicts-significant-use-of-contactless-sensing-tech/ Thu, 16 Feb 2023 01:00:00 +0000 https://futureiot.tech/?p=12037 Real-time monitoring and the ease of data retrieval for advanced physical and digital security drive the need for security sensors. Frost & Sullivan’s Sensor Technologies Impacting the Physical and Digital Security Market predicts that by 2025, there will be a significant increase in the use of contactless sensing technologies for physical and digital security applications, […]

The post Frost predicts significant use of contactless sensing tech appeared first on FutureIoT.

]]>
Real-time monitoring and the ease of data retrieval for advanced physical and digital security drive the need for security sensors.

Frost & Sullivan’s Sensor Technologies Impacting the Physical and Digital Security Market predicts that by 2025, there will be a significant increase in the use of contactless sensing technologies for physical and digital security applications, including cameras, LiDAR, and terahertz (THz) image sensing.

Critical assets like personal identity and biometrics are protected by security sensors integrated with other emerging sensor technologies, like LiDAR and THz.

“Sensor technologies, drones, robotics, and internet of things (IoT)-enabled devices will fuel the adoption of security systems, offering safety and security advantages,” said Varun Babu, TechVision industry analyst at Frost & Sullivan.

“Additionally, security sensors integrated with other emerging sensor technologies, such as LiDAR and THz sensors, provide highly safe and sophisticated security to critical assets like personal identity and biometrics.” Varun Babu

He added that sensor technology providers must work closely with security software solution providers to build a robust, user-friendly security management system.

“Further, they should build strong partnerships and jointly develop video surveillance management systems to overcome internal technology development barriers in the next two or three years,” he predicted.

Opportunities ahead

Frost outlines vertical markets that are wide open to the adoption of sensors, particularly in security applications such as:

Artificial Intelligence (AI): With AI, security professionals can pre-emptively spot defective equipment like security cameras and analyze alarms from defective devices. It helps lower the chances of cyberattacks.

Machine learning (ML): Physical and digital security manufacturers and service providers can create security and video monitoring systems that dynamically notify users of abnormal activity using ML.

Robotics and drones: Mobile drone surveillance can monitor criminals on the road and help avoid or reduce deadly pursuits. Drones are also safer and offer a significant investment return over traditional surveillance.

The post Frost predicts significant use of contactless sensing tech appeared first on FutureIoT.

]]>
Cisco ThousandEyes to support OpenTelemetry https://futureiot.tech/cisco-thousandeyes-to-support-opentelemetry/ Fri, 10 Feb 2023 01:00:00 +0000 https://futureiot.tech/?p=12016 Organisations are extending their networks to new places. They need to connect core enterprise operations to industrial spaces, spanning utility grids, manufacturing facilities and transportation networks. They are also prioritising sustainability and resiliency in their operations, driving the need for greater visibility across their environments. The distributed nature of these operations makes networks complex to […]

The post Cisco ThousandEyes to support OpenTelemetry appeared first on FutureIoT.

]]>
Organisations are extending their networks to new places. They need to connect core enterprise operations to industrial spaces, spanning utility grids, manufacturing facilities and transportation networks.

They are also prioritising sustainability and resiliency in their operations, driving the need for greater visibility across their environments. The distributed nature of these operations makes networks complex to manage, and as these industries digitise their assets, the cybersecurity attack surface grows.

"The most effective way to manage growing complexity and provide more insight into business operations is through reliable connectivity and complete visibility across an organisation's operations and assets," said Vikas Butaney, SVP/GM, SD-WAN, Cloud Connectivity, and Industrial IoT Networking, Cisco.

ThousandEyes to simplify IT data intelligence

Having the relevant data at the right time is necessary to optimise users' digital experiences, but data may not always be easy to collect and correlate. To help customers tackle this challenge, Cisco ThousandEyes now supports OpenTelemetry, the open-source framework and industry standard that partners, customers, and providers rely on to generate, collect, process and export cloud-native and distributed telemetry data.

As the first network visibility solution to support OpenTelemetry, ThousandEyes is making it possible for customers to interconnect cloud and internet intelligence across a wide range of solutions for unmatched data correlation and insight. With ThousandEyes for OpenTelemetry, Cisco is enabling true end-to-end correlated insights across disparate domains, from user to application, for optimal digital experiences.

New Cisco offering

Cisco is introducing new cloud services in its IoT Operations Dashboard to increase industrial asset visibility and securely manage assets from anywhere.

Cisco Cyber Vision is now integrated with Cisco IoT Operations Dashboard to grant IT and operations teams full visibility into IT and OT devices to manage threats across the organisation, providing a unified security posture across the entire network.

Secure Equipment Access Plus makes it easier for IT and OT teams to remotely deploy, manage and troubleshoot connected equipment. This service now provides access to any connected equipment with IP connectivity, so operations teams can run native applications on their workstations to access remote assets more easily.

These innovations, along with Cisco's extension of the portfolio of its Catalyst industrial wireless and switching portfolio, provide more common tooling and data so IT and OT teams can work more efficiently together to reduce downtime of critical infrastructure, drive greater business productivity and efficiencies, and enhance overall safety and security.

The post Cisco ThousandEyes to support OpenTelemetry appeared first on FutureIoT.

]]>
Supercharging IoT with edge computing https://futureiot.tech/supercharging-iot-with-edge-computing/ Wed, 08 Feb 2023 01:00:00 +0000 https://futureiot.tech/?p=12008 One of the early premises for the development of the Internet of Things (IoT) is the shared communications between all physical elements expanding the current areas of machine-to-machine and person-to-person to an area of things-to-things. Perhaps this was the thinking behind computer scientist Kevin Ashton, then working at Procter & Gamble, when he proposed putting […]

The post Supercharging IoT with edge computing appeared first on FutureIoT.

]]>
One of the early premises for the development of the Internet of Things (IoT) is the shared communications between all physical elements expanding the current areas of machine-to-machine and person-to-person to an area of things-to-things.

Perhaps this was the thinking behind computer scientist Kevin Ashton, then working at Procter & Gamble, when he proposed putting radio-frequency identification (RFID) chips on products to track them through a supply chain.

That was 1999. Fast-forward to 2023, IoT devices and sensors are expanding their influence from the production floors of manufacturers to warehouses all the way to retail shelves, and homes. Most remain designed for a specific, single purpose, their value now extends from innocuous public lights to critical systems that power cities.

The recent cyberattacks against public organisations, such as healthcare, and critical infrastructure like power and utilities, reveal the extent to which organisations need to enhance the security of these facilities while at the same time responding to business and consumer demands for faster, better, and more reliable service.

Can you have your cake and eat it too? How do you merge the unwieldy world of IoT with the controlled, predictable environment that IT is built upon? And do so while delivering it securely, faster and cheaper?

The IoT conundrum for the CIO and IT

Dee Dee Pare, senior marketing manager at CradlePoint says “the cloud is the de facto way that everyone delivers applications and stores data.” She points out that applications work as if they are next door. In contrast, IoT is messy, outdoors, usually at a larger scale, is distributed, and is found in environments where things just don’t operate (in a predictable fashion).

“IoT is not necessarily the most clean-cut way of doing things,” she added.

She hints that edge computing may be just the answer for IoT – “by having a lightweight version of your application, you can bring this closer to wherever the IoT device is,” she explained. “That way you minimise latency, also filter out some of the unnecessary traffic that goes back to the cloud (presumably saving bandwidth and data storage).

She called the increasing popularity of using containers, a self-contained application, inside a router.

“What you have is a low-footprint device closer to the IoT Edge. You only have one device to manage, figure out how to power it. Everything happens very quickly within the router, you have the connections back to the cloud,” she elaborated.

The other benefit is business continuity. “If the cloud goes down, the router with the containerised application can continue to work with the IoT devices connected to it. When the network comes back up, the router can send the necessary traffic back to the host,” she added.

Critical components of an edge strategy

What would be the critical components to developing an edge strategy that involves IoT, Pare suggested calling the containerised application running inside a router a “customer edge”. She then goes on to comment there are other edges.

She referred to Amazon Web Services as an example of the Internet edge. These tend to be distributed (in the cloud) and have more processing capability. She cautioned that by its design (in the cloud), the Internet edge will be further away from the devices – hence some latency can be expected.

The other edge is the 5G edge. “You can set up an edge in the cell tower as well – as some carriers are doing. That way you can improve and enhance performance as it goes out for the application and out from the cell tower,” she added.

Conceding that the customer edge provides the ‘most bells and whistles’, she advised anyone developing an edge strategy to keep in mind where the edge is located. “It is about balancing between the placement, the quantity of data processing, the latency from the application to the IoT devices, as well as how much you need to customise,” she elaborated.

Getting IT started with edge technology

Asked how easy it would be for traditional IT teams to build these applications around the edge, Pare noted that the challenge lies in developing lightweight versions of current applications. Pulling examples from within, she noted that among managed service provider partners, developing lightweight applications is their value-add.

She cited a partner in the US that developed an application for car wash operators. Running off a CradlePoint router, the solution ran the point of sales, the surveillance cameras, as well as the automated car wash machinery. An entire running on one router.

Getting IoT/OT to work with IT

Pare says IT needs to collaborate with the operational technology (OT) team. In the converging world of IT and OT, it is not feasible to manage each technology in a vacuum. She acknowledged that IT, throughout most of its history, has worked in predictable environments and therefore may not be ready for what she described as the ‘messy world of OT’.

“OT tends to work with machinery that is not the latest technology. In some cases, these types of machinery cannot be updated. OT needs to educate IT on these projects,” she added.

She conceded that the mixing of IT and OT will blur as the two start working together. But ultimately, she believed IT will own a little bit more of the onus because they have to understand it end-to-end.

Dee Dee Pare

“They (IT) must make sure things such as security are in place end-to-end, and they are ultimately responsible for that. There are several scenarios where the end-to-end fits a bit more cleanly in the IT side, but they can't do it without the help of the OT side, because OT knows the reality of what's happening on the ground."

Dee Dee Pare

The post Supercharging IoT with edge computing appeared first on FutureIoT.

]]>
Opportunities for smart home service revenue https://futureiot.tech/opportunities-for-smart-home-service-revenue/ Fri, 03 Feb 2023 01:00:00 +0000 https://futureiot.tech/?p=11998 A new ABI Research study reveals that smart home service revenues grew during 2022, but there is a clear disconnect between smart home adoption and the immediate value to service providers. Total smart home services revenue for 2022 reached US$32.7 billion, up 2% over 2021, well below the more than 20% growth rate in the […]

The post Opportunities for smart home service revenue appeared first on FutureIoT.

]]>
A new ABI Research study reveals that smart home service revenues grew during 2022, but there is a clear disconnect between smart home adoption and the immediate value to service providers.

Total smart home services revenue for 2022 reached US$32.7 billion, up 2% over 2021, well below the more than 20% growth rate in the penetration of smart home capabilities in homes around the world over the same period.

Smart home services encompass whole home system design, installation, and management down to extended online storage for video from a home camera. It is a market that competes with free offerings delivered and underwritten by some of the largest technology players in the world, including Amazon, Apple, Google, and Samsung.

Smart home services opportunities

The service revenue opportunity is limited by free or freemium services typically tied to the price of smart home hardware, rather than a separate services revenue stream. However, there remains strong potential for those smart home providers able to show real value in their subscription services over and above what can be gained in the freemium market.

Jonathan Collins

“Home security is an application that has shown resilience during earlier recessions. Those smart home services players with security integrations table to deliver peace of mind as well as whole home functionality, are well placed to defend and even grow their subscription capabilities – even in a tight consumer spending market,” says Jonathan Collins, smart homes and buildings research director at ABI Research.

Security is not the only opportunity. In a time of rising energy costs and concern especially in Europe, energy management is another area where smart home players can stress the potential to ease consumer utility bills.

“However, players must ensure their systems continue to evolve to deliver the functionality, security, privacy, or integrations with a host of applications that will support subscription spending,” concludes Collins.

The post Opportunities for smart home service revenue appeared first on FutureIoT.

]]>
Why OT is the other digital infrastructure that needs protecting https://futureiot.tech/why-ot-is-the-other-digital-infrastructure-that-needs-protecting/ Wed, 01 Feb 2023 03:00:00 +0000 https://futureiot.tech/?p=11968 When it comes to cybersecurity, are you aware of the cyber threats around Operational Technology (OT)? Or that network connectivity to an organisation’s OT may provide an opportunity for a skilled threat actor to gain entry? If you said no, it’s probably because when it comes to mitigating cyber threats, most people talk about it […]

The post Why OT is the other digital infrastructure that needs protecting appeared first on FutureIoT.

]]>
When it comes to cybersecurity, are you aware of the cyber threats around Operational Technology (OT)? Or that network connectivity to an organisation’s OT may provide an opportunity for a skilled threat actor to gain entry?

If you said no, it’s probably because when it comes to mitigating cyber threats, most people talk about it in the context of protecting IT assets such as the systems, data, applications, and networks that organisations depend on every day to keep the business operating.

Whilst IT assets are important, OT is a whole other realm of digital infrastructure that also needs protecting and its growing, importance, and potential vulnerability all the time. That’s why understanding and testing an organisation’s Operational Technology security is so important.

Keeping the lights on

Photo by Pixabay: https://www.pexels.com/photo/cable-current-danger-distribution-236089/

We take it for granted that we can just flip a switch to get a light and turn on a tap to get water. But the infrastructure that makes these things possible is extremely complex and it requires significant digital capability.

For example, to meet the cycles of consumer demand for electricity, a power grid must create exactly the amount of electricity that is being used at any given moment. This means the grid’s power generation and transmission lines must constantly adjust to meet demand wherever and whenever it is needed.

Managing this electrical cycle of demand is made possible because of the electrical utilities’ OT systems. The real-time control and influence these systems have on our day-to-day lives only amplify the need for strong OT security.

Many Asia Pacific countries have legislation to protect their critical infrastructure from cyber threats, including in Australia, where the recent revisions to the Security Legislation Amendment (Critical Infrastructure) Act 2021 represents the Australian Government’s response to the growing cyber threats faced by critical infrastructure organisations.

In Singapore, the Cybersecurity Act was introduced in August 2018 however last year the Cyber Security Agency of Singapore (CSAS) announced it was reviewing the Act to improve Singapore’s cybersecurity posture and support its digital economy.

The Agency also announced it was updating the Cybersecurity Code of Practice (CCoP) for the 11 Critical Information Infrastructure (CII) sectors to better deal with new and emerging threats. The Cyber Security Act had initially focused on the CIIs, which support the delivery of essential services such as water and power.

OT systems — often referred to as Industrial Control Systems, or ICS — are also increasingly prevalent in industrial and manufacturing environments, as we’ve put robots on our assembly lines and stuck chips in virtually every piece of equipment we deploy.

So, while we might at first think of the so-called “Internet of Things” (IoT) in terms of our smart homes and our cars, a large percentage of the world’s estimated 11.5 billion chip-enabled devices are in OT infrastructure.

Operational technology-related risk

The risks associated with critical OT infrastructure are obvious. We’ve seen them in the movies (e.g., Die Hard 4) and in real life (e.g., Ukraine in 2015) but as we implement more OT, our threat surface keeps growing. And as we add more features and functionality to our OT control systems, system complexity adds to our cybersecurity challenge.

Global tensions also increase our OT-related risk, since critical infrastructure is an attractive target for state actors seeking to do harm. However, OT infrastructure is also an attractive target for ransomware attacks—since it could potentially allow cybercriminals to hold vital services hostage.

Utility companies and other operators of critical infrastructure are aware of this risk, so they tightly control access to their OT systems. OT networks are also typically kept separate from IT networks and are not connected to the public internet.

This air gapping obviously poses a significant obstacle to any would-be attacker. However, there are growing caveats to this idea of air gapping. As operators of OT infrastructure get more aggressive about leveraging the intelligence of their OT networks, they increasingly need to tap into those networks via wired or wireless connections using fixed or mobile computing devices. That connectivity — as secure as operators may hope it is — often creates potential points of exposure to an extremely skilled and dedicated hacker.

Security testing is key to OT integrity

The importance of testing cannot be more underscored than in OT. If your organisation has OT infrastructure, it is important to engage the services of a qualified penetration testing (pentesting) team to independently validate your cybersecurity posture on a regular basis.

Before working with a pentesting partner, it is important to ask questions about the team’s previous OT experience, any OT certifications they hold, and the types of industries they have OT experience (e.g., water infrastructure is different from energy infrastructure).

Pentesting and adversarial testing will help you gain both confidence and a deeper understanding of the integrity of your IT and OT infrastructure. In the worst-case scenario, when security vulnerabilities in your IT or OT infrastructure are found, you will have the time to mitigate and take the necessary steps to prevent a threat actor from leveraging those vulnerabilities.

A proactive approach to security allows you to take an important step in protecting your organisation — as well as the customers you serve – from the serious consequences that would come from a breach of your OT infrastructure.

Just as our businesses and our personal lives have become increasingly digital, so has the infrastructure on which we all depend every day. It is only when our access to these services becomes disrupted that we realise how much we rely on them. Like our health, maintaining it should not be put off or ignored until it is too late.

The post Why OT is the other digital infrastructure that needs protecting appeared first on FutureIoT.

]]>
eGates pickups on travel resurgence https://futureiot.tech/egates-pickups-on-travel-resurgence/ Fri, 27 Jan 2023 01:00:00 +0000 https://futureiot.tech/?p=11974 eGates, otherwise known as ABC (Automated Border Control) gates, allow users to verify their identity by comparing their biometric signature, usually captured by a facial recognition camera, with the information stored on the biometric chip of their passport. The report, Border Security Technologies: Emerging Trends, Key Opportunities & Market Forecasts 2022‑2027, predicts that rising levels […]

The post eGates pickups on travel resurgence appeared first on FutureIoT.

]]>
eGates, otherwise known as ABC (Automated Border Control) gates, allow users to verify their identity by comparing their biometric signature, usually captured by a facial recognition camera, with the information stored on the biometric chip of their passport.

The report, Border Security Technologies: Emerging Trends, Key Opportunities & Market Forecasts 20222027, predicts that rising levels of international travel and greater passenger flow will drive the adoption of eGates, as a more efficient means of border control than manual processes.

Juniper Research forecasts that eGate hardware revenue will exceed US$490 million by 2027; up from US$207 million in 2023.

Rise in travel to drive adoption of eGates

Juniper Research predicts airports will be looking to implement efficient border control solutions to help manage increasing passenger flows, as international travel continues rebounding following the lifting of COVID-19-related travel restrictions.

Jordan Rookes

Research author Jordan Rookes explained: “More international travel is placing increased stress on border control operations, with many airports unable to effectively manage the complexities associated with heightened passenger flow.

Accordingly, vendors must highlight their solutions’ ability to efficiently and reliably process a continuous flow of passengers when marketing their products.”

Regulation to drive growth in Europe

The research predicts that regulation, particularly within the EU, will drive the adoption of eGates, with the value of eGate hardware revenue across Europe set to account for 35% of the global total by 2027.

The EU has enacted regulations to improve the efficiency of border controls at the external borders of the Schengen area (the area in which 27 European countries have abolished border control measures across their mutual borders allowing free movement of people) by creating a centralised EES (Entry/Exit System) that leverages eGates.

This is available for use by non-EU nationals entering the EU. The research urges vendors to leverage advanced biometric and document capture technologies to meet the demands of border security, with success measured by efficiency, reliability and accuracy of passenger identification.

The post eGates pickups on travel resurgence appeared first on FutureIoT.

]]>
Drivers of secure MCU through 2026 https://futureiot.tech/drivers-of-secure-mcu-through-2026/ Thu, 12 Jan 2023 01:00:00 +0000 https://futureiot.tech/?p=11909 Despite facing an increasingly volatile semiconductor industry plagued by ongoing macroeconomic and political issues, the secure microcontroller (MCU) market should fare well in the long term. While the forecasted total available market has contracted, especially in the smart home, retail, advertising, and supply chain spaces, secure MCU shipments will only be temporarily adversely affected. ABI […]

The post Drivers of secure MCU through 2026 appeared first on FutureIoT.

]]>
Despite facing an increasingly volatile semiconductor industry plagued by ongoing macroeconomic and political issues, the secure microcontroller (MCU) market should fare well in the long term.

While the forecasted total available market has contracted, especially in the smart home, retail, advertising, and supply chain spaces, secure MCU shipments will only be temporarily adversely affected. ABI Research forecasts the secure microcontrollers market will grow to US$2.2 billion by 2026.

Michela Menting

ABI Research’s trusted device solutions research director, Michela Menting, attributes this to the niche nature of security demand which commands a higher value proposition.

He predicts that in the short term, supply chain issues due to trade embargoes and pandemic quarantines at manufacturing sites will affect availability.

“Demand for security, especially in general purpose microcontrollers, will ensure the secure MCU market continues to be a high priority for device OEMs,” he continued.

Strong market demand will stem from utilities and industrial IoT and smart cities and buildings, notably for MCUs with Trusted Execution Technologies that can securely run mission-critical and highly-sensitive applications at the edge.

Opportunities driving secure MCUs

Several opportunities will continue to drive demand for secure MCUs. On the one hand, a growing body of policy and regulation supports secure semiconductor investment, including a range of EU and U.S. tools such as the EU Cybersecurity Certification Framework, the EU Cyber Resilience Act, and the EU Chips and the U.S. CHIPS and Science Act.

On the other hand, the demand for secure IoT lifecycle management capabilities, from provisioning and onboarding for cloud and network services to OTA firmware updates and patching, means security IP choice for MCUs become primary product differentiators in an increasingly competitive market.

Competitive landscape

The secure MCU market is responding to this continued demand. An increasing number of semiconductors have launched numerous new products in the last two years, catering to various IoT device types and use case scenarios. These include Renesas (RA), NXP (i.MX), STMicroelectronics (STM32), Microchip (SAM), Infineon/Cypress (PSoC), among many others.

The market has coalesced around Arm Cortex processors, in part due to the rich security IP available with TrustZone. Still, there is growing competition from the secure RISC-V movement, directly challenging Arm’s dominance in the space.

The post Drivers of secure MCU through 2026 appeared first on FutureIoT.

]]>
IoT’s influence on Asia’s manufacturing sector in 2023 https://futureiot.tech/iots-influence-on-asias-manufacturing-sector-in-2023/ Tue, 03 Jan 2023 01:00:00 +0000 https://futureiot.tech/?p=11874 “Despite supply headwinds, labour shortages, and an uncertain economic environment, the manufacturing industry continues to surpass the expectations of previous years. To maintain this growth, leaders should leverage digital technologies, adopt strategies for the future of work, and drive supply chain resiliency.” Deloitte The Deloitte report, 2023 manufacturing industry outlook, predicts that manufacturers will likely […]

The post IoT’s influence on Asia’s manufacturing sector in 2023 appeared first on FutureIoT.

]]>
“Despite supply headwinds, labour shortages, and an uncertain economic environment, the manufacturing industry continues to surpass the expectations of previous years. To maintain this growth, leaders should leverage digital technologies, adopt strategies for the future of work, and drive supply chain resiliency.” Deloitte

The Deloitte report, 2023 manufacturing industry outlook, predicts that manufacturers will likely continue progressing toward smart factory transformations, as these initiatives drive future competitiveness.

Many manufacturers are making investments in laying the technology foundation for their smart factories. One in five manufacturers is already experimenting with underlying solutions or actively developing a metaverse platform for their products and services.

Trends influencing ASEAN’s manufacturers

According to Euromonitor International’s Voice of the Industry: Digital survey, around 62% of companies globally plan to increase their investment in cloud computing over the next five years, while around 50% of companies plan to invest in Artificial Intelligence, the Internet of Things and production automation tools.

Pavan Mahajan, VP of solutions delivery for APAC at Belden observes that the adoption of Industry 4.0 technologies gaining momentum among manufacturing companies in the region. He attributes this trend to manufacturers seeking to accelerate their journey towards full digital transformation.

Boston Consulting Group observes that harnessing Industry 4.0 will be key in helping the ASEAN manufacturing sector become more competitive and move up the value chain, with Singapore, Malaysia and Vietnam among countries that are already investing in smart manufacturing solutions such as smart factories, industrial IoT, advanced robotics, and cloud computing.

“Customers are beginning to embrace the desire for digital transformation and are looking to transform their manufacturing ecosystem with industrial automation and smart solutions,” added Mahajan.

Industry 4.0 investment priorities

Justinas Liuima

According to Justinas Liuima, insights manager, industrial with Euromonitor International, says to partly solve the problem and compensate for rapid wage growth, companies are forecast to accelerate their investment in production automation tools in 2023.

“Production automation in many cases could be the only viable option for companies to ensure productivity growth,” opined Liuima.

Mahajan says among Belden’s customers in the Asia-Pacific (APAC) region, a key investment area is IT/OT convergence.

IDC predicts that by 2024, 50% of industrial organisations will be integrating data from edge OT systems with cloud-based reporting and analytics, moving from single-asset views to sitewide operational awareness. The IT/OT convergence market in APAC is estimated to develop at the highest CAGR of 7.1% from 2022 to 2027, from US$49,195 million in 2021 to US$73,523 million in 2027.

“As data becomes increasingly crucial for manufacturing companies to solve business challenges and achieve greater operational efficiency, performance, safety, and profitability, having access to an optimised, convergent network is key,” noted Mahajan.

With both IT and OT data available, he opined that companies could collect, move, integrate, and analyse data to automate processes and make better, more informed business decisions. “The additional capabilities in an IT/OT converged network, such as edge computing and analytics, will also usher in even greater opportunities for productivity and problem-solving,” he added.

Mahajan said that another key area of investment for manufacturers is in edge-to-cloud environments, especially edge technologies. We are seeing a higher level of acceptance and readiness among our manufacturing customers to invest in industrial edge solutions, with an increasing adoption rate over the past two years.

This is happening worldwide as well as in APAC, with GlobalData predicting that the global edge computing market will reach US$17.8 billion by 2025, with APAC sales accounting for 26.4%.

“As Industrial IoT (IIoT) and Industry 4.0 continue to gain momentum, investing in industrial edge capabilities will be key in enabling fully connected operational systems, reducing latency and cost of data processing while maintaining security and communication with the cloud,” concluded Mahajan.

Core competencies needed to benefit from Industry 4.0 innovations

Katarzyna Grzybowska and Anna Łupicka, authors of the report, Key competencies for Industry 4.0, noted that the demand for special skills will drive the shift of job creation within Industry 4.0 requiring more qualified managers.

For his part, Mahajan believes that to benefit from industry 4.0 manufacturers will need to have skills in network security, and data management and governance.

“The expanded, highly connected networks with more data transmission points, which are characteristic of Industry 4.0, create a greater need for security. This only grows with the integration of cloud computing, edge computing and the presence of older devices on an industrial network that can be more vulnerable,” he explained.

Pavan Mahajan

“Manufacturers need to have proper security measures in place to ensure network security, including the implementation of advanced network access control systems, industrial cybersecurity firewalls, and other hardware components to secure network infrastructures.”

Pavan Mahajan

He added that manufacturers also need to place more emphasis on industrial data management and governance. “With the adoption of smart technologies and IIoT, more and more devices are getting networked and connected. Organisations need to have a strong data governance policy that outlines how data needs to be stored, managed, accessed, and analysed and by whom to ensure data isn’t lost, stolen, or misused,” concluded Mahajan.

Top recommendations for ASEAN manufacturers

According to Mahajan, the pandemic has shown that digitisation which leads to digitalisation and usage of advanced technologies is key to staying resilient and agile in the face of major disruptions.

“As we move into a 2023 full of uncertainties, manufacturers in ASEAN need to further accelerate their digital transformation journey, prioritising the adoption of technologies such as warehouse automation and connected manufacturing,” he opined.

Mahajan posited that moving towards full automation for warehouses will help boost productivity and operational efficiency for manufacturers at the material handling level.

“Beyond being able to streamline workflows, eliminate waste and maximise output, smart automated warehouses will also be flexible and robust enough to support future technologies and processes, effectively futureproofing network infrastructures against changes and disruptions,” he continued.

“Depending on their focus and goals, manufacturers could also consider making the leap towards connected manufacturing, which harnesses the power of data to transform operations as well as customer and employee experience. With many uncertainties and challenges facing manufacturers now, it can be difficult for them to focus on the future,” he cautioned.

“Transitioning to connected manufacturing will ultimately enable manufacturers to stay ahead of the curve with significant long-term benefits such as boosting efficiency, reducing costs, and enhancing communication across all stages of manufacturing.”

Pavan Mahajan

“As the threat landscape is becoming more sophisticated than ever, manufacturers should look to reinforce their network security. Security should be taken into account at the initial stage of network design for a more holistic and effective approach to securing modern industrial networks.

“At the same time, security best practices such as implementing firewalls and continuous monitoring of potential threats should be applied in day-to-day operations to minimise security risks,” he concluded.

The post IoT’s influence on Asia’s manufacturing sector in 2023 appeared first on FutureIoT.

]]>
PodChats for FutureIoT: Why monitoring is essential in IoT adoption https://futureiot.tech/podchats-for-futureiot-why-monitoring-is-essential-in-iot-adoption/ Tue, 27 Dec 2022 01:00:00 +0000 https://futureiot.tech/?p=11851 IDC predicts that by 2025, IoT spending in the Asia-Pacific region is predicted to reach US$437 billion. IDC Asia-Pacific adjunct research director, Bill Rojas, cites IoT adoption in industries like transportation, retail, manufacturing, resources, and utilities is driven in part by increased capacity and reliability of fibre and cellular network infrastructure. "In many phase one […]

The post PodChats for FutureIoT: Why monitoring is essential in IoT adoption appeared first on FutureIoT.

]]>
IDC predicts that by 2025, IoT spending in the Asia-Pacific region is predicted to reach US$437 billion. IDC Asia-Pacific adjunct research director, Bill Rojas, cites IoT adoption in industries like transportation, retail, manufacturing, resources, and utilities is driven in part by increased capacity and reliability of fibre and cellular network infrastructure.

Source: Paessler
Bill Rojas

"In many phase one projects enterprises focused on a single use case and on acquiring the data streams from single sources but as the organisations gain a deeper data-driven understanding of their operations, they can start to use other data sources (such as geolocation, machine maintenance data, weather, transactions activity, vehicular telemetric traffic data, and so on) to improve their analytics and expand beyond the original use case," he continued.

That’s the good news. The bad news is that any device that is connected to the internet is susceptible to some form of cyberattack. The Mirai Botnet and Stuxnet are two infamous attacks against targets that caused massive disruptions.  

Any device that is connected to the internet is susceptible to some form of cyberattack. Apart from the fact that IoT devices inherently have very little built-in security, and that patch management can be difficult because of their physical nature, the interconnectedness of these devices and the subsequent complex environments they are implemented pose grave security threats across entire networks.

Monitoring is a vital part of every security strategy, ensuring that all classic security tools like firewalls, unusual detection systems or privileged access management (PAM)-tools work flawlessly.  

Suitable monitoring solutions can ensure physical security by integrating door-locking systems, security cameras, smoke detectors or temperature sensors into central monitoring. And businesses in APAC should be prioritising this in 2023 to reduce their risk of cyber-attacks and data breaches.

In describing the state of IoT security or lack of it, David Montoya, the global head of IoT at Paessler, noted that it is not just the lack of security features in the IoT devices themselves that is the challenge, but where these devices are located.

“When you think about cybersecurity from the IT perspective, everything is central. You might have the perimeter and then you have all the endpoints in the middle. But here (with IoT) we might be talking about having a device, which is sending out information about the flow of water, or temperature or humidity of the soil, for example, in the farming context,” he explained.

Source: Paessler

“It is important to look at different security problems or challenges because we are not only talking about the security of the information. We are, in several cases, even talking about the security of the device itself.”

David Montoya

“People are creating vulnerabilities out of IoT, and they are willing to get a device, open it up and figure out how to reverse engineer it.  They will then try to figure out how it works and then install it again with some malware, which can then make the network vulnerable,” he continued.

Why IoT continues to be vulnerable

Montoya comments that despite more regulations and security practice context within the vendors, it is very costly or inconvenient for them to put extra resources, like computing resources into these tiny little IoT devices in use to be able to deal with patches and updates.

“For companies creating IoT devices, there is not a lot of value in needing to put more resources there,” he surmised.

He argued that device manufacturers are incentivised to create small devices that cost as little as possible. The other issue is the variety of devices and vendors. “Even though there are more regulations, there are still no standard practices put in place as to how the information should be stored,” he commented.

Twin standards to consider

Montoya clarifies that there are two standards they consider when it comes to IoT – security and communication. One is related to a standard for protocols and the way those devices connect to different cloud-based systems monitoring systems. These central consoles ensure all the devices are on and reporting data, etc. In such a heterogeneous environment the lack of standards is creating chaos in the IoT world.

“Every vendor with a specific device for a specific reason created specific ways of communication that led to multiple protocols nowadays,” he continued. “When you have different players, each looking at their market niche, what ends up happening is a lack of communication standards and protocols.”

David Montoya

“This (situation) opens the same vulnerabilities that have happened for operational technology (OT) before now happening for IoT as well. Stronger standards are one way things can get better in terms of how to secure all these kinds of devices.”

David Montoya

Monitoring tools can help improve the security of IoT

According to Montoya, monitoring tools help visualise the data, including receiving alerts about the data. And while IoT vendors may provide tools to monitor their solution, the variety of vendors and the specificity of their use cases, suggest that a user may have a collection of monitoring applications that track a specific kind of device.

And because these may not come from the same vendor, it is likely that these do not use the same standard and may not be able to communicate with each other.

In addition, Montoya believes that users will not likely stay with one vendor for the same use case throughout the entire life of the process. “It is very normal that you have a certain IoT device from a certain vendor today and maybe two, or three years later you need to go for another technology and another vendor,” he explained.

The result is complexity on the part of the user trying to make decisions on the entire system or process. “You will have multiple different visualisation tools with different databases where the data is stored. And whenever you are trying to retrieve the data from multiple sources, you will take more time to know what is going on, how to use the data, how to bring the data into a central location, how to use that central location to provide central visualisation,” elaborated Montoya.

Source: Paessler

Ideally, you will want a central location from which to manage all these different proprietary technologies, standards and protocols, something Montoya says is what Paessler does.

“We keep up with all these new technologies to provide a single pane of glass. So that multiple vendors for IoT devices can share the information with our visualisation tool and monitoring solution. So that the users can see everything in one place and can handle everything from a single location, we provide a central database, and they can also get centralised alerts,” he explained.

Where do we go from here?

IDC market analyst for Asia-Pacific, Sharad Kotagi, says enterprises no longer think IoT value is only limited to achieving operational efficacy and improved productivity.

Sharad Kotagi

“They see IoT as an enabler in the evolution of enterprises' requirements and challenges in an ever-changing business environment. Many organisations are willing to invest in digital technologies such as IoT, and AI to fully leverage the new expansive role of data in emerging digital business models.”

Sharad Kotagi

But in the race to Industry 4.0 and the promise of smarter IoT-enabled enterprises, businesses and operations should not forget that behind the facade of benefits such a transformation promises, lies a myriad of security threats and vulnerabilities that must be addressed not for the lifecycle of the IoT but the use cases it is trying to enable.

Click on the PodChat player and hear Montoya talk about the challenges organisations face as they integrate IoT into their operations, and why monitoring may be the best path forward to securing IoT as the converged future of IT, OT and IoT.
  1. Paint us a picture of the security landscape where it involves IoT.
  2. Technologies like IoT, security practices and regulations have evolved, why do IoT continue to be vulnerable?
  3. Is the lack of standards around IoT protocol a problem for securing IoT?
  4. Will this wide range of protocols also hinder the effective use of monitoring tools and services?
  5. As IoT start to connect – be part of the enterprise, how should the CIO, CISO and the COO or head of operations work together to better secure IoT as these connect to the enterprise?
  6. Your thoughts for 2023?

The post PodChats for FutureIoT: Why monitoring is essential in IoT adoption appeared first on FutureIoT.

]]>
Enhancing data centre operations with IoT https://futureiot.tech/enhancing-data-centre-operations-with-iot/ Thu, 22 Dec 2022 01:00:00 +0000 https://futureiot.tech/?p=11832 In the article, Assessing the dollar and reputational impact of data centre downtime, Sebastian Krueger, vice president for APAC at Paessler, says a monitoring solution is not just limited to supporting a predictive maintenance programme. “When it comes to data centres, monitoring solutions support the monitoring of all IT components, which includes external facilities and […]

The post Enhancing data centre operations with IoT appeared first on FutureIoT.

]]>
In the article, Assessing the dollar and reputational impact of data centre downtime, Sebastian Krueger, vice president for APAC at Paessler, says a monitoring solution is not just limited to supporting a predictive maintenance programme.

“When it comes to data centres, monitoring solutions support the monitoring of all IT components, which includes external facilities and security, as well as customisable alerts and reporting,” he commented.

In this article, Krueger provides insights into how networks of sensors are deployed in the data centre and used to monitor and predict the status of a data centre facility, including cooling systems, lighting, and security.

He explained that predictive maintenance anticipates future problems with IT infrastructure through forecasts and predictions made by analysing real-time data obtained from sensors and IoT, allowing organisations time to identify and work on anticipated risks.

Sebastian Krueger

“Predictive maintenance employs technologies such as machine learning to model and analyse real-time data and optimise the execution process, drastically reducing infrastructure downtime.”

Sebastian Krueger

He explained that by providing a centralised overview of the entire data centre infrastructure, a holistic monitoring solution supports a predictive maintenance programme in monitoring the sensors and IoT devices that provide real-time data.

What are the elements of a monitoring solution that support the monitoring of the entire scope of IT environments?

Sebastian Krueger: Sensors are the building blocks of a monitoring solution - monitoring solutions usually rely on sensors and other IoT devices to gather real-time data from an application or device. These range from generic sensors for monitoring hardware devices to platform-specific, preconfigured, or customised sensors to CCTV cameras and smoke alarms that monitor the physical environment.

Sensors in a monitoring solution integrate with important technologies such as SNMP (Simple Network Management Protocol), WMI (Windows Management Instrumentation), and HTTP (Hypertext Transfer Protocol) to gather system and performance data and to monitor the diverse variables present across the entire data centre infrastructure, which includes servers, networks, websites, and applications, present across a range of operating systems.

Apart from monitoring, another important element of a monitoring solution is being able to access and communicate the real-time information gathered in a simplified, convenient, and efficient manner.

Interactive dashboards and maps, that are based in real-time, allow for an easy-to-read and centralised overview of the system - this is especially convenient for larger and more geographically distributed IT environments such as data centres.

Customisable alerts and notifications - for whenever there has been a status change - are another element that enhances the scope of monitoring solutions.

Why do organisations need to monitor all the sensors and systems 24/7 with regard to availability and function and, at the same time, collect surveillance data?

Sebastian Krueger: Special attention needs to be given to the data centre security which not just covers the IT network and infrastructure risks but the entire premises.

When it comes to physical risks, it is important to monitor that there are no instances of overheating, cable fires which can cause massive damage while leakages in the air conditioning systems release water that can result in short circuits or damage the IT equipment.

What is needed is extensive sensor technology which can detect humidity, room temperature, hot spots, smoke, and other environmental influences. Monitoring issues such as smoke, fire, water intrusion, faulty cooling, faulty batteries, physical intrusion, building access security, as well as CCTV manipulation is important.

Given this backdrop, it is essential to keep a constant eye to detect any potential security threat, since data centres are doubly at risk, whether on the IT level, through distributed denial-of-service (DDoS) attacks, viruses, Trojans and similar threats or on the physical level, that can cause unwarranted disruptions.

Thus, organisations need to use the right monitoring tools which can leverage extensive sensor technologies and systems 24/7, regarding availability and function, and concurrently collect the surveillance data and integrate it into a central system to be pro-actively prepared for any anomalies.

How important is environmental monitoring of the data centre?

Sebastian Krueger: Given that data centres are required to always operate, disruptions such as power failure or overheating can cause massive damage, which includes increased costs, potential downtimes, increased wear and tear, and other disruptions.

Hence, apart from security and operational hardware devices, the monitoring of environmental parameters is an extremely important component of maintaining a functional data centre. A monitoring solution can support the monitoring of environmental parameters such as power and cooling.

While data centres are usually equipped with backup power systems such as UPS and SPS in case of a power outage, a monitoring solution helps monitor the status and performance of all power systems, including the backup.

Sensors help monitor any power-related occurrences - be it outage, heavy loads, or replacement. Similarly, to avoid system overheating, it is extremely important to maintain optimum room temperature.

A monitoring solution can integrate and combine multiple systems that give a singular overview of the detection of an irregularity and its cause, allowing for a much quicker and more efficient resolution.

The post Enhancing data centre operations with IoT appeared first on FutureIoT.

]]>
PodChats for FutureIoT: IoT in Asia in 2023 and beyond https://futureiot.tech/podchats-for-futureiot-iot-in-asia-in-2023-and-beyond/ Wed, 21 Dec 2022 03:00:00 +0000 https://futureiot.tech/?p=11837 Access to low-cost, low-power sensor technology, the availability of high-speed connectivity, the increase in cloud adoption, and the growing use of data processing and analytics are among the key drivers boosting the deployment of IoT technologies. It also helps that smart city efforts continue to progress. As Asia comes out of the three-year economic slump […]

The post PodChats for FutureIoT: IoT in Asia in 2023 and beyond appeared first on FutureIoT.

]]>
Access to low-cost, low-power sensor technology, the availability of high-speed connectivity, the increase in cloud adoption, and the growing use of data processing and analytics are among the key drivers boosting the deployment of IoT technologies. It also helps that smart city efforts continue to progress.

As Asia comes out of the three-year economic slump because of the pandemic, what lies ahead for businesses? What is the role of IoT in the return to some form of normalcy?

FutureIoT spoke to Danny Mu, principal analyst at Forester Research on recent trends around IoT adoption in Asia and where this will lead us in 2023 and beyond.

Drawing from the Forester Report, state of IoT in Asia Pacific in 2022. Where is the concentration of IoT?

We have seen that companies in Asia-Pacific are shifting the share of IoT engagements toward production deployments.

Five years ago, in 2017, production deployments comprised just 25% of engagements, and these were predominantly POCs or pilots.

But in 2021, 61% of engagements were production deployments. That is a clear indication that Asia-Pacific firms are getting more confident in the potential of IoT initiatives to generate business value.

Among all the IoT use cases, smart industry, smart consumer services, and smart infrastructure are popular in Asia-Pacific.

Why do you say the smart city industry in Asia Pacific's leading the world in terms of IoT?

As we know, Asia Pacific contributed 35% of the world's GDP, but when focusing on industry value added, including manufacturing, construction, and utilities, Asia Pacific contributed 44%. That is why the smart industry is a leading IoT use case.

What’s driving this deployment of IoT?

Three drivers. The first appearance and rising maturity of specialised IoT solutions and cloud-based IoT. Second, connectivity technologies such as 5G. Third capabilities and offerings of IoT consultants and service providers.

In Asia, which industries are leaving the deployment?

In Asia Pacific, two-thirds of telecom decision makers say their firm is currently adopting IoT solutions.

Adoption and investment are highest in high-tech manufacturing, 81% followed by telecom, 71%. General manufacturing and pharma are broadly in line with Asia-Pacific outreach.

Adoption rates below the average are found in financial services and insurance, 60%, and retail in wholesale 56.

Compared to other regions outside Asia, how sophisticated do you see the level of use of IoT in our part of the world?

According to the survey data, the IoT solution and application adoption rate in Asia Pacific is higher than in Europe and North America. Particularly in the high-tech manufacturing sector, the adoption rate in Asia Pacific is more than 10% higher than in Europe and North America.

Within the leadership at organizations deploying IoT, what do you see are the primary motivations most surveyed?

Asia-Pacific Telecom decision-makers are confident that IoT solutions will generate significant operational efficiency. Half of them expect IoT initiatives to significantly improve customer experience and increase revenue.

How do you see these IoT deployments impacting other initiatives like digital transformation and modernization, for instance?

Impacted by IOT solutions, enhancing customer experience in public places is the most often mentioned. Other use cases related to smart consumer services are also popular.

The two years of the pandemic have likely driven this trend as customer experience in public. It's driven by private companies, public infrastructure operators, and governments.

IoT Solutions also help to enable new business models, particularly in financial services and insurance – a clear indication that those firms will spend the extra IoT budget on usage-based insurance financing and lending.  

Given that security is a rising concern among business leaders, how should enterprises deploying IoT manage the security strategy of the company

Security is on top of the concerns with deploying IoT 10% higher than the second option. To help protect data in IoT scenarios, confidential computing can help to isolate sensitive operations in a trusted execution environment during processing.

To support the transfer of data between edge and cloud while appearing seamless to the developers, two networking markets, zero trust/edge, and multi-cloud networking will combine to create a business-wide networking fabric.

Finally, as we step into 2023, how should enterprises review IOT deployment strategies to ensure that these initiatives meet expectations?

We have found that Asia-Pacific companies are less confident in their in-house skills to deliver IoT solutions successfully. These points will need for consulting partnerships.

We also predict that the adoption of in-region digital industrial platforms will gain significant growth. Embracing these in region platforms and industry-specific cloud solutions will help Asia-Pacific firms meet their expectations.

The post PodChats for FutureIoT: IoT in Asia in 2023 and beyond appeared first on FutureIoT.

]]>
5 point strategy for accelerated IoT adoption https://futureiot.tech/5-point-strategy-for-accelerated-iot-adoption/ Mon, 19 Dec 2022 01:00:00 +0000 https://futureiot.tech/?p=11818 APAC's digital transformation of enterprise has been slower than the rest of the world. However, with investments on the rise, APAC is expected to soon accelerate fast, pushing the adoption of IoT into unprecedented growth and giving IoT scale like never before. Commissioned by Telenor, the OMDIA study found that 20% of enterprises in APAC […]

The post 5 point strategy for accelerated IoT adoption appeared first on FutureIoT.

]]>
APAC's digital transformation of enterprise has been slower than the rest of the world. However, with investments on the rise, APAC is expected to soon accelerate fast, pushing the adoption of IoT into unprecedented growth and giving IoT scale like never before.

Commissioned by Telenor, the OMDIA study found that 20% of enterprises in APAC anticipate their IoT deployments to reach beyond 500,000 devices that can be connected wirelessly to a network and used to transmit information within the next 12 months.

The study forecasts that emerging IoT adoption in the region, particularly from India, Pakistan, Bangladesh, Indonesia and Thailand, is expected to push the 14.5 billion IoT devices in circulation today to a forecasted 38.9 billion IoT devices by 2030.

Seth Ryding, chief sales officer (CSO) and head of Telenor IoT Asia says digitalisation and sustainability are moving to the core of companies’ future strategies.

Seth Ryding

“IoT and digitalisation are no longer an option for enterprises in the region, but a necessity – as technology hardware, connectivity and software takes centre stage in the digital future.”

Seth Ryding

Challenges unique to APAC

Unique challenges drive APAC in ways not seen in the rest of the world – population growth in megacities combined with a need to reach widely spread remote areas, the increasing pressures of urban mobility and energy demand, and the wider political landscape (including newly introduced/revamped policies or guidelines to steer deployment).

This takes place in an IoT vendor market that is fragmented, with enterprises challenged by the complexity and concern of cybersecurity.

Source: OMDIA 2022

IoT devices include any physical object that can connect wirelessly to the internet and transmit data, such as smart watches, printers, meters, speakers, and even kitchen appliances and automobiles.

The report specifically highlights the drivers behind fast-moving automotive digitalisation and IoT efforts, particularly in fleet management.

The vertical view also covers how IoT is enabling a streamlining of processes in transportation and logistics as well as a clear link to the sustainability agenda in the growing application of IoT in APAC energy, utilities, and resources enterprises.

Conclusion

The report concludes as IoT deployment goes into high gear, enterprises should consider the following with their projects:

  • Consider connectivity from the country-level
  • Seek proven integrated IoT security solutions
  • Build-in a sustainability-first approach
  • Plan for the complexity of IoT integrations
  • Choose the right partners

The post 5 point strategy for accelerated IoT adoption appeared first on FutureIoT.

]]>
Top four IoT trends in 2023 https://futureiot.tech/top-four-iot-trends-in-2023/ Wed, 14 Dec 2022 03:02:24 +0000 https://futureiot.tech/?p=11805 Digital Twins and the Enterprise Metaverse IoT Security The Internet of Healthcare Things Governance and regulation in the IoT Space With more than 43 billion IoT devices connected in 2023, Futurist Bernard Marr shares his perspective on the above four trends he believes will influence how we use and interact with these devices. Click on […]

The post Top four IoT trends in 2023 appeared first on FutureIoT.

]]>
  • Digital Twins and the Enterprise Metaverse
  • IoT Security
  • The Internet of Healthcare Things
  • Governance and regulation in the IoT Space
  • With more than 43 billion IoT devices connected in 2023, Futurist Bernard Marr shares his perspective on the above four trends he believes will influence how we use and interact with these devices.

    Click on the YouTube player above to watch Marr reveal his top four trends impacting IoT in 2022.

    Click here to see his 2022 predictions and compare – what’s different and the same.

    The post Top four IoT trends in 2023 appeared first on FutureIoT.

    ]]>
    IoT in 2023, beyond smart connectivity https://futureiot.tech/iot-in-2023-beyond-smart-connectivity/ Mon, 12 Dec 2022 03:00:00 +0000 https://futureiot.tech/?p=11786 We may not be aware of it, but the Internet of Things (IoT) is ever present in 2022 from wearable health monitors, connected home appliances, security systems, autonomous farm equipment, smart factory solutions, smart building management systems, and logistics tracking technologies. The COVID-19 pandemic has become a fertile ground for the combination of the IoT […]

    The post IoT in 2023, beyond smart connectivity appeared first on FutureIoT.

    ]]>
    We may not be aware of it, but the Internet of Things (IoT) is ever present in 2022 from wearable health monitors, connected home appliances, security systems, autonomous farm equipment, smart factory solutions, smart building management systems, and logistics tracking technologies.

    The COVID-19 pandemic has become a fertile ground for the combination of the IoT and digital twins to solve one of the biggest challenges brought about by the ensuing mobility restrictions – how to be more resilient to ongoing uncertainties.

    As we prepare to face continuing uncertainties in 2023, what can we learn from the past three years to help businesses be more adaptive and resilient in the years ahead?

    KONE is a Finnish engineering company best known for its elevators, escalators, automatic building doors, and monitoring and access control systems.

    IoT has opened new business opportunities for Kone in areas such as remote monitoring, as Markus Huuskonen, KONE's head of maintenance processes, explains it: “This ability to remotely monitor equipment has been one of our targets for a pretty long time, but now IoT really enables us to do it efficiently while scaling up our operations.”

    KONE Connected Services
    Source: KONE

    FutureIoT spoke Jukka Salmikuukka, partnership development director at KONE Asia Pacific, for his perspective on how organisations are adopting IoT to solve real-world business problems.

    Which industries are leading the deployment of the Internet of Things (IoT)? Compared to other regions outside Asia, how sophisticated (mature) is the level of use of IoT?

    Jukka Salmikuukka: IoT is utilised so widely that you can find great deployments happening in many industries. Good examples are manufacturing, finance, and healthcare where IoT is widely utilised.

    Jukka Salmikuukka

    "Regardless of the industry, often the deployments are driven by global organisations with the help of global technology/platform providers. This means that the best practices can be efficiently utilised, and the smartest deployments can be done regardless of whether the location of the underlying infrastructure (for example core networks for the internet) is solid and reliable enough."

    Jukka Salmikuukka

    In Southeast Asia, Singapore is leading the way and setting the standard in digitalisation in many ways – especially compared to the rest of the world.

    The Smart Nation initiative has proven to be a very powerful approach in combining public and private sector actions to drive the adoption of digitalisation and IoT. Following this example, we have also seen the neighbouring countries actively working on various IoT opportunities.     

    Within the leadership of these organisations deploying IoT, what do you see are the primary motivations?

    Jukka Salmikuukka: Quite naturally it is usually about money – often IoT enables significant cost savings or opens new revenue opportunities.

    More and better data combined with advanced analytics helps healthcare to operate more efficiently and provides more accurate care for patients.

    Elevator and escalator companies such as ours can predict possible upcoming problems and neutralise those before issues arise allowing the people flow in busy buildings and cities to continue without interruptions.

    The better retailers can understand their customer’s behaviour and preferences, the more successfully they can tailor their offerings for them.

    Hotel operator may solve their service personnel challenges by deploying delivery robots to manage in-room deliveries. Numerous similar examples can be found in many industries.

    At the same time, IoT can also play a significant role in helping organisations achieve their sustainability targets – IoT solutions can help eliminate waste, minimise energy consumption or achieve carbon-neutral operations, which besides providing financial benefits is also good for the planet.

    Similarly, IoT can future-proof buildings for owners, so they can more accurately plan their future investments throughout the building’s lifecycle. 

    How do you see these IoT deployments impacting other initiatives like transformation, modernisation and many more?

    Jukka Salmikuukka: I would like to use a very worn-out cliche here: “everything is connected”. IoT is one of the key enablers for transformation, modernisation, and renewal.

    Source: KONE

    IoT has changed and will keep on changing the world – the way we do things, how we work, how we play and how we live. Some jobs may disappear thanks to IoT, but new roles will emerge because of it.

    Therefore, IoT deployments should be seen as tools and enablers to achieving the targeted transformations and other changes.

    Given that security is a rising concern for businesses, how should enterprises deploying IoT manage the security strategy of the company?

    Jukka Salmikuukka: Data security is a top priority when we speak about IoT. When leveraging IoT, security cannot be something that you “add” on top of the solution in the end.

    It must be designed into the solution from early on to ensure that there is comprehensive, end-to-end security in place in a way that can be managed and updated when needed.

    This type of comprehensive security management can be achieved only through systematically organised processes and practices that are applied throughout the entire organisation and in collaboration with the right type of partners.

    As we step into 2023, how should enterprises review IoT deployment strategies to ensure that these initiatives meet expectations?

    Jukka Salmikuukka: I believe everybody agrees that no organisation can walk away from digitalisation, but we all need to have a clear strategy and plan for it. It is very important to pick the right partners with whom the IoT initiatives can be carried out successfully.

    The IoT and technology landscape is evolving so quickly that organisations need to stay on top of all the possibilities new technology can enable, being those digital twins, metaverse or anything else. This understanding combined with systematic technology roadmaps helps organisations deploy IoT successfully into their operations.   

    The post IoT in 2023, beyond smart connectivity appeared first on FutureIoT.

    ]]>
    The Game Plan: Modernising OT security programmes https://futureiot.tech/the-game-plan-modernising-ot-security-programmes/ Fri, 09 Dec 2022 03:00:00 +0000 https://futureiot.tech/?p=11765 The Fortinet global 2022 State of Operational Technology and Cybersecurity Report revealed that industrial control environments continue to be a target for cybercriminals. Globally, 93% experienced an intrusion in the past 12 months. Despite Singapore reporting a slightly smaller figure at 86%, there remain widespread gaps in industrial security and indicated opportunities for improvements. Addressing […]

    The post The Game Plan: Modernising OT security programmes appeared first on FutureIoT.

    ]]>
    The Fortinet global 2022 State of Operational Technology and Cybersecurity Report revealed that industrial control environments continue to be a target for cybercriminals. Globally, 93% experienced an intrusion in the past 12 months.

    Despite Singapore reporting a slightly smaller figure at 86%, there remain widespread gaps in industrial security and indicated opportunities for improvements.

    Addressing the audience during the Operational Technology Cybersecurity Expert Panel (OTCEP) Forum 2022 on 12 July, minister for Communications and Information, Josephine Teo, stressed the importance of enhancing the collaboration between the public and private sectors, supported by suitable security tools investments, which will better position Singapore to manage future OT cyber-attacks.

    During a media briefing, representatives from Fortinet, including Adam Wu, regional solution architect for OT, Rashish Pandey, vice president of marketing and communications, and Jonathan Chin, OT business development manager, joined Kenny Yeo, Frost & Sullivan's director and head of Asia Pacific cyber security practice, to talk about how organisations in Asia need to represent OT security practices.

    When an OT attack occurs, what is the workflow for resolving the attack? Typically, when does the CIO/CISO/IT team get involved when an OT attack occurs?

    Adam Wu

    Adam Wu: Don’t panic and don't pull the plug. Assess the process that you have currently in your plan. Then the CIO and IT team can decide, whether they want to isolate or start an instant response. The incident response has to be formulated by the organisation based on their needs. They toned to invoke caution before hitting the brake glass button and disconnecting everything.

    Frost says OT refresh cycles take longer than IT. How do you then keep OT and IT security practices synchronised and reflect the present environment?

    Rashish Pandey: The refresh cycles are different and longer for OT. The patching protocols are different depending on the different types of assets. How can these two teams work together? We observe that the air gap goes away and there is a need to have a common playbook that cuts across both IT and OT, known as IIoT alignment.  Aligning the mindset of OT and IT security is a bigger concern.

    Adam Wu: Organisations can do virtual patching, periodic validation, and risk assessments in their environment. Organisations should conduct risk assessments and audits regularly to ensure that the current controls are being followed.

    Do you see the current variety of connectivity standards for OT, and the varying age of OT devices as frustrating the securing of OT?

    Rashish Pandey

    Rashish Pandey: We can choose to do something about it. Organisations need to make sure that traffic is protected in transit as well and are taking security measures. We can’t rip out all the OT infrastructure and replace it with brand-new infrastructure. We need to start with where we are and put in place a pragmatic approach to protect these assets.

    How would you assess the state of OT security in Asia? Is the lack of maturity in OT security a reflection of lack of understanding or it’s just not a priority?

    Rashish Pandey: OT security as a discipline has come to the forefront of the day which coincided with the rise of industry 4.0. It's mainly the lack of awareness but it’s speeding up fast. We see the board of directors getting involved in this conversation. We do see varying degrees of maturity across Asia, in which Singapore is a leading player. We have a very robust conversation happening on OT and critical infrastructure security.

    Kenny Yeo

    Kenny Yeo: Regulation is also key, it’s the key number one factor leading to increased adoption of cybersecurity. Organisations tend to postpone OT security until something happens.

    Do you think CISOs/CIO/Head of OT Ops will trust an AI to take remedial action against OT threats without human intervention?

    Adam Wu: So, the level of security is according to the CVE rating, that is being assigned to a particular vulnerability. The score is derived from a variety of factors, whether it can easily exploitable, and whether it costs a lot of damage.

    There is also a human element to giving that score. If the exploit is being stopped, that’s the most important.  For FortiGate, you can set what level of security you want to stop, let's say, out of five scores, you can set maybe three and above to block anything. It is flexible.

    How should an OT security program be managed? Who should oversee this?

    Jonathan Chin: The conversation is about cyber resiliency, which depends on the organisation's dynamics. For example, some organisations have a dedicated individual working specifically on readiness. They are responsible for understanding whether threats are real and critical, but also what they should be doing and who they should call.

    Jonathan Chin

    Sometimes, the Lead Automation engineer takes charge due to OT system expertise, and the CIO/CISO acts as a consultant. In other cases, the IT teams take control regardless, and the Lead Automation engineer serves as a consultant. In an ideal case, an IT/OT specialized group should balance the IT/OT perspective.

    Do you see AI/machine learning as going beyond the identification of threats and into the pre-emptive prevention of threats?

    Jonathan Chin: AL/ML is utilized primarily for threat detection and automated responses upon discovery. However, we see AL/ML being increasingly used beyond threat identification to being utilized as take-down services, threat hunting at both networking, as well as endpoint levels, and actively pursuing botnet malware threats on the internet.

    AI/ML models provide an effective way to counterattack by learning the pattern of these attacks. Putting in place intelligent analysis at the endpoints can also provide an enormous advantage since it protects the point where the possibility of human error is most exposed.

    With IT looking at passwordless as the next level of authentication, do you see the necessity to deploy FIDO2 for IoT?

    Jonathan Chin: Passwordless authentication and FIDO2 came out of consumer password fatigue while preserving the need for security. However, implementing the same for air-gapped scenarios/ private clouds will need expert supervision.

    Security professionals can consider Multi-Factor Authentication (MFA) technologies which confirm the identity of users by adding a step to the authentication process. A second step is to verify a user's identity to ensure that a cybercriminal can't access an individual's account even if a password is compromised.

    OT organisations can also consider a Digital Risk Protection (DRP) Service that includes external attack surface management (EASM) and adversary-centric intelligence (ACI) which are essential in stopping adversaries early in their campaigns.

    The post The Game Plan: Modernising OT security programmes appeared first on FutureIoT.

    ]]>
    Multimodal Biometric Pod to more efficiently secure borders https://futureiot.tech/multimodal-biometric-pod-to-more-efficiently-secure-borders/ Wed, 07 Dec 2022 01:00:00 +0000 https://futureiot.tech/?p=11759 Border security is the defence against intruders and unlawful activity, and includes the use of devices, such as cameras, radars, and lasers. These systems contribute to enhanced monitoring capabilities and precise target localisation. It aids in protecting citizens from unlawful activities and military troops and ensuring their safety. This system can automatically analyse video, picture, […]

    The post Multimodal Biometric Pod to more efficiently secure borders appeared first on FutureIoT.

    ]]>
    Border security is the defence against intruders and unlawful activity, and includes the use of devices, such as cameras, radars, and lasers. These systems contribute to enhanced monitoring capabilities and precise target localisation. It aids in protecting citizens from unlawful activities and military troops and ensuring their safety. This system can automatically analyse video, picture, audio, and other surveillance data without or with minimal human intervention.

    The Border Security Market forecasts the border security market to reach US$65,150 million by 2030, growing at a CAGR of 7.61%

    As the travel industry, border authorities face the need to win in operational efficiency and user convenience. For years, biometrics has been used by authorities to simplify traveller experiences at borders, speeding up people's enrolment and ID checks (ex: the eGates or Entry-Exit Systems).

    The new Thales multimodal biometric pod is an efficient enrolment and identification solution that helps smoothly manage travellers’ border and immigration processes. It combines ‘iris & face’ capture and recognition capacities to enable fast and secure people enrolment and ID verification at borders. The pod features a modern design that perfectly suits the authority’s needs in high-security environments.

    With the Thales multimodal biometric pod, border authorities can easily integrate automation into their processes, without compromising on passenger and employee security nor on the confidentiality of the data exchanged as the solution offers ‘security and privacy by design’ parameters.

    Featuring a camera and a high-resolution LCD screen, the biometric pod can recognise pre-enrolled travellers’ iris and face from 0.5m and up to a record of 1.5m, with excellent accuracy. Boosted by AI, the solution captures dual iris and face in two seconds, leading to swifter operations and visibly shorter waiting queues.

    Thales biometric pods can be set at any border checkpoint (airports, seaports, etc.) managing both the first traveller enrolment upon arrival and quick biometric checks whenever required (upon territory exit, internal flights etc).

    “The combination of biometric patterns applied to touchless people authentication, is a sought-after solution for many stakeholders to address security, operational and convenience challenges”, said Youzec Kurp, VP of identity and biometric solutions at Thales.

    Youzec Kurp

    “Thales relies on its in-house biometrics, border, and smart travel expertise to design, develop and deliver top tier responsible biometric solutions to meet users’ expectations and authorities’ requirements.”

    Youzec Kurp

    The post Multimodal Biometric Pod to more efficiently secure borders appeared first on FutureIoT.

    ]]>
    Palo Alto Networks secures medical devices https://futureiot.tech/palo-alto-networks-secures-medical-devices/ Tue, 06 Dec 2022 01:00:00 +0000 https://futureiot.tech/?p=11753 "Healthcare providers continue to be high-value targets for attackers. This reality, combined with the diversity of medical IoT devices and their inherent vulnerabilities, points to a real need for device security that is purpose-built for healthcare use cases," said Ed Lee, research director, IoT and Intelligent Edge Security, IDC. “The ability to defend against threats […]

    The post Palo Alto Networks secures medical devices appeared first on FutureIoT.

    ]]>
    "Healthcare providers continue to be high-value targets for attackers. This reality, combined with the diversity of medical IoT devices and their inherent vulnerabilities, points to a real need for device security that is purpose-built for healthcare use cases," said Ed Lee, research director, IoT and Intelligent Edge Security, IDC.

    Ed Lee

    “The ability to defend against threats targeting critical care devices while maintaining operational availability and strengthening the alignment of device governance responsibilities between IT and Biomed engineering teams is quickly becoming a necessity for the protection of patient data and lives.”

    Ed Lee

    As healthcare providers use digital devices such as diagnostic and monitoring systems, ambulance equipment, and surgical robots to improve patient care, the security of those devices is as important as their primary function.

    It is therefore understandable that as technology advances and new innovations become accessible, the healthcare industry becomes a prime target for cybercriminals. Why not? Healthcare practitioners are not necessarily at the cutting edge of cybersecurity practice, and with how busy they are performing their tasks, who can blame them?

    Anand Oswal

    “The proliferation of connected medical devices in the healthcare industry brings a wealth of benefits, but these devices are often not well secured. For example, according to Unit 42, an alarming 75% of smart infusion pumps examined on the networks of hospitals and healthcare organizations had known security gaps,” said Anand Oswal, senior vice president of products, and network security at Palo Alto Networks.

    “This makes security devices an attractive target for cyber attackers, potentially exposing patient data and ultimately putting patients at risk.”

    Anand Oswal

    Zero trust in healthcare

    Zero Trust is a strategic approach to cybersecurity that secures an organization by eliminating implicit trust by continuously verifying every user and device. While a Zero Trust approach is critical to help protect medical devices against today's cyber threats, it can be hard to implement in practice.

    Through automated device discovery, contextual segmentation, least privilege policy recommendations and one-click enforcement of policies, Palo Alto Networks Medical IoT Security delivers a Zero Trust approach in a seamless, simplified manner.

    It also provides best-in-class threat protection through seamless integration with Palo Alto Networks cloud-delivered security services, such as Advanced Threat Prevention and Advanced URL Filtering.

    Using ML enables healthcare organizations to:

    • Create device rules with automated security responses: Easily create rules that monitor devices for behavioural anomalies and automatically trigger appropriate responses. For example, if a medical device that typically only sends small amounts of data unexpectedly begins to use a lot of bandwidth, the device can be cut off from the internet and security teams can be alerted.
    • Automate Zero Trust policy recommendations and enforcement: Enforce recommended least-privileged access policies for medical devices with one click using Palo Alto Networks Next-Generation Firewalls or supported network enforcement technologies. This eliminates error-prone and time-consuming manual policy creation and scales easily across a set of devices with the same profile.
    • Understand device vulnerabilities and risk posture: Access each medical device’s Software Bill of Materials (SBOM) and map them to Common Vulnerability Exposures (CVEs). This mapping helps identify the software libraries used on medical devices and any associated vulnerabilities. Get immediate insights into the risk posture of each device, including end-of-life status, recall notification, default password alert and unauthorized external website communication.
    • Improve compliance: Easily understand medical device vulnerabilities, patch status and security settings, and then get recommendations to bring devices into compliance with rules and guidelines, such as the Health Insurance Portability Accountability Act (HIPAA), General Data Protection Regulation (GDPR), and similar laws and regulations.
    • Verify network segmentation: Visualize the entire map of connected devices and ensure each device is placed in its designated network segment. Proper network segmentation can ensure a device only communicates with authorized systems.
    • Simplify operations: Two distinct dashboards allow IT and biomedical engineering teams to each see the information critical to their roles. Integration with existing healthcare information management systems, like AIMS and Epic Systems, help automate workflows.
    Bob Laliberte

    "With thousands of devices to manage, healthcare environments are extremely complex and require intelligent security solutions capable of doing more. Adding intelligence will enable providers to improve operational efficiency, which will enhance patient and practitioner experience and alleviate the burden of an ongoing IT skills shortage," said Bob Laliberte, principal analyst, ESG.

    The post Palo Alto Networks secures medical devices appeared first on FutureIoT.

    ]]>
    5G network security worth US$9 billion up for grabs https://futureiot.tech/5g-network-security-worth-us9-billion-up-for-grabs/ Wed, 30 Nov 2022 01:00:00 +0000 https://futureiot.tech/?p=11740 The current macroeconomic and political global context has put increased pressure on 5G rollouts, slowing expectations for growth in the network security market compared to previous forecasts. ABI Research forecasts the market to continue a steady upward, albeit slowed, trajectory to reach US$9.2 billion by 2026. “The criticality and resulting demand for security in 5G […]

    The post 5G network security worth US$9 billion up for grabs appeared first on FutureIoT.

    ]]>
    The current macroeconomic and political global context has put increased pressure on 5G rollouts, slowing expectations for growth in the network security market compared to previous forecasts. ABI Research forecasts the market to continue a steady upward, albeit slowed, trajectory to reach US$9.2 billion by 2026.

    “The criticality and resulting demand for security in 5G networks are undisputed. However, the persisting fallout of the global pandemic, with interrupted deployments of 5G, delays in spectrum auctions and the standardisation from Release 16, continue to impact the market,” explains Michela Menting, telco cybersecurity research director at ABI Research.

    She adds that current inflation and a potential recession in 2023 means mobile operators will face challenges for their future revenue streams (e.g., consumer spending), Operational Expenditure (OPEX) increases (e.g., energy prices driving up costs and increased price of upstream providers), and higher cost to borrow money (making investing harder).

    This means that investments in security technologies and services will take longer to materialise. ABI Research sees the opportunity for URLLC and mMTC as highly promising from a security perspective compared to the security demand in eMBB applications.

    A slowing market doesn’t mean a passive one. She opines that this slowing condition provides more time for stakeholders, notably mobile operators and network equipment providers, to plan for security monetisation in the enterprise space in 5G telco cloud and services.

    Michela Menting

    “They are faced with aggressive coopetition from hyperscalers and other new entrants, around which they will need to position themselves. As such, there is plenty of opportunity for the continued development of a lucrative and healthy security market in 5G.”

    Michela Menting

    The post 5G network security worth US$9 billion up for grabs appeared first on FutureIoT.

    ]]>
    Securing the critical https://futureiot.tech/securing-the-critical-to-secure/ Fri, 25 Nov 2022 01:00:00 +0000 https://futureiot.tech/?p=11724 In 2013, the Bowman Avenue Dam in New York In December 2015, three utility companies in Ukraine became victims of BlackEnergy malware which targeted the firms’ supervisory control and data acquisition (SCADA) systems. By the programmable logic controllers (PLC) The Stuxnet computer virus disrupted the Iranian nuclear program by damaging centrifuges used to separate nuclear […]

    The post Securing the critical appeared first on FutureIoT.

    ]]>
    In 2013, the Bowman Avenue Dam in New York In December 2015, three utility companies in Ukraine became victims of BlackEnergy malware which targeted the firms’ supervisory control and data acquisition (SCADA) systems.

    By the programmable logic controllers (PLC) The Stuxnet computer virus disrupted the Iranian nuclear program by damaging centrifuges used to separate nuclear material.

    The United States Presidential Decision Directive 62 (issued in 1998) stated that “Critical infrastructures are those physical and cyber-based systems essential to the minimum operations of the economy and government. They include, but are not limited to, telecommunications, energy, banking and finance, transportation, water systems and emergency services, both governmental and private.”

    Trending in ICS security

    Tim Conway

    Tim Conway, a certified instructor and technical director for ICS and SCADA programs at the SANS Institute says globally there are common trends across multiple geographies and critical infrastructure sectors with asset owners and operators pursuing increased interconnectedness across systems, increased remote access, and increased pursuit of cloud integration.

    “In addition, with this movement toward connecting and operating systems in ways they never were previously designed for, there is a corresponding increase in concern, which is driving regulation and framework adoption to ensure appropriate levels of cybersecurity detection and defence capabilities.”

    Tim Conway

    What are the current and emerging ICS vulnerabilities in critical infrastructure (in Asia)? What is the industry doing to address these?

    Tim Conway: This is truly a global issue, while some sectors may be of higher risk in certain geographies than other parts of the world, we all face similar challenges across common ICS devices, and protocols that are used in various industries. 

    In general, we are seeing a rise in ICS-targeted malware which is concerning for all vendors and the associated industries that rely on those vendor products and solutions. 

    Modular malware frameworks that allow adversaries to add capabilities or customise an attack approach have been discovered and they truly provide a force multiplier capability that could enable an increased frequency of attacks across a broader scope of targets potentially.

    With the increasing adoption of IIoT, to what extent are ICS vulnerabilities expanding beyond operational technology (OT)?

    Tim Conway: There will continue to be a feverish pursuit of connectivity and automation to everything everywhere, our challenge is in understanding where all those trusted communication paths are, how they could be misused and what impactful effects could be achieved. 

    Understanding these attack vectors, and vulnerabilities will allow organisations and individuals to make risk-informed decisions about what technologies should be pursued and where.  The phrase, “Just because you can, does not mean you should” applies well here. 

    Singapore is probably one of the best examples to look at regarding guidance and thoughtful discussions on the development of a common balanced approach to pursuing innovating technologies and interconnectedness with a healthy dose of concern about how those technologies should be implemented and maintained.

    Can you share common pitfalls and challenges in ICS security that impact/endanger critical infrastructure security in Asia?

    Tim Conway: Every process has unique considerations and nuanced discussions around appropriate cyber-informed engineering concepts that need to be pursued.  There needs to be a focused investment in the workforce around the areas of operations, engineering, safety, and cybersecurity to begin addressing the issues truly.

    What lessons can Asia learn from recent compromises and attacks in industrial companies around the world – to protect the community and national security?

    Tim Conway: As a region, I would recommend any country to look to activities being pursued around the world to run national exercises throughout their critical infrastructure sectors and examine the regulation or guidelines that have been implemented elsewhere to determine if there are areas within their own country that could benefit. 

    From an attack perspective, each sector should look to impactful attacks around the world and ask the questions of their teams – how that attack could occur in our organisation, would it have been worse, how would we detect and prevent it, what can we do to improve our abilities to operate through a similar attack, and then establish exercises to practice and prepare.

    What are the key ICS cybersecurity critical controls that governments and organisations should deploy to adapt, to best fit their environment and risks? How has ICS cyber security evolved in recent years?

    Tim Conway: ICS cyber security has greatly expanded from the perspective of solutions and guidance.

    We have recently released a whitepaper on “The Five ICS Cybersecurity Critical Controls” and we feel this will significantly help organisations establish focused capital and O&M projects and programs to address the areas of greatest risk.

    The post Securing the critical appeared first on FutureIoT.

    ]]>
    Cybersecurity challenges of IoMT and mitigation https://futureiot.tech/cybersecurity-challenges-of-iomt-and-mitigation/ Thu, 24 Nov 2022 01:00:00 +0000 https://futureiot.tech/?p=11717 Hospitals, medical facilities, and research laboratories are heavily dependent on connected devices and the Internet of Medical Things (IoMT), where the desire and need for data acquisition have necessitated such connectivity. The patient journey in Asia Pacific is accelerated by the increasing adoption of IoMT and other smart assets. According to Data Bridge Market Research, […]

    The post Cybersecurity challenges of IoMT and mitigation appeared first on FutureIoT.

    ]]>
    Hospitals, medical facilities, and research laboratories are heavily dependent on connected devices and the Internet of Medical Things (IoMT), where the desire and need for data acquisition have necessitated such connectivity. The patient journey in Asia Pacific is accelerated by the increasing adoption of IoMT and other smart assets.

    According to Data Bridge Market Research, the IoMT market in Asia Pacific is expected to grow with a CAGR of 24.1% from 2021 to 2028. Despite the growing IoMT market and rising adoption of advanced technologies, the healthcare industry still lags behind other advanced sectors such as info-communications on cybersecurity.

    The cybersecurity risks patients and operations can be exposed to are real and pervasive. Additionally, the accreditation and compliance to standards for connected medical assets, including IoMT, are also straggling.  With the growing number of unmanaged medical and non-medical devices and sensors, the risks to hospitals' cybersecurity go beyond IoMT itself.

    According to the Identity Theft Resource Center (ITRC), during the first half of 2022, the healthcare sector has been the number one target of data breaches.

    James Millington

    James Millington, senior director of product marketing at Armis, says concerns are not only with confidential medical data but also with patient care disruptions that might have life-threatening consequences. After all, the threat landscape has evolved with the rise of ransomware as a lucrative business model for criminals.

    “The complexity of the healthcare tech stack, due to a diverse number of devices and types of systems, makes it harder to track assets and manage their vulnerabilities.”

    James Millington

    “For example, hospitals need to deal with a great number of medical device vendors, each one with its own, little-known proprietary operating system. Besides, many of those devices are mobile — think of infusion pumps being moved from one room to another, which can lead to misplacement or loss,” he added.

    Does the coexistence of OT, IT, IoT, and IoMT expand the attack surface?

    The healthcare device ecosystem is highly connected – beyond smart medical devices that are touching the patient or directly providing care. The growing number of devices connected to the internet – over 55 billion by 2025, as per IDC – leads to an increased attack surface, too.

    Printers, self-check-in tablets, surveillance systems, smart lighting systems, and temperature control for vaccine storage are just a few examples of enterprise IT, Internet of Things (IoT), and operational technology (OT) in medical facilities. Hacking a smart TV in a waiting room might open the door to threats that can move laterally in often poorly segmented hospital networks and cause disruptions to patient care.

    Why is it a concern that medical devices do not accommodate agents?

    Since medical and clinical devices are regulated and built intentionally as walled hardware to achieve a specific outcome (for example, administering a medication), they usually don’t accommodate external software. As a result, they cannot be secured through traditional endpoint agents, nor easily updated or patched.

    Effective patch management is a significant concern given that cybercrime and nation-state actors have focused on discovering vulnerabilities or unpatched systems as a main method of attack, according to the 2021 Microsoft Digital Defense Report.

    Will the use of legacy technology compromise cybersecurity?

    Medical devices generally have a higher lifecycle than consumer technology. Due to concerns over patching or restrictions due to FDA certifications, the operating systems and software running these devices may go untouched and unpatched for fear of rendering the device inoperable and impacting patient care.

    Since medical equipment is expensive to replace, devices may even be operating outside the supported lifetime of the software they are running. An MRI machine, for example, might cost more than $400,000. Investments in hospital technology involve planning, training, and government subsidies.

    Are vulnerability scans disrupting healthcare?

    Medical devices have different sensitivities. You don’t know how a specific operating system (OS) will respond to the protocols of a vulnerability scanner. When the communication deviates from the expected, the device might crash.

    If you are doing a scan through a workstation, the end user can likely tolerate the disruption, but a medical device malfunction while touching a patient can negatively affect care (for example, if the device stops working in the middle of surgery).

    Network segmentation is recognised as a standard security strategy. How is the inconsistency in network segmentation affecting healthcare?

    A typical hospital network is flat and divided between biomedical and corporate IT security teams, creating silos. IT is concerned with cybersecurity, while biomedical teams focus on clinical usage. Traditionally, VLAN keeps both sides separated, but it’s not designed for security.

    Exposure to the IT side of the house increases risks. Many threats start on the IT side, such as the case of WannaCry malware, which spread through computers operating Microsoft Windows. As per Armis research, 40% of healthcare organisations suffered from the WannaCry attack.

    How to stay on top of IoMT vulnerabilities?

    Healthcare delivery organisations often lack the visibility to expand their vulnerability management programs to medical devices. Asset inventory is often a manual effort where healthcare professionals do a site survey, literally walking through every single room to see what they have and writing it down in an Excel sheet.

    Improved Internet of Medical Things security requires a holistic, automated inventory of every digital asset (IT, OT, IoT, and IoMT), regardless of who purchased them (IT or biomedical teams).

    To support today’s healthcare innovations, hospitals need a comprehensive cybersecurity and asset management solution that can monitor all devices, including those that cannot accommodate security agents.

    The post Cybersecurity challenges of IoMT and mitigation appeared first on FutureIoT.

    ]]>
    PodChats for FutureIoT: Understanding the fundamentals of secure IoT https://futureiot.tech/podchats-for-futureiot-understanding-the-fundamentals-of-secure-iot/ Fri, 18 Nov 2022 01:00:00 +0000 https://futureiot.tech/?p=11693 Gartner observed that in the past three years, nearly 20% of organisations have already observed cyberattacks on IoT devices in their network. IoT Analytics forecasts that globally the number of connected IoT devices will grow at 9% annually, reaching 27 billion IoT connections by 2025. Riding on this growth of connected devices is an increased […]

    The post PodChats for FutureIoT: Understanding the fundamentals of secure IoT appeared first on FutureIoT.

    ]]>
    Gartner observed that in the past three years, nearly 20% of organisations have already observed cyberattacks on IoT devices in their network.

    IoT Analytics forecasts that globally the number of connected IoT devices will grow at 9% annually, reaching 27 billion IoT connections by 2025. Riding on this growth of connected devices is an increased need for security.

    ResearchandMarkets forecasts the global IoT security market to grow from US$3.86 billion in 2021 to US$5.09 billion in 2022. The firm attributes this growth due to the companies stabilizing their output after catering to the demand that grew exponentially during the COVID-19 pandemic in 2021.

    While 64% of respondents to the Kaspersky study, Pushing the limits: How to address specific cybersecurity demands and protect IoT, use IoT solutions, as much as 43% do not protect them completely.

    The National Institute of Standards and Technology (NIST) paper, Recommended Criteria for Cybersecurity Labelling for Consumer Internet of Things (IoT) Products, posits that to reduce IoT product vulnerabilities, it is important to understand already exploited vulnerabilities in IoT products and ensure that consumer IoT product labelling programmes consider these incidents in its criteria to help improve the cybersecurity of the IoT ecosystem.

    Dr Dorit Dor, chief product officer with Check Point Software Technologies, explains that there are many levels to IoT leaving to misunderstanding and potential risks of exposure to threats from within and outside the organisation.

    “Even the lowest cost IoT device could be a starting point for an attack. You have to understand the connectivity of the IoT device to the internal and outside world. The fact that it bridges the two things without having the right IoT controlling them is the biggest evidence of this,” she explained.

    “People use IoT to do massive attacks (DDoS massive attacks) by taking over IoTs in many locations and doing denial of service or other destruction for the world. These are less focused attacks and more widespread attacks.”

    Dorit Dor

    More common than you think

    Dr Dor cautions that attacks that stem from unprotected IoT are not always targeted at specific industries. She calls back understanding that cybercriminals are often looking for the least protected targets.

    That is not to say that there are attacks that are specifically directed at certain industries or organisations.

    “It is less of a sectorial issue. It's more of a general issue of IoT devices being spread around and kind of hindering the security architecture of the organisation. By creating all these hidden links, the IoT itself could be served as a jump point for the intended target,” she cautioned.

    Common misconceptions and challenges

    Dr Dor noted that one of the biggest misconceptions when it comes to IoT security is the perception among enterprises that they do not have any IoT devices in the workplace. And if they did, the other misconception is that these devices are not connected to the internal network (without their knowledge).

    Another misconception, she added, is enterprises think they are protected when they are not.

    “People don’t always have the right personnel to perform the security sections required,” she posited.

    Advanced technologies to the rescue?

    Asked whether any advanced technologies help solve some of the challenges she presented, Dr Dor is confident that tools are available to help in the process of understanding the challenges.

    She cited the use of artificial intelligence (AI) as helping map the devices that are seen on the network of IoT devices and mapping their behaviour.

    “But to do this, you need to have a lot of data on similar IoT devices that exist,” she cautioned.

    “So as an organisation, you may not have enough data to secure your IoT devices. However, you probably have enough data on different uses and usages of this IoT device that could help you sanction or create sectioning policies for the IoT device.”

    Dorit Dor

    Bringing about greater security of IoT devices in the enterprise

    Dr Dor suggests reducing the access atmosphere of the IoT device to the least limited or a zoning-based approach. The other step is to understand what the IoT does and see that it behaves like a legitimate IoT device.

    She recommended organisations buy IoT devices that have some security and stability built in.

    Click on the PodChat player and hear in greater detail Dr Dor’s observations and recommendations for securing IoT for the enterprise.
    1. What are the IoT cyber security threats faced by enterprises?
    2. How common are these threats?
    3. What are common misconceptions and challenges encountered today when enterprises try to secure IoT devices?
    4. Can advanced technology such as AI, machine learning and deep learning solve these problems?
    5. What are the roles of AI, machine learning and deep learning in IoT security?
    6. What are your recommendations to bring about greater security of IT devices in the enterprise?

    The post PodChats for FutureIoT: Understanding the fundamentals of secure IoT appeared first on FutureIoT.

    ]]>
    Report reveals riskiest connected devices in enterprise networks https://futureiot.tech/report-reveals-riskiest-connected-devices-in-enterprise-networks/ Fri, 21 Oct 2022 01:00:00 +0000 https://futureiot.tech/?p=11557 The growing number and diversity of connected devices in every industry present new challenges for organisations to understand and manage the risks they are exposed to. Most organisations now host a combination of interconnected IT, OT and IoT devices in their networks that has increased their attack surface. A Ponemon Institute study noted that 65% […]

    The post Report reveals riskiest connected devices in enterprise networks appeared first on FutureIoT.

    ]]>
    The growing number and diversity of connected devices in every industry present new challenges for organisations to understand and manage the risks they are exposed to. Most organisations now host a combination of interconnected IT, OT and IoT devices in their networks that has increased their attack surface.

    A Ponemon Institute study noted that 65% of responding organisations say that IoT/OT devices are one of the least secured parts of their networks, while 50% say that attacks against these devices have increased.

    IT security practitioners in 88% of those organisations have IoT devices connected to the internet, 56% have OT devices connected to the internet and 51% have the OT network connected to the IT network.

    Threat actors are aware of these trends. Forescout recently reported on how ransomware groups have started massively targeting devices such as NAS, VoIP and hypervisors. Not surprisingly, most of these devices were among the riskiest identified in the 2020 Enterprise of Things Security Report

    Many of the device types observed among the riskiest in 2020 remain on the list, such as networking equipment, VoIP, IP cameras and programmable logic controllers (PLCs). However, new entries such as hypervisors and human-machine interfaces (HMIs) are representative of trends including critical vulnerabilities and increased OT connectivity. 

    2022’s riskiest connected devices

    The ten riskiest device types in each vertical and highlights the types of devices that security staff in each vertical should look at more carefully
    Source: The State of IOT Security, Forescout, 2022

    Using Forescout’s scoring methodology, Vedere Labs identified the five riskiest devices in four device categories: IT, IoT, OT and IoMT.

    • IT: Router, computer, server, wireless access point, and hypervisor
    • IoT: IP camera, VoIP, video conferencing, ATM, and printer
    • OT: PLC, HMI, uninterruptible power supply (UPS), environmental monitoring, and building automation controller
    • IoMT: DICOM workstation, nuclear medicine system, imaging, picture archiving and communications system (PACS), and patient monitor

    How organisations can mitigate risk

    “We have seen two recurring themes in Vedere Labs’ research, which this report reinforces,” said Daniel dos Santos, head of security research at Forescout’s Vedere Labs, noted two recurring themes: “First, attack surfaces are growing quickly due to more devices being connected to enterprise networks, and second, threat actors are increasingly able to leverage these devices to achieve their goals.

    Daniel dos Santos

    “Unfortunately, the attack surface now encompasses IT, IoT and OT in almost every organisation across the globe, with the addition of IoMT in healthcare. It is not enough to focus defences on risky devices in one category, as attackers will leverage devices in different categories to carry out attacks. Vedere Labs has demonstrated this with R4IoT, demonstrating how an attack that starts with an IP camera (IoT), can move to a workstation (IT) and disable PLCs (OT).”

    Daniel dos Santos

    What to do

    Forescout advises organisations to undertake a proper risk assessment to understand how their attack surface is growing. Granular classification information including device type, vendor, model and firmware version are required for accurate assessment. 

    Once this assessment is complete, organisations should mitigate risk with automated controls that are not reliant on security agents, and that apply to the whole enterprise, instead of silos like the IT network, the OT network, or specific types of IoT devices.

    Once the risk assessment is complete, organisations need to mitigate risk with automated controls that do not rely only on security agents and that apply to the whole enterprise, instead of silos like the IT network, the OT network, or specific types of IoT devices. 

    Forescout Continuum enables these types of controls by accelerating the design and deployment of dynamic network segmentation across the digital terrain while also automating policy enforcement by enabling countermeasures to mitigate threats, incidents and compliance gaps.

    Understand what makes the riskiest connected devices so risky. Then strive for full visibility into how many are connecting to your digital terrain so you can secure your attack surface.

    The post Report reveals riskiest connected devices in enterprise networks appeared first on FutureIoT.

    ]]>
    New framework to improve connectivity in the air https://futureiot.tech/new-framework-to-improve-connectivity-in-the-air/ Thu, 20 Oct 2022 01:00:00 +0000 https://futureiot.tech/?p=11554 The Wireless Broadband Alliance (WBA) has published the report “In-Flight Wi-Fi Connectivity: Improving Passenger Experience, Engagement and Uptake” exploring how airlines, service providers and other stakeholders can make it faster and easier for travellers to get and stay connected onboard aircraft. The paper covers the top business and technological challenges faced by stakeholders such as […]

    The post New framework to improve connectivity in the air appeared first on FutureIoT.

    ]]>
    The Wireless Broadband Alliance (WBA) has published the report “In-Flight Wi-Fi Connectivity: Improving Passenger Experience, Engagement and Uptake” exploring how airlines, service providers and other stakeholders can make it faster and easier for travellers to get and stay connected onboard aircraft.

    The paper covers the top business and technological challenges faced by stakeholders such as airlines, identity providers including mobile operators, satellite and air-to-ground backhaul services, avionics vendors and hub services that facilitate roaming.

    The on-the-air connectivity challenge

    One major reason is the difficulty connecting to the Internet due to the traditional captive portal method. Passengers must connect to the correct Wi-Fi (network SSID), then navigate to the correct landing page and finally determine which pass they want to buy, and how to register and pay.

    In an online journey, each incremental step usually leads to dropouts, and for airlines, service providers and other ecosystem members, every dropout due to this unnecessarily complex connection process are lost revenue.

    Airlines have invested in inflight portal services, and an employer’s VPN is a barrier for business travellers consuming these. Once they have internet connectivity, connecting to their VPN will prevent them from being able to access these onboard services.

    To regain access, they must disconnect their VPN. This back-and-forth makes them less likely to purchase in-flight services such as inflight food and duty-free — another revenue loss for airlines and other ecosystem members.

    The report claims stakeholders can overcome these and other major barriers and improve the process by implementing Passpoint.

    Passpoint frees passengers from the hassle of manually entering log-in credentials every time. Instead, the aircraft’s network automatically authenticates and connects them on every flight with an automatic, secure and friction-free user experience.    

     It also lays the foundation for airlines and other ecosystem members to participate in the WBA’s OpenRoaming federation. By simply adding the appropriate Roaming Consortium Organisation Identifiers (RCOIs) to the network, airlines and other ecosystem members can leverage the enhanced security, privacy, and automatic network-attached experience afforded by Passpoint, which are key concerns for business travellers, with the convenience of OpenRoaming for authentication.

    As a federated service, OpenRoaming also ensures that travellers get and stay connected at additional locations throughout their journey to and in the airport, hotels, convention centres and any other public locations, and finally on board the aircraft. Airlines can use this gate-to-gate experience to create new loyalty opportunities for travellers, and new monetization models with identity providers and partners.

    Going forward, WBA members have already agreed to move one step further and start developing industry guidelines for users' digital experience when using Wi-Fi networks. This ultimately will unleash a consistent experience across networks with non-fixed backhauls, such as maritime and trains use cases. Ultimately, an integrated and consistent mechanism will be trialled initially by WBA members in real-world scenarios and create the standard for commercial rollout. 

    Tiago Rodrigues, CEO of the Wireless Broadband Alliance, commented that connectivity today is fundamental for daily lives and Wi-Fi is the most used wireless connectivity technology in the world.

    “The in-flight Wi-Fi experience must improve to give vacationers and business travellers access to flight information, entertainment, social media and more. But a host of technological and business challenges have prevented in-flight Wi-Fi from living up to its mainstream potential.”

    Bruno Tomas, CTO of the Wireless Broadband Alliance said: “Airline travel is soaring, with international traffic up 229.5% over the past year and total traffic up 76.2%, according to the International Air Transport Association (IATA). “That trend means now is the ideal time for airlines to take a fresh look at their in-flight Wi-Fi experience. This report shows how they can use Passpoint and WBA OpenRoaming to eliminate complexity so passengers can take full advantage of all their in-flight services.”

    The post New framework to improve connectivity in the air appeared first on FutureIoT.

    ]]>
    Understanding threat actors’ steps into OT and ICS environments https://futureiot.tech/understanding-threat-actors-steps-into-ot-and-ics-environments/ Tue, 18 Oct 2022 04:00:00 +0000 https://futureiot.tech/?p=11551 “To know your enemy, you must become your enemy.” Sun Tzu, regarded as one of the greatest military strategists of all time, certainly did not live in the hyper-connected and cyberthreat-laden times of today, but we would all benefit from some of his more profound teachings. And it seems some of his teachings have made […]

    The post Understanding threat actors’ steps into OT and ICS environments appeared first on FutureIoT.

    ]]>
    “To know your enemy, you must become your enemy.” Sun Tzu, regarded as one of the greatest military strategists of all time, certainly did not live in the hyper-connected and cyberthreat-laden times of today, but we would all benefit from some of his more profound teachings. And it seems some of his teachings have made their way into the planning of cybersecurity strategies.

    The increasing frequency of OT/ICS cyberattacks is serving as a wake-up call to organisations. Cybercriminals are using a range of techniques to launch a tsunami of attacks against OT and ICS systems.

    The impact of these attacks can affect the masses by causing civic unrest, and governments in some countries are taking pre-emptive measures to stop these attacks.

    For instance, the Cyber Security Agency of Singapore (CSA) created the OT Cybersecurity Masterplan in 2019 to enhance the security and resilience of the nation’s Critical Information Infrastructure (CII) sectors in delivering essential services.

    Its goal was to improve cross-sector response to mitigate cyber threats in the OT environment and to strengthen partnerships with industry and stakeholders, proving that the threat of OT/ICS attacks is imposing enough for governments to act before they happen.

     In today’s manufacturing and utility networks, feeble defences across assets, managed and unmanaged devices give adversaries the advantage to launch attacks.

    Without direct action to harden OT networks and control systems against vulnerabilities introduced through IT and business network intrusions, OT system owners and operators will remain at indefensible levels of risk.

    An example is Iran suffering a major attack on its fuel stations nationwide in 2021, which disabled a system that allowed millions of Iranians to use government-issued cards for fuel at a subsidised price.

    In total, 4,300 fuel stations were victims of the attack with traffic in cities being widely affected in an attempt to get “people angry by creating disorder and disruption”, according to Iranian president Ebrahim Raisi.

    Similarly, petroleum powerhouse Oil India suffered a cyberattack disrupting the company’s operations in Assam earlier in 2022. In the attack, they received a ransom demand of USD 7,500,000, disrupting business through its IT systems.

    The company reported huge financial losses due to the attack. When securing against today’s cyber threats, it is important to understand the game plans of threat actors and proactively counteract them with solutions.

    Let’s start with Sun Tzu to understand our enemy’s 5 steps into our ICS and OT environments:

    1. Effects and targets: 

    APT actors, or state-sponsored actors, are looking to create chaos, sow discord, or destabilisation of leadership. To do so, they typically vet out critical assets within critical infrastructure like controllers in marine ports, energy generation/distribution points, and highly visible targets where disruption may cause harm, distrust, or may psychologically or socially impact a community.

    Conversely, cybercriminals are looking for a payoff and are more than happy to find high-value targets anywhere within an organisation to extort their owners. While there may have been a wide gap in the past, the skills, backing, and training between the two are narrowing.

    WHAT TO DO: Define your critical protection surfaces. Not all systems and components are created equal. Begin by identifying the most critical surfaces and grow to incorporate additional surfaces over time.

    Within OT, this may be a bank of Windows machines that allow for remote access into a PLC segment where third-party lateral connections are established for maintenance and support. Within IT, these may be north-south assets that allow for pivoting from IT into OT, especially if IT connections to the Internet are present.

    2. Intelligence collecting on the target system: 

    It is widely known that information about both OT systems and IT technologies is widely known. Publicly available documentation on both IT and OT systems and components are not hidden, including default admin credentials.

    WHAT TO DO: Never allow for default admin credentials to reside on any asset and continually rotate passwords.

    3. Developing techniques and tools: 

    Adversaries can be quite resourceful, especially with readily available tools on the dark web. Presuming devices are secured because they run proprietary protocols is a zero-sum game as tools are readily available to exploit IT and OT systems.

    APT actors have also developed tools to scan for, compromise, and control certain Schneider Electric PLCs, OMRON Sysmac NEX PLCs, and Open Platform Communications Unified Architecture (OPC UA) servers.

    WHAT TO DO: Acknowledge that standalone, islanded networks are few and far between. Do not presume a posture of security by obscurity. Monitor application usage and ICS traffic to include authorised user access and behavioural anomalies.

    4. Gain initial access:

    Most modern control systems have remote access capabilities that allow third-party vendors and integrators into the systems, as well as work-from-home, remote access and the supply chain. Oftentimes, these points of access into the network are attack vectors for cyber actors. Matters get worse when we add wireless access points to the mix that attract local actors into the fray.

    WHAT TO DO: Audit all third-party access. Ensure the ability to pivot to high-value targets is non-existent. Take advantage of VLAN technologies to create safe holding pens for devices as they are introduced into your network prior to introducing them into the production network. Look for devices with multiple NICs attaching to differing networks, creating bridges from ‘A to B’.

    5. Execution: 

    The disruption, disabling, denying, and/or destruction of the system, to achieve intended results. This might include the degradation of the monitoring of a target system (Manipulation of View [T0832] ), operation of the control system (Manipulation of Control [T0831]), SCADA impairment (Block Reporting Message [T0804], Denial of View [T0815]), denial of control (Denial of Control [T0813]), or Theft of Operational Information [T0882]).

    WHAT TO DO: Monitor industrial control commands and anomalous behaviours coming from unauthorised machines, unauthorised users, commands occurring outside of change control, and multiple reset, errors, and mode changes in critical infrastructure.

    As system owners and operators, we cannot prevent a malicious actor from targeting our systems. Understanding that being targeted is not an “if” but a “when” is essential. By assuming that the system is being targeted and predicting the effects that a malicious actor would intend to cause we can employ and prioritise mitigation actions.

    It all starts with identifying the initial system and all its sub-components within a protected surface. Once we find success, repeating across the broader OT landscape gets easier each time.

    The post Understanding threat actors’ steps into OT and ICS environments appeared first on FutureIoT.

    ]]>
    PodChats for IoT: Working with IoT data analytics https://futureiot.tech/podchats-for-iot-working-with-iot-data-analytics/ Tue, 18 Oct 2022 03:00:00 +0000 https://futureiot.tech/?p=11573 By 2025, it is expected that IoT devices will generate roughly 73.1 Zettabytes of data. Around that time, 30% of all data will be real-time, with IoT accounting for nearly 95% of it, 20% of all data will be critical and 10% of all data will be hypercritical. The real-time nature of IoT data presents […]

    The post PodChats for IoT: Working with IoT data analytics appeared first on FutureIoT.

    ]]>
    By 2025, it is expected that IoT devices will generate roughly 73.1 Zettabytes of data. Around that time, 30% of all data will be real-time, with IoT accounting for nearly 95% of it, 20% of all data will be critical and 10% of all data will be hypercritical.

    The real-time nature of IoT data presents opportunities, challenges and threats to organisations. Analytics will have to happen in real time for companies to benefit from these types of data.

    According to Niraj Naidu, APJ head of field engineering for DataStax, the internet of things (IoT) refers to the billions of internet-connected devices around the world that use different types of sensors to collect real-time data remotely.

    He adds that the IoT use cases span many different industries in a wide range of applications, depending on the application, the data that is collected from these devices can be used to perform analytics.

    These devices need support from a modern technology stack that can ingest and handle a continuous flow of real-time and often time series data. Some IoT devices may have multiple sensors collecting different types of data.

    Niraj Naidu

    “All that data flows in and is integrated into a platform where analytics are applied, patterns emerge from the analytics and insights are uncovered. These insights are then effectively converted into useful information that is delivered to end users via the IoT application user interfaces.”

    Niraj Naidu

    “And so, we see the type of valuable information will vary by each application’s purpose, but it could be a recommendation it could be an alert, a status update, or any other variety of use cases being tackled by specific IoT initiatives that you know, these organizations have,” he added.

    The six challenges of a growing IoT ecosystem

    Naidu forecasts that by 2024, the global IoT market is predicted to surpass a trillion dollars annually.

    He posited that due to this growth, companies are now speedily accumulating hundreds of terabytes or even 1000s of terabytes of data, depending on the industries that they're based in.

    “These companies are therefore having to deal with many different challenges when it comes to managing data produced by these IoT devices or even gadgets.”

    There are six main things that we tend to see:

    Scalability: Companies need a modern architecture that can quickly and seamlessly scale alongside the number of users’ devices or even the associated data volumes if they suddenly skyrocket to this.

    Security: Data flowing in from IoT devices can be located anywhere globally, and there is a high probability that some if not all of it, is sensitive information. A company trying to completely handle the security of this data internally places itself at risk of a breach occurring.

    Control: Data should be a company's most asset, and IoT collection and analysis can yield some amazing insights that will lead to them creating a competitive advantage for them in their markets. Organizations should therefore have complete control over that data and their data. And be able to migrate whenever and wherever they want and make it a first-class citizen.

    Performance: The value that can be gained from IoT data depends on its timelessness. And the effectiveness of IoT devices largely relies on the responsiveness of the system. The platform that can truly handle millions of devices, and elastically scale with any unexpected spikes, can do all of this without slowing things down

    Flexibility: Companies need that flexibility to speedily adjust, when necessary, to handle that rarity of data and devices. The database should have the ability to deal with many different types of data models and cloud environments that these IoT devices are generating.

    Availability: That's one of the other key challenges that organizations are having and the success of an IoT system requires continuous flow and exchange of data, and as such going offline, it could be disastrous.

    “When it comes to smart products, smart devices customers expect to access and information to be just to be available right at the click of a finger. The systems must therefore always be online, with no single points of failure,” he concluded.

    Data infrastructure for IoT

    Naidu suggests that the data infrastructure for an IoT system today needs to be open. It is built on a modern data management layer that once again can ingest large volumes of high-velocity data that these IoT devices and gadgets are created.

    There are three parts to the system there is device connectivity, IoT Hub and the business layer.

    Device connectivity is metadata information for each deployed device that needs to be managed. Each of those management layers is looking at specific things like the device registry device. Once again, metadata right device configuration, looking at device states, the device commands and interactions, and device shadows.

    This part of the IoT system also contains field gateways, specialized devices, or software that acts as a communication enabler in even a local device control system, and a device data processing hub.

    The IoT Hub is where all the data comes together to allow operations, administration, and insights to take place. It has two or more types of storage, looking at a hot layer for ingesting and a holding layer for recent data and another cold layer for older data.

    That hub can be on-premises or close to the edge or in the cloud depending on the scale of the data or latency requirements that the organization may have.

    There are then two types of analytics that can be conducted via that hub. There's real-time analytics right as data arrives at a central hub. It is streamed with event streaming technologies, which allows complex event processing tasks and analytical tasks to take place.

    Batch analytics is ideal for cases where large amounts of data must be analysed right with batch queries, or even ad hoc queries, as those systems or users require.

    At the business layer is where all the data from those devices’ gateways and, other sources come together to provide analysis for actionable insights. This analysis provides the ability to spot anomalies and explore trends and measure operational efficiency is just an example.

    Other tools like artificial intelligence and machine learning form the basis for predictive maintenance and operation.

    “I think that those three elements, they're aligned around device connectivity, the IoT hub in the business layer is what really kind of help form the right data infrastructure, architecture for IoT.”

    Click on the PodChat player as Naidu elaborates on how to achieve better results using IoT analytics.
    1. What is IoT analytics?
    2. How prevalent is the use of IoT analytics in Asia?
    3. We know that IoT produces a lot of data. What are the real challenges why enterprises struggle to better utilise/monetise the data produced by IoT?
    4. Can you name a high-value/promising use case of IoT analytics?
    5. What would the data infrastructure for IoT look like?
    6. Do you see IoT streaming data as further complicating (or facilitating) IoT analytics adoption?
    7. Where does DataStax sit in the adoption of IoT analytics?

    The post PodChats for IoT: Working with IoT data analytics appeared first on FutureIoT.

    ]]>
    Survey reveals top edge computing workloads https://futureiot.tech/survey-reveals-top-edge-computing-workloads/ Mon, 17 Oct 2022 01:00:00 +0000 https://futureiot.tech/?p=11537 Java, C, and C++ are the most widely used programming languages for constrained devices. Developers indicate that Java is the preferred language for IoT gateways and edge nodes. MQTT continues to be the most widely used IIoT communication protocol, though there seems to be increased fragmentation. HTTP/HTTPS and REST show slight decreases in IIoT usage […]

    The post Survey reveals top edge computing workloads appeared first on FutureIoT.

    ]]>
  • Java, C, and C++ are the most widely used programming languages for constrained devices. Developers indicate that Java is the preferred language for IoT gateways and edge nodes.
  • MQTT continues to be the most widely used IIoT communication protocol, though there seems to be increased fragmentation. HTTP/HTTPS and REST show slight decreases in IIoT usage compared to 2021, while alternative communication protocols (TCP/IP, AMQP, in-house/proprietary) have seen noticeable growth.
  • Agriculture (23%) has emerged as the leading industry for IIoT and edge computing technology, followed by industrial automation (22%), automotive (20%), and energy & smart cities (17%).
  • Concerns around security have nearly doubled in this year’s survey, making it one of the top 3 challenges developers face, along with connectivity, and data collection & analytics.
  • There is increased public cloud fragmentation, and the big three are being challenged. Despite continued dominance, Amazon AWS with 36% usage (-8% in 2022), Microsoft Azure with 18% (-11% in 2022), and Google Cloud Platform with 16% (-4% in 2022) have all lost ground against a growing competitive landscape.
  • Container images (49%) are the most frequently selected edge computing artefact.
  • These are some of the findings from the 2022 IoT & Edge Developer Survey, published by the Eclipse Foundation and administered by the Eclipse IoT Working Group, the Eclipse Edge Native Working Group, and the Eclipse Sparkplug Working Group.

    Source: 2022 IoT & Edge Developer Survey, Eclipse Foundation

    Another survey finding is that edge computing is gaining traction in real-world applications as top edge computing workloads all show significant increases in adoption.

    Mike Milinkovich

    “IoT and edge computing are arguably the most important technologies today, particularly for industries like industrial automation, agriculture, and automotive,” said Mike Milinkovich, executive director of the Eclipse Foundation.

    The post Survey reveals top edge computing workloads appeared first on FutureIoT.

    ]]>
    DigiCert offers Root Certificate for Matter devices https://futureiot.tech/digicert-offers-root-certificate-for-matter-devices/ Fri, 14 Oct 2022 01:05:00 +0000 https://futureiot.tech/?p=11532 Matter is a unifying IP-based protocol to help connect and build reliable, secure IoT ecosystems. The release of Matter 1.0 by the Connective Standards Alliance means that smart home brands can begin the process of getting their devices tested and certified for Matter. Matter devices offer consumers assurances of secure use through a consortium-led standard […]

    The post DigiCert offers Root Certificate for Matter devices appeared first on FutureIoT.

    ]]>
    Matter is a unifying IP-based protocol to help connect and build reliable, secure IoT ecosystems. The release of Matter 1.0 by the Connective Standards Alliance means that smart home brands can begin the process of getting their devices tested and certified for Matter.

    Matter devices offer consumers assurances of secure use through a consortium-led standard for authenticating device identity that only allows Matter-certified devices to connect to the network.

    With the high-profile hacking of critical infrastructure, security remains an important issue that the ecosystem or manufacturers, users and regulators need to address before the next major disaster occurs.

    “The introduction of Matter to the smart home industry is an exciting move that improves interoperability between devices and raises the bar for security, creating a more efficient and secure experience for consumers,” said DigiCert VP of IoT Security Mike Nelson.

    It also presents new opportunities for organisations like DigiCert to make available new offerings. This includes DigiCert’s announcement that its Root Certificate Authority (CA) is approved by the Connectivity Standards Alliance (Alliance) for Matter device attestation.

    As the first Matter-approved root CA, also known as a Product Attestation Authority (PAA), DigiCert can now provide rapid time to market for smart home manufacturers looking to earn the Matter seal on their products.

    Chris LaPre

    “Device attestation allows existing Matter devices to locally confirm new ones when they have been recognized by the local network, and quickly remove non-compliant devices when needed. Consumers are no longer under the burden of ensuring new devices are secure; it happens automatically,” said Chris LaPre, Director of Technology at the Connectivity Standards Alliance.

    DigiCert contributed its expertise to the security and attestation components of the standard and has the scalable technology to enable an efficient path to compliance.

    “DigiCert has been involved in building the Matter standard for several years, and we’ve already helped many leading companies evaluate their device attestation procedures using our test Certificate Authority. Now, with our PAA approved for production, we are ready to help customers save time in achieving Matter security compliance,” Nelson elaborated.

    What DigiCert offers to Matter participants

    • Accelerate time to market in achieving Matter compliance.
    • Save money by avoiding the costs of technology, maintenance, staffing and ongoing compliance.
    • Enjoy flexible deployment options, including on-premises, hosted or batch issuance.
    • Simplify management of device attestation certificates and product attestation intermediates through the DigiCert IoT Device Manager.
    • Gain efficiencies using a scalable platform to sign and secure device updates.

    The post DigiCert offers Root Certificate for Matter devices appeared first on FutureIoT.

    ]]>
    PodChats for FutureIoT: Securing IoT beyond 2022 https://futureiot.tech/podchats-for-futureiot-securing-iot-beyond-2022/ Wed, 12 Oct 2022 04:00:00 +0000 https://futureiot.tech/?p=11567 According to IoT analytics, the current business sentiment for companies in digital and IoT remains predominantly positive. There is widespread acknowledgement that Covid-19 had an overall positive effect on the accelerated adoption of IoT technologies. IoT Analytics also reports record levels of VC investments for IoT firms, including acquisitions in the areas of AI and […]

    The post PodChats for FutureIoT: Securing IoT beyond 2022 appeared first on FutureIoT.

    ]]>
    According to IoT analytics, the current business sentiment for companies in digital and IoT remains predominantly positive. There is widespread acknowledgement that Covid-19 had an overall positive effect on the accelerated adoption of IoT technologies.

    IoT Analytics also reports record levels of VC investments for IoT firms, including acquisitions in the areas of AI and analytics. It is anticipated that despite headwinds like rising inflation and prolonged supply chain disruptions, overall sentiment will continue to be positive as the number of connected IoT devices reach 14.4 billion by the end of 2022.

    With this growth, we can expect more targeted and perhaps creative ways of attacking both producers and enterprise consumers of IoT devices in the years ahead.

    According to Satyajit Sinha, principal analyst for IoT Analytics, organisations tend to focus on security from a softer aspect or had network security at best.

    Satyajit Sinha

    “We have never seen security from the device aspect, and IoT demands different requirements of security such as authentication, authorisation, and identification. Most devices are secured through software security which is not adequate as they are vulnerable to attacks.”

    Satyajit Sinha

    “The more we create awareness about IoT devices security, the more people will implement security in their devices,” he added.

    How adequately do you think current IoT ecosystems are secured, especially for unmanaged IoT devices?

    Satyajit Sinha: The IoT devices do not have the capability to hold a higher level of security because of the power constraint thus security will always be a challenge. However, if these devices are connected to a gateway or a router, they can secure the touchpoint of the network and IoT ecosystems. It is not the case for small devices or unmanned devices.

    Are concerns around IoT security justified? Or why does the IoT ecosystem require security?

    Source: IoT Analytics

    Satyajit Sinha: People are focused on securing devices that create critical data, autonomous driving and intelligent devices for example. But this should not just be about selected devices.

    A thermostat may not provide critical data so you may disregard whether it is secured or not. But, if it is linked to your home gateway, it is easy for someone to hack into your network and get all the information from all other connected devices.

    What is the strategy that will secure IoT?

    Satyajit Sinha: For hackers, it is a business. They will not invest their time and money in devices with multiple layers of security. So, the best strategy is to have multiple layers of security from hardware to software to network to cloud security. Connect these four and create end-to-end security, also called chip-to-cloud security.

    What are the challenges or roadblocks to securing IoT end-to-end?

    Satyajit Sinha: First is having the right policies and regulations. There needs to be proper regulations and direction for security implementation in the market. The second is industry sentiment.

    "Treating security as an extra cost will incur a burden in the long term. We need to understand that if you don't spend on that extra secure element chip, you will have to pay more in a ransomware attack."

    Satyajit Sinha

    Last is device provisioning and key management services for chip-to-cloud security. It is difficult to manage security especially if you switch between service providers.

    What are the key similarities and differences between traditional IT security and IoT Security?

    Satyajit Sinha: The similarity I believe is that both are accountable not just at the OEM level but also platform and the cloud level. The difference is that it is new for the IT industry to manage IoT security with multiple applications. There are many standards, and numerous players come up with their own solutions.

    How much is post-quantum security relevant for now?

    Satyajit Sinha: All IoT devices have a lifespan of about 10 to 15 years which means they are not capable of quantum security in the long run. Security needs to be future proof and there is no extra cost for adding quantum-level security so organisations should consider having it.

    Click on the PodChat player to listen to Sinha on the state of the security of IoT devices in Asia.
    1. How adequately do you think current IoT ecosystems are secured, especially for unmanaged IoT devices?
    2. Are concerns around IoT security justified? Or Why does the IoT ecosystem require security?
    3. What is the strategy that will secure IoT?
    4. What are the challenges or roadblocks to securing IoT end-to-end?
    5. What are the key differences between traditional IT security and IoT Security?
    6. How much is post-quantum security relevant for now?

    The post PodChats for FutureIoT: Securing IoT beyond 2022 appeared first on FutureIoT.

    ]]>
    Relay feature extends LoRaWAN coverage for metering, utilities, smart cities and industrial applications https://futureiot.tech/relay-feature-extends-lorawan-coverage-for-metering-utilities-smart-cities-and-industrial-applications/ Thu, 06 Oct 2022 01:00:00 +0000 https://futureiot.tech/?p=11495 Bluetooth and Wi-Fi are popular, yes, but these protocols are not designed to support the growing number of IoT applications. Where security and reliable connection to a local wireless network is required. Long-range wireless communications technologies provide the answer provided you can solve the power requirements needed to sustain the connection. Low Power Wide Area […]

    The post Relay feature extends LoRaWAN coverage for metering, utilities, smart cities and industrial applications appeared first on FutureIoT.

    ]]>
    Bluetooth and Wi-Fi are popular, yes, but these protocols are not designed to support the growing number of IoT applications. Where security and reliable connection to a local wireless network is required. Long-range wireless communications technologies provide the answer provided you can solve the power requirements needed to sustain the connection.

    Low Power Wide Area (LPWA) network technologies, such as 3GPP standards like LTE-M and NB-IoT, offer long-range communications with broad coverage, the ability to handle a large number of devices and low power consumption to IoT devices to operate for 10 years or more.

    Relay allows for battery-operated, easy-to-deploy network coverage extensions at a fraction of the cost of adding additional gateways.

    Challenges however remain. Participants in a VDC Research-sponsored study, identified several challenges related to IoT system development using LPWA including 1) minimizing power consumption; 2) securing IoT data; 3) lowering project development time, and 4) reducing the total cost of ownership.

    Working on the problem, the global association of companies backing the open LoRaWAN standard for the internet of things (IoT) low-power wide-area networks (LPWANs), the LoRa Alliance has expanded the LoRaWAN link-layer standard with the addition of a relay specification.

    This allows LoRaWAN to achieve excellent coverage in use cases requiring deep indoor or underground coverage, or relay data on satellite-connected LoRaWAN devices within proximity.

    Donna Moore

    “LoRa Alliance members identified that end users in specific markets needed a solution to achieve full network coverage due to environmental challenges surrounding their deployments,” said Donna Moore, CEO and chairwoman of the LoRa Alliance.

    “With relay, we’re providing a standardized solution that allows for full end-to-end communications in the extremely challenging underground, metal and concrete environments where sensor signals could use a boost or redirect to reach either the gateway or end-device.”

    Donna Moore

    She added that the new relay feature is a direct response to market needs and provides an essential building block to enable massive IoT.

    Relay use cases

    One of the first markets to adopt relay is metering in the utility sector. Utilities represent a massive opportunity for IoT, with VDC Research estimating that worldwide LPWAN communication services revenue will reach $2.47 billion by 2025.

    Adding relay to the LoRaWAN standard to achieve coverage for even the most difficult cases (e.g., meters inside metal closets) significantly strengthens LoRaWAN’s market position in metering and utilities, and more broadly across key verticals including smart cities and buildings, and industrial IoT.

    Using a relay is ideal for any application monitoring static assets in challenging environments.

    LoRaWAN relay feature

    The LoRaWAN standard is proven for long-range communications, however, there can be physical limits to where LPWAN communications can reach, such as around turns, underground, where a signal needs to be reflected/relayed into a specific location, etc. LoRaWAN relays allow signals to go where they physically couldn’t go before.

    The LoRaWAN TS011-1.0.0 LoRaWAN Relay Specification document describes the relaying mechanism used to transport LoRaWAN frames bi-directionally between an end-device and gateway/network server via a battery-operated node. By enabling relay, the device can transfer LoRaWAN frames between an end device and network when there is insufficient coverage from the gateway.

    This specification enables Network coverage extension through the battery-operated relay and maintains compatibility with the LoRaWAN Link-Layer standard in terms of protocol and security. The new relay nodes are battery-powered and can be installed anywhere and do not require electricity or internet connectivity. This makes them a very easy-to-deploy, low cost and low-power way to extend network coverage, without needing to add additional gateways. Relay endpoints allow LoRaWAN to provide coverage of all devices with only a nominal cost of installation.

    The post Relay feature extends LoRaWAN coverage for metering, utilities, smart cities and industrial applications appeared first on FutureIoT.

    ]]>
    Creating cybersecurity awareness for IoT https://futureiot.tech/creating-cybersecurity-awareness-for-iot/ Mon, 03 Oct 2022 01:00:00 +0000 https://futureiot.tech/?p=11463 CB Insights predicts that digital twins will take off in 2022 as organisations seek to hedge against supply chain disruption. “Moving from the cloud to the factory floor, some manufacturers are turning to a micro-factory model, which relies on automation and robotics to create more flexible manufacturing frameworks that can be deployed in a fraction […]

    The post Creating cybersecurity awareness for IoT appeared first on FutureIoT.

    ]]>
    CB Insights predicts that digital twins will take off in 2022 as organisations seek to hedge against supply chain disruption.

    “Moving from the cloud to the factory floor, some manufacturers are turning to a micro-factory model, which relies on automation and robotics to create more flexible manufacturing frameworks that can be deployed in a fraction of the time and at scale.”

    CB Insights

    IoT Analytics forecasts the Internet of Things (IoT) market will grow by 18% to 14.4 billion active connections. It also posits that by 2025, as supply constraints ease and growth further accelerates, there will be approximately 27 billion connected IoT devices.

    These billions of connections are a natural magnet luring cybercriminals looking for new targets and new opportunities.

    According to CB Insights this “plunging deeper into virtual worlds opens up the playing field to more cybercrime: security solutions will become a major priority, especially as crypto hype and data privacy controversies continue to boom.”

    Creating awareness about IoT vulnerabilities

    BlackBerry EVP and CTO, Shishir Singh says the massive network of connected things will require interoperability between systems. He posits that organisations need to sensitize employees to the fact that IoT introduces unprecedented safety and privacy risks.

    He believed that employees in government and enterprise organisations need to wake up to the fact that bad actors can now access records from any device, anywhere, in real-time, and cautioned that more worrisome is the fact that IoT device makers oftentimes omit rigorous testing and support just so they can get products out to the market sooner.

    “They also frequently abandon development of software and security updates the moment products are released, leaving customers—both enterprise and consumers—with an ever-increasing number of unsecured devices in their environments,” Singh continued.

    But while IoT is proliferating in any enterprise, it is on production floors of industrial operations where industrial IoT (I-Iot) is rapidly becoming an integral part of the Operational Technology (OT) landscape,” said Rafael Maman, vice president of OT security at Sygnia.

    Rafael Maman

    He posits that it is this risk related to I-IoT that is not well articulated, resulting in low awareness.

    “These I-IoTs must be considered as part of the OT environment, both to work towards better cyber preparedness and resilience, and organisational awareness."

    Rafael Maman

    According to Srinivas Kumar, VP of IoT solutions at DigiCert, vulnerabilities in IoT extend beyond published exposures and exploits. He noted that the “closed” and “siloed” nature of OT/IoT ecosystems provide limited visibility through on-device logs or control through third-party intervention.

    Srinivas Kumar

    “OT/IoT devices are micromanaged by the original equipment manufacturers (OEMs) in production environments. This creates a blind spot for NOC/SOC supervision and mitigation. Application security by design and a security profile for device field operations are essential to qualify and certify IoT devices for compliance and achieve cyber resilience in connected systems.”

    Srinivas Kumar

    “A comprehensive approach to digital trust ensures that all access points and data are properly authenticated and encrypted, and that identity- and access-based attacks are given an extra layer of protection that can be enforced and monitored throughout the organisation,” said Kumar.

    Recommendations for creating sustained awareness around IoT security

    Sygnia’s Maman recommends considering IoT, specifically I-IoT, as an integral part of the OT environment, and managing the related risk landscape as part of the overall OT security framework.

    “And include it in all your cyber awareness campaigns and training programmes – again, as an integral part of your operational technology – and make sure to highlight the additional risk it introduces to your OT environment,” he pushed forth.

    Kumar adds that cybersecurity in multi-vendor and heterogeneous device ecosystems is a collaborative effort and requires OEMs, device operators, device owners, and regulators to set mandatory compliance standards and best practices for endpoint security on headless field devices.

    “The paradigm shift in OT/IoT ecosystems is to harden devices for protection throughout the active service life that may span 10-30 years,” concluded DigiCert’s Kumar.

    BlackBerry’s Singh believes that an effective way to drive greater awareness about IoT vulnerabilities is to inform employees about their responsibilities from day one – adapting cybersecurity processes and policies as part of the company’s onboarding is a good method to educate users.

    Shishir Singh

    “Besides regular and mandatory training programmes that all employees must undertake, conducting cybersecurity drills like simulated crisis management exercises can raise awareness, preparedness, and ultimately reduce the impacts of critical events.”

    Shishir Singh

    “Lastly, ensure that IoT security training is targeted and easy to consume. Sharing irrelevant and confusing details about the threats of IoT vulnerabilities can be counterproductive. Communications should be kept simple, concise, and easy to understand as not every employee is an IT expert,” concluded Singh.

    The post Creating cybersecurity awareness for IoT appeared first on FutureIoT.

    ]]>
    Global macroeconomic headwinds are reshaping security spending https://futureiot.tech/global-macroeconomic-headwinds-are-reshaping-security-spending/ Wed, 21 Sep 2022 01:00:00 +0000 https://futureiot.tech/?p=11422 Soaring interest rates, looming food and energy shortages, a devastating and needless war, and the changing nature of work are creating an especially challenging climate. ABI Research says these headwinds are pushing security higher on the enterprise priority list as organisations seek cost-effective and agile cryptographic applications to protect increasingly distributed and ephemeral corporate assets. […]

    The post Global macroeconomic headwinds are reshaping security spending appeared first on FutureIoT.

    ]]>
    Soaring interest rates, looming food and energy shortages, a devastating and needless war, and the changing nature of work are creating an especially challenging climate.

    ABI Research says these headwinds are pushing security higher on the enterprise priority list as organisations seek cost-effective and agile cryptographic applications to protect increasingly distributed and ephemeral corporate assets.

    In response, hardware security modules are changing rapidly to meet these new demands.

    Michela Menting

    “The Hardware Security Module (HSM) market was already on track for a shake-up, as new business models and new competitors vied to take advantage of emerging opportunities around enterprise digital transformation and cloud migration,” states Michela Menting, cybersecurity applications research director at ABI Research.

    She added that presently enterprises are tightening budgets amid worries about their business stemming from high inflation and a potential recession.

    “For HSM vendors, the market opportunity is clearly within the cloud, as enterprises will opt out of owning expensive HSMs in favour of Operational Expenditure (OPEX) service-based models,” she continued.

    Stuart Carlaw

    Stuart Carlaw, chief research officer, concludes, “We should heed one of the most important business lessons learned during 2020—that technology will not be a casualty of uncertainty, but rather a tool to overcome it.

    “Companies that embrace, invest in, and deploy technology wisely will undoubtedly emerge stronger and better prepared to handle the next spate of challenges on the horizon, no matter the weather.”

    Stuart Carlaw

    The post Global macroeconomic headwinds are reshaping security spending appeared first on FutureIoT.

    ]]>
    IoT security realities – worse than you think https://futureiot.tech/iot-security-realities-worse-than-you-think/ Thu, 15 Sep 2022 01:00:00 +0000 https://futureiot.tech/?p=11399 Juniper Research forecasts that IoT security spending will reach US$6 billion by 2023, with growing business risk and regulatory minimum standards that would serve as key spending drivers. Commissioned by Armis, The Forrester report, State of Enterprise IoT Security in North America, revealed that 74% of the respondents felt their security controls and practices were […]

    The post IoT security realities – worse than you think appeared first on FutureIoT.

    ]]>
    Juniper Research forecasts that IoT security spending will reach US$6 billion by 2023, with growing business risk and regulatory minimum standards that would serve as key spending drivers.

    Commissioned by Armis, The Forrester report, State of Enterprise IoT Security in North America, revealed that 74% of the respondents felt their security controls and practices were inadequate for managed, unmanaged assets across IT, cloud, IoT devices, medical devices (IoMT), operational technology (OT), industrial control systems (ICS), and 5G.

    Keith Walsh, OT security and operations director at Armis, says the trouble with many installations within organisations is that each department tends to go solo on management and risk containment.

    He cites the example of departments that may have managers over OT/ICS facilities, for instance: air conditioning, sanitation, telecommunications, and other functions. Server rooms and computers of all shapes and sizes may be managed by a separate IT department.

    Outside a typical office, a process plant in the oil and gas, petrochemicals, and chemicals industries, or a power plant (nuclear, other renewable, or fossil), will yet have different field operations and maintenance managers managing various safety and other controllers. The expertise demanded by these fields tends to be disparate and so it would be difficult to converge all such manageable assets into a single department or system.

    Keith Walsh

    “For unmanaged devices, which may include OT and IoT, these may yet be another hurdle for organisations, since they may never have been defined as a security hazard, until recent times when 5G/LTE and broadband have permeated throughout every facet of an organisation.”

    Keith Walsh

    “So, it is safe to say, we can imagine the typical organisation may not have a complete security profile for all managed and unmanaged devices. Asset visibility is the first step in developing a security framework. You can’t secure what you can’t see,” he added.

    As more devices in the homes connect to the internet, security and privacy concerns rise to new levels. The Palo Alto Networks’ The Connected Enterprise: IoT Security Report 2021 found that the problem has gotten worse with the rise of working from home. 81% of those who have IoT devices connected to their organisation’s network highlighted that the transition to remote working led to greater vulnerability from unsecured IoT devices.

    “The bottom line is that while organisations are adopting best practices and implementing measures to limit network access, digital transformation is disrupting not only the way we work but the way we secure our ways of working,” explains Alex Nehmy, CTO of Industry 4.0 strategy for Asia Pacific & Japan at Palo Alto Networks.

    He posits that safeguarding unmanaged and IoT devices continue to be an ongoing challenge. With most cyberattacks accessing corporate networks months before they are detected, ongoing monitoring and IoT device security should become a key focus area of a corporate IoT security strategy.

    The real and present danger

    The hacking events that we now remember including the Colonial Pipeline ransomware attack, meat packer JBS and the Triton malware attack against a Saudi petrochemical plant suggest that organisations will continue to be targeted as long as there are gains to be made.

    Nehmy warns that most of today’s IoT security solutions provide limited visibility by using manually updated databases of known devices, require single-purpose sensors, lack consistent prevention and do not help with policy creation.

    “They can only provide enforcement through integration, leaving cybersecurity teams to do the heavy lifting, blind to unknown devices, and hampering their efforts to scale operations, prioritise efforts or minimise risks,” he added.

    Walsh further warns that the mature security processes that were born out of IT are now colliding with OT, as industry 4.0 becomes more pervasive. IoT devices also tend to be simplistic and lack sophisticated patching and firewalling capabilities.

    “Looking ahead, Industry 5.0 is only going to increase the interaction between humans and machines to the point of necessitating real-world human safety protocols that go beyond current OT and IT security measures,” he continued.

    The IT-OT convergence – who’s the boss?

    Nehmy believes that the onus of IoT security rests on the shoulders of both operational technology (OT) and information technology (IT) teams and they need to work collaboratively to ensure IoT security is adequate.

    Having an IoT security system that provides a single pane of glass to give these teams a consistent level of visibility, monitoring and enforcement across both IT and OT environments, also helps bring these culturally diverse teams together, regardless of the systems they’re securing.

    When organisations have limited visibility of IoT and OT devices, it hampers their ability to begin securing them.

    Alex Nehmy

    “You can’t secure what you can’t see. One of the best practices for integrated IT and OT security involves conducting continuous monitoring and analysis."

    Alex Nehmy

    "The key focus should be on implementing a real-time monitoring solution that continuously analyses the behaviour of your entire network,” explained Nehmy.

    Additionally, IT and OT teams should work together to ensure the IoT attack surface is managed by enforcing segmentation between IoT devices, OT devices and business-critical IT systems.

    Strategy to secure IoT

    Asked to name one strategy to secure IoT, Armis’ Walsh suggests understanding and identifying the attack surface.

    “Once we do that, we can then properly patch, segment, and monitor transactions and interdependencies of those devices. Mitigating risk all starts with understanding and identifying the attack surface of our critical assets,” he added.

    IDC cautions that IoT can very easily become the weak link or entry point for attacks in any organisation, which is why IoT solutions need to be secure by design. Extending a zero trust framework to IoT deployments can enhance security and reduce risk, but it is an enterprise-wide strategy that requires a complete understanding of all IoT systems on the network.

    Nehmy concurs adding that implementing Zero Trust for IoT environments is the best approach for IT and OT personnel to devise an IoT security strategy that enforces policies for the least privileged access control.

    Building a business case for IoT security

    IoT and OT devices usually make up more than 30% of devices within corporate networks, 57% of which are also susceptible to cyberattacks, as they are built without security in mind and contain existing vulnerabilities.

    “The attack surface of IoT devices permeates across all environments of the enterprise. While organisations may not yet spend more in managing the security of all connected assets, the increasing attack surface needs to be addressed holistically,” warns Walsh.

    The attacks against Colonial Pipeline and JBS may have occurred in the US, but Deloitte believes that critical infrastructure operators in Asia Pacific are increasingly being targeted by cyber espionage and sophisticated attacks with the potential for severe disruption to essential services such as energy and water supply.

    As IoT use grows in importance to the daily operations of critical infrastructure, adequately securing IoT and OT devices becomes a compelling business case, posits Palo Alto Network’s Nehmy.

    He suggests that a comprehensive IoT business case should involve visibility of all IoT and OT devices, ongoing monitoring to detect security breaches, analysis of device risk and also the ability to protect and segment these devices. Ideally, this should be provided in a single security platform for the lowest total cost of ownership.

    He opines that the monetary, reputational, and physical security repercussions of an IoT-based cyberattack, make it imperative for organisations to invest in advanced security solutions.

    “Just as vaccinations keep us safe from COVID-19, investment in proactive prevention measures will place organisations in a better position to combat the IoT cybercrime pandemic,” he concludes.

    The post IoT security realities – worse than you think appeared first on FutureIoT.

    ]]>
    IoT software trends in 2023 https://futureiot.tech/iot-software-trends-in-2023/ Thu, 08 Sep 2022 01:00:00 +0000 https://futureiot.tech/?p=11353 Let’s start with the premise that the Internet of Things (IoT) are devices that are connected to the internet. One of the earliest examples of IoT was in the early 1980s and it involved a Coca-Cola machine that was located at Carnegie Mellon University. Programmers would connect through the Internet to the refrigerated appliance and […]

    The post IoT software trends in 2023 appeared first on FutureIoT.

    ]]>
    Let’s start with the premise that the Internet of Things (IoT) are devices that are connected to the internet.

    One of the earliest examples of IoT was in the early 1980s and it involved a Coca-Cola machine that was located at Carnegie Mellon University. Programmers would connect through the Internet to the refrigerated appliance and check to see if there was a cold drink available before making the trip to purchase one.

    Most discussions around the IoT will likely revolve around the hardware. This is understandable that most of the enterprise IoT technologies we’ve become familiar with are with simple devices that perform a few tasks. For example, monitor the temperature in a production line.

    But as advances in communications converge with business demands for doing things faster, better, more safely and cheaper, even technologies like IoT are evolving to include features that in some cases incorporate intelligence, manageability, and more recently, security.

    Joanne Wong

    This growing sophistication in the demand for IoT and expectations of what it can do means that IoT discussion is no longer limited to hardware design but must, by default, include software considerations.

    FutureIoT spoke to Joanne Wong, vice president for international markets at LogRhythm, for her take on how IoT software is evolving.

    What is IoT software?

    Joanne Wong: Anything from lamp posts and running shoes to fish tanks can now be connected to the Internet with the advent of inexpensive computer chips, sensors, and wireless networks, which enables them to collect and share data in real-time autonomously without human interference.

    IoT software connects the computer chips, sensors and networks in the broader system together. It plays a crucial role in the data collection and communication process, as well as the management of the IoT application and device itself.

    Photo by Francesco Ungaro: https://www.pexels.com/photo/photo-of-street-lamps-during-dawn-1671001/

    Take smart lamp posts for example. The Singapore government plans to roll out 110,000 lamp posts equipped with a network of wireless sensors and cameras that will help to detect and monitor changes in environmental conditions, and track vehicle speeds – beyond illuminating the streets.

    In this case, the IoT software controls the systems such that imagery and traffic data collected from the sensors and cameras are communicated to the central management system in the cloud, which is then turned into actionable insights.

    Looking back from pre-pandemic to this period (mid-August 2022), how have things changed when it comes to IoT software?

    Joanne Wong: The IoT software market has grown significantly over the past few years, in tandem with the accelerating adoption of IoT solutions and devices. While the sector was briefly affected during the pandemic due to a pause in technology spending for certain sectors, it has since regained much of its initial momentum. IDC predicts IoT spending in Asia Pacific to reach US$437 billion by 2025.

    Over the years, IoT solutions have become more powerful and efficient, thanks to advancements in Artificial Intelligence (AI), Machine Learning (ML), edge computing, automation and other emerging technologies. Machine learning algorithms, for example, can add predictive capabilities to IoT solutions.

    For example, sensors attached to machines in the manufacturing sector can monitor the performance of the equipment and predict when failures and breakdowns will happen. Having access to such information early on allows for the repair or replacement of faulty parts, to prevent wide-scale operational disruptions.

    Photo by ThisIsEngineering: https://www.pexels.com/photo/engineers-in-workshop-3862619/

    On the other hand, edge computing technology makes IoT devices with onboard analytics capabilities possible. This brings computing as close as possible to the source of data, reducing network latency and relieving network congestion, thus allowing for quick delivery of insights to the end user. On top of that, as personal data no longer needs to leave the individual domain, a lot of data privacy and security concerns with IoT can now be mitigated.

    IoT as a service (IoTaaS) offerings have also emerged as a new way for businesses to access IoT solutions. Vendors such as Microsoft are moving towards offering IoT platform management services, which allows businesses to leverage IoT software and infrastructure without having to invest heavily into building the network architecture hardware, purchasing expensive software, or hiring trained personnel to manage the process.

    In the period of accelerating digital transformation, which areas of IoT software have gained importance?

    Joanne Wong: IoT security has become crucial for organisations looking to successfully implement IoT solutions.  This is because digital transformation acceleration has led to an influx of devices coming online. With the exponential growth in the number of devices now connected to the internet, the attack surface has also gotten significantly larger.

    Opportunistic cybercriminals now have more entry points – from insecure connections, and legacy devices to weak digital links – to take control of these IoT devices to spread malware or gain direct access into the network to obtain critical data.

    For IoT devices, the risks are doubly high for two reasons. Firstly, IoT devices typically do not come with in-built security functions, which makes them an easy target for hackers. Secondly, IoT devices, especially those that are small or light, can be easily misplaced or stolen. Unauthorised users who have gained physical possession of the devices can easily access your network.

    This is also why cybersecurity is now a huge area of focus for IoT devices and software. On the other hand, failure to secure IoT ecosystems could lead to eroding trust in their potential across the organisation, as well as wasted investment costs. 

    More technology providers are now adopting the “security by design” approach to IoT hardware and software development, which looks at building security features right from the initial developmental stage.

    Cybersecurity platform vendors too are adding specific security features to IoT data collection and storage functions, to safeguard sensitive data flowing between the IoT device and network from unauthorised access.

    Which industry sectors in Asia are leading the charge in terms of IoT software adoption and development?

    Joanne Wong: With the worldwide pandemic over the past two years, organisations in healthcare are understandably one of the most active areas of IoT development. According to Data Bridge Market Research, the IoT APAC healthcare market is predicted to grow with a CAGR of 30.55% between 2022 to 2029. This applies broadly to the rise in telemedicine adoption and narrowing down to connected specialised equipment, all while accommodating to recent lifestyle changes.

    Medical professionals are now able to collect patient data and understand patient conditions, without the risk of large group interactions. Healthcare IoT equipment inherently addresses the areas of shortage in hospitals, where necessary patient care and attention are provided for those in dire need. Additionally, it accelerates and improves access to healthcare services, especially reaching remote areas, beyond the pandemic.

    Photo by ThisIsEngineering: https://www.pexels.com/photo/engineer-fitting-prosthetic-arm-3912992/

    Supply chain management is another sector thriving from IoT adoption. Frost & Sullivan highlighted that almost 21% of logistics companies in Asia currently leverage IoT for their fleet management solutions and this number is only set to increase in the next few years.

    Industrial IoT has been the driver for parallel growth in smart manufacturing which includes factory automation, GPS shipment tracking and machine-to-people communications. The ease of data collection and real-time data encourages calculated risk-taking, allowing organisations to maximise opportunities for growth and revenue — more data, and more cost savings. For instance, better forecasting of demand, ship and fleet tracking and better risk management.

    What needs to happen for organisations in Asia for us to see greater integration of IoT software in industrial settings?

    Joanne Wong: With new manufacturing and smart city initiatives underway, there are numerous opportunities for greater integration of IoT software and the development of horizontal capabilities across industrial settings. This includes predictive maintenance and connected operational intelligence in manufacturing, as well as security and surveillance for smart cities.

    However, closing the gaps in IoT security will be key to maximising the potential of IoT across industries and areas of operation. With more devices now connected to the internet, greater interconnection can pose higher cybersecurity risks for these industries.

    It is more important than ever that organisations maintain clear oversight across their entire digital supply chain, including their IoT endpoints, to ensure that there is constant monitoring and surveillance for potential threats.

    Companies should seek to redefine security ownership within the organisation to improve the management of IoT devices. Currently, IoT security falls under both the security and operations function - which may lead to confusion on whose responsibility it falls under.

    At the same time, companies should also ensure that the adoption of security solutions is also compatible with the business needs — adapting to network changes, and automatically detecting, predicting, and responding to real-time threats.

    The post IoT software trends in 2023 appeared first on FutureIoT.

    ]]>
    The IoT horizon for Asia’s manufacturers beyond 2022 https://futureiot.tech/the-iot-horizon-for-asias-manufacturers-beyond-2022/ Wed, 07 Sep 2022 08:11:55 +0000 https://futureiot.tech/?p=11347 The Internet of Things (IoT) has been around for years but only in the recent decade has its prominence moved up the awareness chain following two significant events: development around smart solutions supported by sensors, devices and technologies that form part of the IoT ecosystem. The second, and arguably more dramatic, are the nearly persistent […]

    The post The IoT horizon for Asia’s manufacturers beyond 2022 appeared first on FutureIoT.

    ]]>
    The Internet of Things (IoT) has been around for years but only in the recent decade has its prominence moved up the awareness chain following two significant events: development around smart solutions supported by sensors, devices and technologies that form part of the IoT ecosystem.

    The second, and arguably more dramatic, are the nearly persistent cyberattacks against private businesses and the continued operation of critical infrastructure. Nearly all industries are unable to escape unscathed from these attacks.

    IoT adoption in manufacturing

    Specific to Asia’s manufacturing sector, IDC is projecting continued growth in the integration of IoT technologies into the region’s manufacturing sector.

    IDC estimates that in 2020, US$83.4 billion was spent on IoT technology by manufacturers in Asia/Pacific (excluding Japan) with discrete manufacturing accounting for 60% of spend. Process manufacturing spent more than US$33 billion in the same year.

    By 2025, IDC expects discrete manufacturers will send US$88.7 billion compared to US$51.9 billion among process manufacturers. The analyst says manufacturers can profit greatly from retrofitting smart sensors to old equipment because of the insights they can obtain about their equipment

    FutureIoT touched base with Piyush Singh, senior market Analyst for IoT Insights, IDC Asia/Pacific to discuss how IoT is trending within the manufacturing sectors of Asia.

    Manufacturers, whether in process or discrete, have used instrumentations to get feedback and provide some control over the production line. How can a manufacturer introduce IoT technology without disrupting the production line?

    Piyush Singh: Industrial IoT uses a network of sensors to gather crucial production data, and cloud software to transform this data into insightful knowledge about how well industrial activities are run. The primary use case for expenditure was operations, followed by production asset management, maintenance, and field service.

    APEJ IoT spending in the manufacturing sector, 2022-2025 (US$M)
    Source: IDC Manufacturing Insights

    Most of the manufacturers start with pilot testing by upgrading the existing legacy machines with the implementation of various hardware products. Additionally, it is true that replacing a plant entails a lengthy period of machine downtime.

    In terms of time, this is frequently unsustainable. In this regard, a refit operation evaluation would be helpful. The most difficult barrier to a retrofitting effort is that a legacy system has machine tools from many manufacturing eras with various connection protocols.

    Process control must be carried out manually by monitoring, sensing, estimating, and modifying the machine parameters due to the lack of sensors and actuators.

    Piyush Singh

    "Usually, in Asia, the retrofitting is completed in a phased manner wherein one production line is taken for the upgradation to avoid unnecessary downtime in production. Once the transformation of machines is completed in one production line, later the retrofitting of other machines will be considered."

    Piyush Singh
    Specific to manufacturers in Asia, do you see information security including cyber security, as a priority over production? How has the perception/acceptance/attitude towards security changed over the last five years?

    Piyush Singh: The fourth industrial revolution, often known as Industry 4.0, is the logical outcome of the third revolution and is primarily focused on two key elements: the Internet of Things and Services (IoT) and Cyber-Physical Systems (CPS).

    In Asia, retrofitting is not only the key concept of factory automation. Cyber security, data security, and enhanced data privacy are all covered under one umbrella called industry 4.0.

    With the growing demand for IoT in various sectors, the demand for robust cyber security is also the need of the hour. Spending on security solutions and services in Asia/Pacific is forecasted to exceed $31 billion in 2022, an increase of 15.5% from 2021 in which almost $2 billion in security spending would be under the discrete manufacturing section, according to IDC's latest Worldwide Security Spending Guide.

    Despite headwinds such as looming global recession, geopolitical conflicts, and rising inflation, investments in hardware, software, and services related to cybersecurity are expected to reach US$ 57.6 billion in 2026, with a CAGR (compound annual growth rate) of 16.4% for the period of 2021-26.

    China will continue to be the region's largest market, accounting for more than 40% of total Asia/Pacific* security spending in 2022, with a five-year CAGR of 21.2% during the forecast period. This clearly showcases that the demand for security infrastructure is increasing in the Asia Pacific manufacturing sector.

    If you think of IoT integration in the manufacturing process as a timeline, what IoT technologies do you see being deployed over time and what other technologies do you anticipate will follow because of IoT?

    Piyush Singh: Most of the downtime and accidents are caused by the wear and tear of machines in many manufacturing plants. By virtualizing the plant and averting high-risk operator occurrences, the retrofitting goal is to ensure predictive maintenance applications.

    Remote monitoring and management system, digital connectivity, cloud storage and robotic process control are some of the IoT retrofitting trends seen in manufacturing processes. 

    To identify and detect upcoming errors, Deep Learning algorithms and Digital Twin (DT) approaches is something which is being used and have the tendency to grow exponentially in future. Artificial neural networks (ANN) for detecting the tool wear in a CNC machine after retrofitting is a concept which is in great demand in many production plants.

    The post The IoT horizon for Asia’s manufacturers beyond 2022 appeared first on FutureIoT.

    ]]>
    New sensing tech to make smart buildings adaptive to the new normal https://futureiot.tech/new-sensing-tech-to-make-smart-buildings-adaptive-to-the-new-normal/ Mon, 29 Aug 2022 01:00:00 +0000 https://futureiot.tech/?p=11304 The impact and lasting effects of the global COVID-19 pandemic are placing new pressure on commercial building management systems, driving new demand and potential for sensor technologies. A slew of new sensing technologies and multi-function smart sensing devices are gaining traction and providing a path to smart sensing that will enable smart commercial buildings to […]

    The post New sensing tech to make smart buildings adaptive to the new normal appeared first on FutureIoT.

    ]]>
    The impact and lasting effects of the global COVID-19 pandemic are placing new pressure on commercial building management systems, driving new demand and potential for sensor technologies.

    A slew of new sensing technologies and multi-function smart sensing devices are gaining traction and providing a path to smart sensing that will enable smart commercial buildings to best adapt to the changing demands from smart commercial building owners and tenants alike. 

    ABI Research forecasts sensor shipments will grow from 18.5 million devices to surpass 300 million by 2030, a CAGR of 35%.

    Enhancing the management of buildings

    In the effort to facilitate a move back to the office, an array of competing approaches, technologies, and devices are vying to bring new levels of monitoring and control to building environments in a market where building owners, operators, and tenants are incentivized to make buildings more appealing.

    Jonathan Collins

    “Traditionally, sensing in the commercial building sensing market has been tied to establish systems, such as heating, ventilation, and air conditioning (HVAC), fire and safety, and access control, but a range of additional environmental sensing technologies, sensors, and devices are coming to market at a time of great upheaval in the commercial building market,” says Jonathan Collins, smart home & buildings research director at ABI Research.

    Concerns over occupant safety, environmental impact efficiencies as well as more flexible space utilization are necessitating greater real-time building management intelligence. Increasingly valuable applications such as occupancy sensing can be supported by a host of sensing approaches, including microphones, cameras, motion sensors, pressure sensors, and even radar.  All deliver real-time insight into building usage, but sensor deployment can be selected related to the efficacy, cost, and end-user comfort. In addition, there are competing sensor technologies within each of those approaches, again with their own strengths and weaknesses.

    While sensor players such as Bosch Sensortec and TDK Invensense target multiple markets with their offerings, more specialist players such as photonic product vendor Lumentum and AI intelligence player Ambarella have partnered to support the commercial building ToF sensing market. At the same time, emerging integrators such as Mindshare are leveraging feedback sensors into commercial building systems from players such as Skiply.

    “As occupancy sensing, or air quality, or energy management, space utilization, and preventative maintenance push further into commercial building operations, systems integrators, building management providers, and sensor and device developers along with manufacturers will have to ensure they select and integrate the best technologies for as many applications as possible,” Collins concluded.

    The post New sensing tech to make smart buildings adaptive to the new normal appeared first on FutureIoT.

    ]]>
    Connected devices fuel data-driven efficiency https://futureiot.tech/connected-devices-fuel-data-driven-efficiency/ Mon, 22 Aug 2022 01:00:00 +0000 https://futureiot.tech/?p=11255 Digital transformation is happening across the energy sector at a rapid pace. While accelerated digital adoption can be attributed to the pandemic, Singapore had the foresight to outline the digitalisation of the industry in 2017. This was done through the Ministry of Trade and Industry’s (MTI) Committee on Future Economy report, charting the transformation of […]

    The post Connected devices fuel data-driven efficiency appeared first on FutureIoT.

    ]]>
    Digital transformation is happening across the energy sector at a rapid pace. While accelerated digital adoption can be attributed to the pandemic, Singapore had the foresight to outline the digitalisation of the industry in 2017.

    This was done through the Ministry of Trade and Industry’s (MTI) Committee on Future Economy report, charting the transformation of the manufacturing industry into Industry 4.0.

    In basic terms, Industry 4.0 refers to the use of digital technologies to support automation in the manufacturing sector, delivering value to every stage of the production process. It is impacting almost every aspect of how companies do business, especially when it comes to repairing and maintaining their machines.

    Historically, businesses depend on taking a preventative approach to machine maintenance. However, downtime is too costly in an industry where the product (energy) is expected to be provided reliably and consistently.

    One of the ways the energy sector can benefit from digital transformation and modernisation is by utilising intelligent, connected technologies that work behind the scenes, gathering and analysing data 24 hours a day.

    Why adopt IoT

    Here are three main reasons to adopt the Internet of Things (IoT) – Firstly, remotely collecting data allows energy businesses to operate remote services more effectively to, for example, improve efficiency or safety. Secondly, connecting devices helps shorten feedback loops.

    For example, the data can deliver real-time insights into how customers use products or services. These insights provide a window of opportunity for fine-tuning them during the engineering and design stages.

    Finally, when companies are proactive in machine maintenance, they can spot potential risks before they become high-cost problems. Businesses appear to be seeing the value in that, with estimates predicting the total number of connected devices to reach some 64 billion by the middle of this decade.

    According to a recent IDC report, spending on IoT technologies in Asia-Pacific (excluding Japan) would reach beyond US$400 billion by the year 2026. IoT use cases that see the highest spending in 2022 include manufacturing operations and production asset management.

    At the same time, Singapore’s steadfast investment in such technologies looks to grow the value of industries utilising such tech. Of the SGD3.8 billion committed to the ICT sector here, 70% will go into application building and upgrading.

    With the value of projects adopting emerging technologies such as machine learning, sensors and IoT looking set to more than double from well under a billion Singaporean dollars on-year to $2 billion this year, unlocking the potential of Industry 4.0 will require Singaporean businesses to harness solutions that enable them to gain full value from these emerging technologies.

    Replacing old-school preventative maintenance

    Today, instead of more traditional ways, a company can use IoT-based, data-driven insights for preventative maintenance.

    For example, a solar energy company tasked with installing solar panels for the Housing Development Board (HDB) under the SolarNova programme, which provides solar energy to over 8000 housing blocks in Singapore. Systems downtime due to hardware failure would not only negatively impact consumers, but also regulatory fines and reputational damage to the government.

    With remote access capabilities provided through IoT-based data collection and artificial intelligence (AI) analysis, a business can observe when machines need attention based on real-time insights into vibrations, light density, temperature, and more.

    What’s more, since IoT-based systems are constantly collecting data, processes get smarter over time. As a company assesses the machines’ data flow and executes repairs based on the data, the system will learn through (AI) to make even more accurate predictions.

    Secure connected devices against cyber attackers

    With the rise of supply chain attacks against manufacturing organisations, organisations must also consider the security risks and manage them through proper IoT device security measures and protocols.

    Ways to enhance IoT security include ensuring equipment manufacturers follow good security practices. Organisations also need to layer security controls for a defence-in-depth approach to protect critical technology such as through patching, vulnerability testing, penetration testing, and network isolation to ensure that these connected devices are secured.

    Onward together

    Modernisation, automation, and data management are transforming today’s energy sector. With a steady flow of data from machines, one can achieve business outcomes based on strategic insights, which empowers organisations to save on labour costs and avoid expenses associated with premature machinery replacement.

    For organisations in Asia seeking to utilise ground-breaking technologies, seeking out data modernisation teams with deep technical and business process expertise should be a priority. This would help them learn to design and build data architectures fit for accelerating innovation and realising value faster, not just in productivity but in sustainability as well.

    The post Connected devices fuel data-driven efficiency appeared first on FutureIoT.

    ]]>
    Securing the smart devices across APAC’s cloud platforms https://futureiot.tech/securing-the-smart-devices-across-apacs-cloud-platforms/ Fri, 19 Aug 2022 01:00:00 +0000 https://futureiot.tech/?p=11245 Enter 2022 and the ‘everything connected’ concept has all but taken centre stage. From treadmills, and lightbulbs to pet feeders and more, interoperability and interactivity between our everyday devices have become the new norm! At the same time, these non-commercial connected devices are creating more risk for the Enterprise than ever before. To add to […]

    The post Securing the smart devices across APAC’s cloud platforms appeared first on FutureIoT.

    ]]>
    Enter 2022 and the ‘everything connected’ concept has all but taken centre stage. From treadmills, and lightbulbs to pet feeders and more, interoperability and interactivity between our everyday devices have become the new norm! At the same time, these non-commercial connected devices are creating more risk for the Enterprise than ever before.

    To add to the magnitude of the problem, the Asia Pacific region’s expenditure on IoT is anticipated to grow, reaching US$437 billion by 2025. This signifies that governments and private organisations will continue to leverage IoT technologies at an accelerated pace, as the push for digitisation sustains momentum in the post-pandemic world.

    Source: IDC

    IoT technologies and devices are the backbones of any digital transformation process. They play a key role in driving automation, monitoring, and controlling the technology in smart buildings, ensuring a safe and seamless transition to a digitally enabled future.

    However, many smart devices are not designed with security in mind or may have vulnerabilities from the source code used within the manufacturer's supply chain, of which users are unaware.

    These security vulnerabilities combined with the rapid proliferation of IoT devices mean there’s an urgent need for organisations to think about the security of the devices on their networks.

    As companies further invest in digital transformation, they need to pay an equal amount of attention to the security of the devices and technologies they use in their everyday operations.

    So, what are the security concerns surrounding IoT devices, and what can we do about them?

    Security limitations in IoT devices

    Alarmingly, visibility into threats from IoT devices is often dependent on manually updated databases of known devices.

    For instance, certain IoT devices do not have sufficient storage or processing power to support logging or cryptographic abilities that protect sensitive information from being processed, making them vulnerable. As a result, businesses cannot accurately identify and protect against the risk posed by unknown and unmanaged IoT devices.

    In fact, such risks have increased with work-from-home arrangements. Our IoT Security Report 2021 found that 81% of respondents in Singapore who have IoT devices connected to their organisation’s network, saw an increase in non-business IoT devices on their corporate networks. Some of these devices include home devices, medical wearables and even game consoles. 

    The hardware limitations to security controls in IoT devices, coupled with the rise of remote work, are some of the key factors causing regulators to turn their attention toward securing IoT devices across the region.   

    Regulators set the tone

    In response to the growth of IoT technologies in the Asia Pacific region, regulators have developed IoT security regulations and standards for organisations and users.

    In Singapore, the government has been proactively addressing this need, through initiatives such as the Cybersecurity Labelling Scheme and the National Integrated Centre for Evaluation (NiCE) to protect consumers and businesses from malicious actors and to further research and be educated about IoT cybersecurity.

    It has also established standards and published practical guidelines for IoT security (TR 64: 2018: “Guidelines for IoT security for smart nation” and Internet of Things (IoT) Cyber Security Guide). These guidelines are intended to serve as a blueprint for enterprise users and vendors to secure IoT devices.

    Some of the key security measures outlined in the IoT Cyber Security guide include:

    Complying with local market regulations, on the Cloud

    Digital transformation is fuelling IoT adoption in the Asia Pacific region and making organisations increasingly reliant on these devices for critical business operations.

    At the same time, companies also must manage a growing set of local regulations on the usage and management of IoT devices and data. Government policies may dictate how data can be collected and retained and may even restrict the transfer of data across borders to prevent citizen data from being exploited.

    It is common today to see businesses use a multitude of cloud services that host their data in different locations around the world. As such, regional companies that are reliant on cloud services to deliver services and enable remote work will find it challenging to comply with different local regulations.

    Instead of using local servers to store data for every market, companies can use a cloud hosting solution in their market of choice to ensure that they can still take advantage of the cloud while staying compliant with local data regulations. Cloud hosting solutions that are built with security and regulatory best practices in mind will also allow businesses to meet both their data residency preferences while protecting their enterprise network. 

    Businesses need to be proactive too

    Photo by ThisIsEngineering: https://www.pexels.com/photo/person-holding-black-tablet-3912956/

    Aside from complying with regulatory standards, organisations must take the necessary precaution to proactively secure their networks in this digital economy as well.

    A prerequisite to effectively applying these security measures is visibility into and an understanding of the identity and behaviour of all network-connected devices.

    A zero-trust approach to network-level IoT security - where enterprises have full visibility of IoT devices, practice continuous device and risk monitoring, and develop security policies with enforcement actions to prevent cyberattacks from happening - is needed to ensure organisations can better eliminate critical security blind spots.

    Organisations can also take preventive measures a step further by deploying Machine Learning (ML) technologies to automate device identification, proactively detect malicious deviations, and automatically prevent attacks. As adversaries get more advanced, organisations can leverage ML capabilities to help them always stay vigilant.  

    IoT security is everyone’s responsibility

    Both governments and businesses play an integral role in maintaining IoT security. The ubiquity of IoT devices will only mean that the applications of such devices will continue to grow across all industries, and it is everyone’s responsibility to protect themselves and the organisation from cyber adversaries:

    • Regulators lay the groundwork for cybersecurity regulations and standards that can be applied at scale
    • A cloud hosting solution with built-in security controls helps organisations meet data residency preferences while enjoying the benefits of the cloud
    • Organisations need to proactively enforce a Zero Trust approach to eliminate IoT device blind spots and deploy ML technologies to automatically prevent attacks

    The post Securing the smart devices across APAC’s cloud platforms appeared first on FutureIoT.

    ]]>
    Increased data access opens wide medical device security vulnerabilities https://futureiot.tech/increased-data-access-opens-wide-medical-device-security-vulnerabilities/ Tue, 16 Aug 2022 09:08:56 +0000 https://futureiot.tech/?p=11231 The latest GlobalData report, ‘Cybersecurity in Healthcare – Thematic Research’ reveals that increased data access means there are more opportunities for security vulnerabilities in the medical device sector. Medical analyst at GlobalData, Ashley Clarke says the healthcare, pharma, and medical device sectors are particularly susceptible to cyberattacks. “Medical history cannot be changed, unlike identification and […]

    The post Increased data access opens wide medical device security vulnerabilities appeared first on FutureIoT.

    ]]>
    The latest GlobalData report, ‘Cybersecurity in Healthcare – Thematic Research’ reveals that increased data access means there are more opportunities for security vulnerabilities in the medical device sector.

    Medical analyst at GlobalData, Ashley Clarke says the healthcare, pharma, and medical device sectors are particularly susceptible to cyberattacks.

    “Medical history cannot be changed, unlike identification and credit card information, making it invaluable to hackers and resulting in high costs for healthcare data breaches,” he added.

    A growing concern

    Medical devices have become increasingly connected as remote medicine soared during the COVID-19 pandemic. Many companies now struggle to accommodate provider, patient, and third-party access to sensitive patient information while ensuring security.

    Clarke says hackers can use healthcare information to create fake insurance claims, buy and sell medical equipment, or acquire illegal prescription medications.

    “They can also target victims with fraudulent schemes related to their medical history, which are more believable than financial or legal scams due to the intimate nature of health information,” he added.

    Lessons from the US

    According to reports of breaches affecting 500 individuals or more by the U.S. Department of Health and Human Services (HHS) Office of Civil Rights, over 41 million individuals in the US were affected by healthcare data breaches in 2021.

    Cases affecting more than 22.5 million individuals in the US are currently under investigation this year, which is a 4.6% increase compared to the same time last year.

    Devices like insulin pumps, heart pacemakers, inhalers, and wearables track patient data in real-time and even transmit to the user’s phone, making the data immediately accessible to both the patient and their doctor.

    This increased data access has made the medical device sector more vulnerable.

    This change in technology means that medical device companies and their business associates are now responsible for increasingly large amounts of sensitive electronic patient data and have been prey to significant data breaches in recent years,” said Clarke.

    Without securing all components of the cybersecurity value chain, medical device companies will remain a primary target for hackers.

    Clarke adds: “It’s crucial for companies to invest in a variety of technologies such as chip-based security, network security, and cloud security, at every stage of the product development to ensure patient information is safeguarded. Older legacy devices may be unable to receive security patches, but new devices should have a security update plan in place for their entire device lifecycle.”

    Lessons from the UK

    In the UK, the National Health Service (NHS) has been on high alert for cyberattacks following the 2017 WannaCry ransomware attack that disrupted 1% of all NHS care over a one-week period.

    More recently it was again the victim of another attack albeit indirectly via the software company Advanced. Disrupted were NHS’ emergency services (111). Advanced currently has 36 NHS clients, while its Adastra software works with most NHS 111 services.  

    Dean Sabri, principal analyst for health and social care at GlobalData, says investment in security software and infrastructure across UK healthcare organisations increased by 53% in real terms between 2016 and 2021.

    “A cyber-attack on a large healthcare software supplier such as Advanced suggests that NHS organizations could be effectively wasting as much as £62 million if they do not require tighter security measures from suppliers in future procurements,” he concluded.

    The post Increased data access opens wide medical device security vulnerabilities appeared first on FutureIoT.

    ]]>
    Two security flaws found in FileWave MDM https://futureiot.tech/two-security-flaws-found-in-filewave-mdm/ Wed, 27 Jul 2022 02:00:00 +0000 https://futureiot.tech/?p=11200 An attacker who is able to compromise the MDM would be in a powerful position to control all managed devices, allowing the attacker to exfiltrate sensitive data.

    The post Two security flaws found in FileWave MDM appeared first on FutureIoT.

    ]]>
    Researchers from Claroty revealed last Monday two security flaws found in FileWave’s mobile device management (MDM) system, impacting at least 1,100 organisations such as  government agencies, education, and large enterprises.

    FileWave MDM is a multi-platform mobile device management solution that allows IT administrators to manage, monitor, and view all of an organisation’s devices. Currently, FileWave MDM supports a wide range of devices, from iOS and Android smartphones, MacOS and Windows tablets, laptops and workstations, and smart devices such as televisions.

    Through FileWave MDM, IT administrators can view and manage device configurations, locations, security settings, and other device data. They may use the MDM platform to push mandatory software and updates to devices, change device settings, lock, and, when necessary, remotely wipe devices. In order to do so, all managed devices report to the main server at set intervals, and in return, the server can issue commands to the device via file packages, software, and more.

    FileWave has developed a patch to fix the vulnerabilities in a recent update and has reached out to affected customers.

    At risks of remote attacks

    The security flaws in FileWave MDM, discovered by Claroty’s research arm Team82, allow full offsite control of the MDM platform and the devices that it manages.

    “An attacker who is able to compromise the MDM would be in a powerful position to control all managed devices, allowing the attacker to exfiltrate sensitive data such as a device’s serial number, the user’s email address and full name, address, geo-location coordinates, IP address, device PIN codes, and much more,” said Noam Moshe, vulnerability researcher at Claroty, in a blog posted last Monday.

    “Attackers could abuse legitimate MDM capabilities to install malicious packages or executables, and even gain access to the device directly through remote control protocols,” he added.

    The first vulnerability identified as CVE-2022-34907 is  an authentication bypass that enables total control of internet-exposed MDM instances before proceeding to compromise other FileWave using devices to facilitate data exfiltration and malware delivery.

    “This exploit, if used maliciously, could allow remote attackers to easily attack and infect all internet-accessible instances managed by the FileWave MDM, below, allowing attackers to control all managed devices, gaining access to users’ personal home networks, organisations’ internal networks, and much more,” said Moshe.

    The other vulnerability, CVE-2022-34906, exits again within FileWave MDM and was a hard-coded cryptographic key.

    The post Two security flaws found in FileWave MDM appeared first on FutureIoT.

    ]]>
    Explosive growth seen for APAC’s ESG and smart city startups https://futureiot.tech/explosive-growth-seen-for-apacs-esg-and-smart-city-startups/ Tue, 19 Jul 2022 01:30:00 +0000 https://futureiot.tech/?p=11136 The “Emerging Giants in Asia Pacific” report looks into the region’s maturing technology-focused ecosystems that are producing billion-dollar companies at a rapid rate.

    The post Explosive growth seen for APAC’s ESG and smart city startups appeared first on FutureIoT.

    ]]>
    Growing pressure for an ESG focus in business and investment to meet climate targets will likely drive an explosive demand for green technologies and services across every industry, according to a recent report released yesterday by KPMG and HSBC.

    This is one of the key takeaways from the “Emerging Giants in Asia Pacific” report, which looks into the region’s maturing technology-focused ecosystems that are producing billion-dollar companies at a rapid rate.

    Image by Mees Groothuis from Pixabay

    "Fast-growing technology start-ups are the new wave of SMEs contributing towards economic growth and more. Looking ahead, the global push towards carbon-neutrality will be a major driver of innovation as traditional sectors go green, and Emerging Giants will likely play a key role in developing the technologies that can reduce carbon emissions and promote more responsible stewardship of the environment. Asia will be a crucial battleground in the fight for a more sustainable future," said Honson To, chairman, KPMG Asia Pacific and KPMG China.

    Close to over 6,500 technology startups with a valuation of up to US$500 million were studied across 12 markets, including China, India, Japan, Singapore, South Korea, Australia,  Indonesia, Hong Kong, Malaysia, Taiwan, Thailand and Vietnam.

    According to the report, the emergence of new sector verticals is attracting record-breaking investments, leading to a proliferation of larger, more valuable startups in the region.

    Beyond Fintech and SaaS

    Beyond the traditional sectors associated with new economy businesses such as FinTech or software-as-a-service, the report identified around 120 technology-related industry subsectors among these businesses, with blockchain, smart city, and sustainability and ESG verticals being the most prominent.

    Sustainability and ESG verticals such as EV charging infrastructure, sustainable packaging and sustainable fashion are among the top 20 subsectors, making sustainability-related products and services a key focus for roughly 15% of the emerging giants identified.

    The top 20 list also included four health-associated verticals, including assistive tech, AI-powered drug discovery, neurotechnology and mental health technology.

    Image by Tumisu from Pixabay

    Meanwhile, the smart city-associated areas, such as IoT security and digital twins were present in the leading 10 subsectors. Virtual collaboration technologies also feature prominently with two categories – virtual events and low-code/no-code – making the top 20 list.

    Advanced computing technologies were also well represented, with quantum computing making the top 5 and cognitive computing making the top 20.

    "Emerging Giants in Asia Pacific excites us because we see the start-up ecosystem as complimentary to the established end of the financial services industry: they're a source of innovation, and invigorate both local and regional economies with their dynamism," says Surendra Rosha, co-chief executive, HSBC Asia-Pacific.

    Other key findings

    Daren Yong, head of technology for media and telecommunications, KPMG Asia Pacific, noted that the region’s emerging giants are bold, ambitious and cutting-edge in the new platform and software applications they are offering.

    “Most importantly, they are transforming and pioneering the technology landscape over the coming years, in addition to thinking about what is useful to their customers now," said Yong.

    Meanwhile, below are other key findings from the report.

    • While a repeat of the record-breaking private investment levels in 2021 is unlikely, 1Q 2022 figures suggest that 2022 is on target to exceed both 2020 and 2019 funding levels in the Asia Pacific. Australia, Malaysia and South Korea have already seen deal values pass or nearly pass 2020 totals.
    • As the world's biggest fintech adopter, the Asia Pacific region has experienced a boom in financial services transformation within the last two years as fintech applications progress in tandem with user uptake. Considerable interest in cryptocurrencies has also led to a surge in crypto financial services providers and blockchain players.
    • Top challenges faced by Emerging Giants include navigating regulatory complexity and securing technology talent. Formulating effective ESG and tax strategies, as well as leveraging government incentives and implementing management processes for distributed workforces, will be cornerstones of future growth.

    The post Explosive growth seen for APAC’s ESG and smart city startups appeared first on FutureIoT.

    ]]>
    Four APAC cities rank in top 10 of Digital Cities Index 2022 https://futureiot.tech/four-apac-cities-rank-in-top-10-of-digital-cities-index-2022/ Tue, 28 Jun 2022 03:00:00 +0000 https://futureiot.tech/?p=11051 In Asia, apps were central to managing covid-19, while telemedicine and real time remote monitoring of chronic patients has marked digitisation everywhere.

    The post Four APAC cities rank in top 10 of Digital Cities Index 2022 appeared first on FutureIoT.

    ]]>
    Beijing, Seoul, Singapore and Sydney made it to the top 10 of the recently released Digital Cities Index 2022, which ranked 30 global cities across four thematic pillars: connectivity, services, culture and sustainability.

    The four Asia Pacific cities are joined on top of the list by Copenhagen, Amsterdam, London and Paris in Europe and New York and Washington DC in the United States.

    The index was produced by Economist Impact and supported by NEC.

    According to Ritu Bhandari, manager for policy and insights at Economist Impact, smart cities will be safer, cleaner and more inclusive urban landscapes, where citizens enjoy better public health and services, more efficient transport and major economic improvements to be shared as public goods.

    “The index highlights how outlier cities are leveraging technology to improve quality of life for millions of citizens around the world. While we see strong leadership from cities in Western Europe, the table is led by major cities from a wide geographical spread. The most significant improvements were delivered against tightly defined goals – a critical success factor for urban digital transformation,” said Bhandari.

    A peek at the top performers

    Copenhagen, Amsterdam, Beijing, London and Seoul performed the best, with successful open data projects and major strides in smart technology-powered sustainability projects like utility management.

    Cities with very defined goals realised the greatest benefits: European cities ran highly impactful traffic management systems, while Beijing made progress using applied digital technologies - tackling air pollution, optimising its utilities and promoting its sharing economy. The Atlantic nation cities led in open data innovation with a boom in travel and mobility apps.

    Sustainability was the biggest impact area highlighted by the White Paper, with leading smart cities realising major gains in air quality through smart utility management. Sustainability brought the highest overall scores, with Copenhagen, Seoul and Toronto scoring highest for their use of digital technology to support urban sustainability.

    Copenhagen and Singapore were the most connected cities, followed by Zurich, Beijing and Sydney. Singapore’s strategy for developing digital connectivity is built on the premise that AI, 5G and cyber security will drive the country’s growth and innovation post-covid. Smart cities are anticipated to drive economic growth: 5G alone will enable an estimated US$660 billion global mobility and transportation market by 2035.

    Internet services impact smart city goals

    According to the index, unaffordable, unreliable or inaccessible internet services impact other city level goal, with half-a-million households reportedly lack a reliable internet connection in New York City, for instance, disadvantaging low-income children for remote learning.

    By contrast, Washington DC has offered low-cost or free services and devices to families unable to afford a broadband subscription and Paris has the most affordable mobile data of all the cities analysed.

    Digital technologies enable progress in public health

    Since the pandemic, digital technologies have enabled real progress in public health. In Asia, apps were central to managing COVID-19, while telemedicine and real-time remote monitoring of chronic patients has marked digitisation everywhere. In New York, for instance, a diabetes-prevention initiative for adults has reduced the risk of type 2 diabetes in high-risk individuals by 58%.

    Singapore, São Paulo and New Delhi ranked the highest for their delivery of digital municipal services. New Delhi ranks high in part because of the success of Aadhar, India’s ground-breaking national digital identity scheme. In Korea, Metaverse Seoul, announced in November 2021 by the Seoul Metropolitan Government, will provide citizens with access to government services via the metaverse.

    The index also noted that involving citizens in the design of smart city schemes underpins meaningful inclusion, a critical success factor for smart city projects, along with delivery against tightly defined goals.

    The post Four APAC cities rank in top 10 of Digital Cities Index 2022 appeared first on FutureIoT.

    ]]>
    Consistent network operations crucial to smart MFG in APAC https://futureiot.tech/consistent-network-operations-crucial-to-smart-mfg-in-apac/ Fri, 24 Jun 2022 02:00:00 +0000 https://futureiot.tech/?p=11025 High-tech manufacturers are increasingly aligning their technology investments to secure and optimise operations while addressing data privacy and security concerns even as they build greater resilience in the long-term.

    The post Consistent network operations crucial to smart MFG in APAC appeared first on FutureIoT.

    ]]>
    Companies in the Asia Pacific are increasingly seeing the importance of enabling consistent network operations and remote monitoring, with 66% of respondents in a recent poll underlining its crucial role in optimising smart high-tech manufacturing operations.

    According to Mark Verbloot, senior director of  product, solutions and systems engineering for Asia Pacific Region at Aruba Networks, the turbulence in manufacturing and the supply chain seen in the last two years have underscored the need for manufacturers to accelerate their transition from “mass production and economies of scale to prioritizing market and customer responsiveness".

    "In response to the issues they face, high-tech manufacturers are increasingly aligning their technology investments to secure and optimise operations while addressing data privacy and security concerns even as they build greater resilience in the long-term,” said Verbloot.

    The study, entitled “High-Tech Manufacturing Begins with High-Performance Networking and Security Solution”, was conducting by Forrester Consulting on behalf of Aruba – a Hewlett Packard Enterprise company, surveying more than 270 business and IT decision-makers from high-tech manufacturers in Australia, India, Japan, Malaysia, South Korea, Taiwan, and Thailand in the first quarter of 2022.

    The study found three in four manufacturers in the region are prioritising innovation and automation for greater operational efficiency and resilience over the past 12 months.

    It also found that edge solutions, IoT applications, and networks were essential to driving innovation for 63% of respondents, with 61% indicating they had optimised manufacturing processes with automation and robots. Meanwhile, 69% of respondents said they were either piloting or already using cloud-managed networking and security solutions to benefit from improved flexibility, scalability, and defense capabilities.

    Furthermore, 64% of respondents who indicated their intention to build on previous investments in AI-powered software to optimise operations, implement predictive capabilities, and optimise productivity.

    Data privacy and security concerns

    With the increased connectivity and digitalisation of processes and operations, the study states that the collection, transmission, and utilisation of the breadth of data is becoming critical to the sectors' ability to scale operations and address the challenges posed by privacy and security concerns.

    Indeed, more than half (52%) of APAC decision-makers ranked data privacy and security concerns within their top five challenges when implementing networking solutions, while 48% said the lack of cybersecurity features in legacy IoT devices is one of their top five challenges. About 18% ranked information technology/operational technology (IT/OT) divide as one of their top two networking challenges.

    In response to data privacy and security concerns, manufacturers have plans to leverage emerging technologies and automation to secure their operations in the next 24 months.

    These solutions include cloud-managed networking (38%) and SD-WAN (37%). More than 50% of manufacturers are also expanding, upgrading, or planning to invest in Zero Trust Edge solutions in the same timeframe, while 57% said identity-based traffic segmentation helps them to achieve their business goals.

    "As we emerge from the pandemic, there is a need for the manufacturing industry to develop greater agility and flexibility in their operations. Innovation is at the heart of decision-makers’ priorities but manufacturing leaders need to act now by leveraging high-performance network and security solutions to help the smart manufacturing industry scale effectively,” said Verbloot.

    The post Consistent network operations crucial to smart MFG in APAC appeared first on FutureIoT.

    ]]>
    Forescout reveals 56 flaws in OT devices from 10 companies https://futureiot.tech/forescout-reveals-56-flaws-in-ot-devices-from-10-companies/ Wed, 22 Jun 2022 02:00:00 +0000 https://futureiot.tech/?p=11002 The products affected by OT:ICEFALL are known to be prevalent in industries that are the backbone of critical infrastructures such as oil and gas, chemical, nuclear, power generation and distribution, manufacturing, water treatment and distribution, mining and building automation.

    The post Forescout reveals 56 flaws in OT devices from 10 companies appeared first on FutureIoT.

    ]]>
    The threat intelligence team from Forescout’s Vedere Labs yesterday revealed 56 security flaws affecting OT devices from 10 companies, including Bently Nevada, Emerson, Honeywell, JTEKT, Motorola, Omron, Phoenix Contact, Siemens, and Yokogawa.

    Collectively called “OT:ICEFALL”, all 56 vulnerabilities are divided into four main categories: insecure engineering protocols, weak cryptography or broken authentication schemes, insecure firmware updates and remote code execution via native functionality.

    The 36-page report from Vedere Labs underscored the impact of “insecure by design” legacy of OT devices which leave them exposed to real-world OT malware such as  Industroyer, TRITON, Industroyer2 and INCONTROLLER.

    “The rapid expansion of the threat landscape is well documented at this stage. By connecting OT to IoT and IT devices, vulnerabilities that once were seen as insignificant due to their lack of connectivity are now high targets for bad actors.” said Daniel dos Santos, head of security research, Forescout Vedere Labs. 

    He added: “We a very long way to go to reach the summit of these OT design practices. These types of vulnerabilities, and the proven desire for attackers to exploit them, demonstrate the need for robust, OT-aware network monitoring and deep-packet-inspection (DPI) capabilities.”

    The products affected by OT:ICEFALL are known to be prevalent in industries that are the backbone of critical infrastructure such as oil and gas, chemical, nuclear, power generation and distribution, manufacturing, water treatment and distribution, mining and building automation. Many of these products are sold as ‘secure by design’ or have been certified with OT security standards

    Shifting threat landscape

    The report by Vedere Labs has identified a shift in the community toward recognising “insecure by design” vulnerabilities.

    “Only a few years back, well-known vulnerabilities like some that can be found in OT:ICEFALL would not get assigned a CVE ID because there was the assumption that everyone knew OT protocols were insecure. On the contrary, we believe a CVE is a community recognised marker that aids in vulnerability visibility and actionability by helping push vendors to fix issues and asset owners to assess risks and apply patches,” the report said.

    The vulnerabilities and associated issues disclosed in this report range from persistent insecure-by-design practices in security-certified products to inadequate attempts to fix them.

    It is crucial for asset owners to understand how the opaque and proprietary nature of these systems, the suboptimal vulnerability management surrounding them, and the often-false sense of security offered by certifications complicate OT risk management efforts.

    Although the impact of each vulnerability is highly dependent on the functionality each device offers, they fall under the following categories:

    • Remote code execution (RCE): Allows an attacker to execute arbitrary code on the impacted device, but the code may be executed in different specialised processors and different contexts within a processor, so an RCE does not always mean full control of a device. This is usually achieved via insecure firmware/logic update functions that allow the attacker to supply arbitrary code.
    • Denial of service (DoS): Allows an attacker to either take a device completely offline or to prevent access to some function.
    • File/firmware/configuration manipulation: Allows an attacker to change important aspects of a device such as files stored within it, the firmware running on it or its specific configurations. This is usually achieved via critical functions lacking the proper authentication/authorization or integrity checking that would prevent attackers from tampering with the device.
    • Compromise of credentials: Allows an attacker to obtain credentials to device functions, usually either because they are stored or transmitted insecurely.
    • Authentication bypass: Allows an attacker to bypass existing authentication functions and invoke desired functionality on the target device.

    A full list of devices affected by OT: ICEFALL is available here, while details of each vulnerability are discussed in Forescout’s technical report.

    The post Forescout reveals 56 flaws in OT devices from 10 companies appeared first on FutureIoT.

    ]]>
    Asimily, Extreme Networks team up to secure medical devices https://futureiot.tech/asimily-extreme-networks-team-up-to-secure-medical-devices/ Fri, 03 Jun 2022 01:00:00 +0000 https://futureiot.tech/?p=10899 Asimily Insights integration with ExtremeCloud IQ Controller provides a seamless solution to detect exploitable vulnerabilities and enforce policies to help identify and prevent cyberattacks.

    The post Asimily, Extreme Networks team up to secure medical devices appeared first on FutureIoT.

    ]]>
    Healthcare and life sciences facilities have seen an increase in cyberattacks with the growth of connected IoT medical devices.

    To help prevent unauthorised access of medical devices, Asimily and Extreme Networks team up to help healthcare institutions prevent unauthorised access of IoT-based medical devices.

    Asimily is a provider of Internet of Medical Things (IoMT) risk management platforms, while Extreme Networks is a provider of cloud-based networking solutions.

    With this partnership,  Asimily Insights will be integrated into the  ExtremeCloud IQ Controller, a cloud-based wired and wireless network management solution from Extreme Networks.

    “Asimily’s intuitive platform helps us identify and respond to the most critical risks to our organisation, and the integration with Extreme’s solutions enables us to enforce policies on devices as needed and address any concerns that can impact the confidentiality, integrity or availability of IoT and medical devices and their data,” said Ali Youssef, director, Medical Device and IoT Security at Henry Ford Health.

    “Together, these solutions allow us to fill the gaps we previously had in our ability to manage device security and ensure we can continue to deliver patient services, which is always our top concern,” he added.

    Asimily Insights integration with ExtremeCloud IQ Controller provides a seamless solution to detect exploitable vulnerabilities and enforce policies to help identify and prevent cyberattacks.

    “ExtremeCloud IQ Controller provides unified services and features in a simplified management console for on and off-premise deployments. On-Premise deployment is critical for many Healthcare Delivery Organizations (HDOs),” said Dinesh Katiyar, Head of Business Development, Asimily. “This integrated solution provides HDOs a best vulnerability management platform with the flexibility to deploy on-premise.”

    Asimily Insights uses AI-based analysis to prioritise exploitable vulnerabilities and prescribe clinically viable remediations outside of segmentation and blocking that are easy to implement. These remediations are transmitted to ExtremeCloud IQ Controller to centrally enforce network access policies to secure the device.

    In addition, for devices where segmentation is the only option, Asimily Insights generates policies which are transmitted to ExtremeCloud IQ Controller to configure, isolate, segment and micro-segment the devices on the network.

    “Extreme’s solutions are trusted by hospital systems and healthcare providers around the world. Our integration with Asimily creates a solution that is specifically designed for healthcare IT teams and enables them to find and address vulnerabilities before they are exploited, as well as ensure that security measures necessary for safe clinical operations are in place,” said Bob Zemke, Director, Business Development at Extreme Networks.

    The post Asimily, Extreme Networks team up to secure medical devices appeared first on FutureIoT.

    ]]>
    43% of businesses don’t protect their full IoT suite https://futureiot.tech/43-of-businesses-dont-protect-their-full-iot-suite/ Thu, 24 Mar 2022 03:53:11 +0000 https://futureiot.tech/?p=10561 IoT Analytics estimates that the global number of connected IoT devices is expected to grow 9%, reaching 27 billion IoT connections by 2025. Riding on this growth of connected devices is an increased need for security. Gartner observed that in the past three years, nearly 20% of organisations have already observed cyberattacks on IoT devices […]

    The post 43% of businesses don’t protect their full IoT suite appeared first on FutureIoT.

    ]]>
    IoT Analytics estimates that the global number of connected IoT devices is expected to grow 9%, reaching 27 billion IoT connections by 2025. Riding on this growth of connected devices is an increased need for security.

    Source: Kaspersky Global Corporate IT Security Risks Survey, 2022

    Gartner observed that in the past three years, nearly 20% of organisations have already observed cyberattacks on IoT devices in their network.

    While 64% of respondents to the Kaspersky study, Pushing the limits: How to address specific cybersecurity demands and protect IoT, use IoT solutions, as much as 43% do not protect them completely.

    This means that for some of their IoT projects – which may be anything from an EV charging station to connected medical equipment – businesses don’t use any protection tools. Kaspersky posits that may be due to the great diversity of IoT devices and systems, which are not always compatible with security solutions.

    Barriers to protecting IoT

    The study noted that 64% of businesses fear that cybersecurity products can affect the performance of IoT while 40% fear it can be too hard to find a suitable solution. Other common issues businesses face when implementing cybersecurity tools are high costs (40%), being unable to justify the investment to the board (36%) and lack of staff or specific IoT security expertise (35%).

    Barriers to implementing IoT

    The study also noted that 57% of surveyed organisations see cybersecurity risks as the main barrier to implementing IoT. This can occur when companies struggle to address cyber risks at the design stage and then must carefully weigh up all pros and cons before implementation.

    Source: Kaspersky Global Corporate IT Security Risks Survey, 2022

    Stephen Mellor, chief technology officer at Industry IoT Consortium, insists that cybersecurity must be front and centre for IoT. He posits that managing risk is a major concern as life, limb and the environment are at stake.

    He warns that an IT error can be embarrassing and expensive; an IoT error can be fatal. But cybersecurity is only one part of making a system trustworthy.

    “We also need physical security, privacy, resilience, reliability and safety. And these need to be reconciled: what can make a building secure, (locked doors for example), could make it unsafe if you cannot get out quickly,” he continued.

    While IT projects such as messaging/communication, analytics, CRM, etc., have around 80% of common requirements, IoT deployments are very fragmented, loosely coupled, domain-specific and integration-heavy in nature.

    Eric Kao, director for WISE-Edge+ at Advantech comments that in the case of IoT implementation, companies must deal with all kinds of legacy systems, physical constraints, domain protocols, multiple vendor solutions. They must also maintain a reasonable balance in availability, scalability and security.

    “In pursuit of higher availability and scalability, certain cloud infrastructure has to be leveraged, the system has to be open to some extent, then security becomes an enormous challenge,” he added.

    The bright side

    Challenges aside, there remains optimistic about the potential benefits of the technology and the possibilities of protecting IoT solutions as they are integrated into operations and IT.

    Source: Kaspersky Global Corporate IT Security Risks Survey, 2022

    Andrey Suvorov, CEO at Adrotech in Russia, says IoT is widely used in smart cities (62%), retail (62%) and industry (60%). These include projects such as energy and water management, smart lighting, alarm systems, video surveillance and many more.

    “Experts around the world are working on the task of effective protection for such projects but efforts should be made at every level – from equipment manufacturers and software developers to service providers and companies that implement and use these solutions,” he added.

    Next steps for securing IoT

    To help organizations fill the gaps in their IoT security, Kaspersky suggests the following approaches:

    • Assess the status of a device’s security before implementing it. Preferences should be given to devices with cybersecurity certificates and products from manufacturers who pay more attention to information security.
    • Use a strict access policy, network segmentation and a zero-trust model. This will help minimize the spread of an attack and protect the most sensitive parts of the infrastructure.
    • Adopt a vulnerability management program to regularly receive the most relevant data about vulnerabilities in programmable logic controllers (PLCs), equipment and firmware, and patch them or use any protection workarounds.
    • Check the “IoT Security Maturity Model” – an approach that helps companies evaluate all steps and levels they need to pass to achieve a sufficient level of IoT protection.
    • Use a dedicated IoT gateway that ensures the inbuilt security and reliability of data transferring from edge to business applications.

    The post 43% of businesses don’t protect their full IoT suite appeared first on FutureIoT.

    ]]>
    M2Cloud, Thales to develop IoT-based bio-cold chain systems https://futureiot.tech/m2cloud-thales-to-develop-iot-based-bio-cold-chain-systems/ Mon, 07 Mar 2022 23:00:00 +0000 https://futureiot.tech/?p=10475 The two companies will strengthen cooperation for product development optimised for bio-cold chains and global expansion, such as technology cooperation to develop bio-medicine monitoring IoT devices and to ensure a stable supply of IoT modules by combining industry-leading security and IoT technology.

    The post M2Cloud, Thales to develop IoT-based bio-cold chain systems appeared first on FutureIoT.

    ]]>
    South Korean pharmaceutical supply chain company M2Cloud has partnered with Thales Korea to develop  the next-generation bio-cold chain systems based on IoT.

    Moving forward, the two companies will strengthen cooperation for product development optimised for bio-cold chains and global expansion, such as technology cooperation to develop bio-medicine monitoring IoT devices and to ensure a stable supply of IoT modules by combining industry-leading security and IoT technology.

    “In 2022, we plan to develop and supply competitive products in cooperation with various overseas partner companies to enter the global market while stably supplying new products to the domestic bio/medicine cold chain market,” said Moon Jin-soo, CEO of M2cloud.

    M2Cloud delivers scalable logistics and monitoring solutions for use by hospitals, pharmaceutical manufacturers and wholesalers in their supply chains. It owns the first IoT Security System in South Korea – certified by Korea Internet & Security Agency (KISA) – that satisfies all standards of IoT security testing such as stability, integrity, security and unauthorized manipulation defence.

    Last year, the company established an integrated logistics system for COVID-19 with real-time visibility into the entire supply chain, ensuring integrity, proof of compliance to ensure product quality, IoT technology optimized for temperature sensitivity, and cloud technology for ESG practices.

    M2 Cloud has also established and operated a cold chain system throughout the process of receiving, storing, and delivering COVID-19 vaccines from AstraZeneca (refrigeration), Janssen (freezing), and Pfizer (ultra-low temperature), which are all biological agents.

    New IoT-based LTE monitoring system

    M2Cloud and Thales revealed their strategic partnership two weeks ago as they unveiled the first product of their collaboration – an IoT-based LTE monitoring system optimised for biopharmaceutical monitoring.

    Unlike Bluetooth devices for near-field communication, the newly developed IoT cold chain system which is equipped with a low-power LTE communication chip, does not require additional gateway adoption or complex setups such as internet connectivity.

    It can remotely check temperature and location information in real time by just turning the power on, making it suitable for real-time monitoring of refrigerators, refrigerated warehouses, etc., as well as tracking the delivery boxes being transported in real time.

    In particular, because it ensures real-time visibility and data integrity, and can check temperature history without data loss in the event of a power outage or network failure, it  enhances the safety of pharmaceutical products with technologies optimised for biopharmaceutical management, such as vaccines that confirm the validity of products with a temperature history.

    “For a quarter of a century, customers across all industries have trusted Thales’ industry-leading IoT solutions to seamlessly connect and secure IoT devices and to help them transform real-time data into efficient decision making. We are proud to work with M2cloud to help keep their cold chain monitoring and management solutions connected, and to contribute solutions that support the healthcare industry in Korea,” said Sandy Gillio, country director and chief executive,  Thales Korea.

    The post M2Cloud, Thales to develop IoT-based bio-cold chain systems appeared first on FutureIoT.

    ]]>
    PodChats for FutureIoT: Zeroing in on securing IoT in 2022 and beyond https://futureiot.tech/podchats-for-futureiot-zeroing-in-on-securing-iot-in-2022-and-beyond/ Mon, 14 Feb 2022 01:00:00 +0000 https://futureiot.tech/?p=10373 In an IoT ecosystem, you can interconnect multiple devices to the internet and to each other to process data and transmit it over a network. From controlling a home network to those that power gas lines, it is this connectivity to the Internet that makes IoT devices vulnerable to intrusion. It is estimated that 1.5 […]

    The post PodChats for FutureIoT: Zeroing in on securing IoT in 2022 and beyond appeared first on FutureIoT.

    ]]>
    In an IoT ecosystem, you can interconnect multiple devices to the internet and to each other to process data and transmit it over a network. From controlling a home network to those that power gas lines, it is this connectivity to the Internet that makes IoT devices vulnerable to intrusion.

    It is estimated that 1.5 billion IoT breaches occurred between January to June of 2021, most using the telnet remote access protocol, used by network admin to access and manage network devices remotely.

    Kamal Brar, vice president and general manager, Asia-Pacific and Japan, Rubrik says the proliferation of unsecured (or less than enterprise-grade secure) IoT devices connected to the enterprise make them great entry points for ransomware and malware attacks.

    “Depending on where we're talking about in terms of the IoT devices, the nature of the devices and the complexity of the ecosystem, it varies, but it's an obvious place for everyone to go look at, given the simplicity and the fact that it's so integral to our lifestyles,” he added.

    Identity of Things

    According to Brar, the identity of things relates to the verification or validation of a trusted device. Within an IoT environment, this ranges from a simple environment involving a single IoT device to a very complex one involving multiple IoT sensors working together to operate a large domain.

    “The identity of things or identity of IoT refers to how we authenticate, verify and trust a device on the network, whether it is doing what it is designed to do, for example controlling a process in a manufacturing environment,” he elaborated.

    He added that having that validation or the trust in that device is critical. It that sensor is compromised, for example, then it becomes difficult for that system to operate.”

    He cited the Colonial Pipeline incident in 2021 where the billing system infrastructure was crippled by a ransomware attack. While the company could continue to pump gas, it was unable to bill customers forcing the company to shut down the operation until the ransom was paid.

    How and where threat actors hijack IoT

    According to Brar, there are three areas where an IoT-focused attack can occur.

    One, the IoT device are forcibly encrypted and therefore the company is unable to control these devices.

    The second is along the communication channel. A compromise can occur if the communication channels and/or protocols that the IoT device uses to communicate are hijacked, for example, a denial of service or spoofing of the network, then the company again loses access to the infrastructure.

    The third is the hijacking of the data that the IoT captures. “If you're using credentials to connect between the sensors and a central, for example, a database, then you're potentially compromising the application security layer,” he explained.

    Can zero-trust be applied to IoT?

    At the core of the zero-trust principle is trust no one, always verify. This means that even if someone’s identity has been verified already, that credential is ignored when the user accesses the same application or data in the future. Zero-trust requires identity verification each time a request to access the network, data or application.

    IDC acknowledges that IoT can very easily become the weak link or entry point for attacks in any organization – just ask the people at Colonial Pipeline, meatpacker JBS, even Verkade, a Silicon Valley-based security as a service provider.

    IDC says extending a zero-trust framework to IoT deployments can enhance security and reduce risk, but it is an enterprise-wide strategy that requires a complete understanding of all IoT systems on the network.

    Brar concurred adding that with zero trust, you are always in the process of reconfirming (validating identity and rights) – always!

    He however cautioned that contextual information is necessary to ascertain the authenticity of identity.

    “For example, if you're in multiple zones on how those IoT devices operate together, to provide an operational outcome, you want to understand the contextual information on what those devices are doing, to being able to have that outcome,” he explained.

    He goes on to elaborate that: “If I'm having a three-phase deployment across my power generation, I want to understand exactly which parts or which zones of those devices are actually functional to do, what parts of that delivery of three phases, so I can really understand the blast radius, or the impact, potential impact that ought to have if I was compromised.”

    The third element is around automation – specifically, how quickly to recover from a potential threat or exploit.

    “If you think about the IoT devices, because the configuration management is large, and it's complex across the general environment, depending on how big it is. That's an area where many customers get it wrong,” laments Brar.

    Applying behaviour analysis to IoT

    Brar acknowledges that the approach to security varies from company to company. Some focus on the perimeter, others on application hardening data security.

    He posits that from the behaviour standpoint, what you want to look at is end-to-end. Is there a way to capture how this device or how this potential workload or payload behaves from point of entry to potentially how it interacts with the application or how that information flows between all the systems and relevant network interfaces?

    Click on the PodChat player to listen to the full dialogue with Brar and his recommendations for better securing IoT in the enterprise. 

    • What makes IoT devices a valuable target for threat actors? 
    • How does the Identity of Things play a role in protecting IoT devices? 
    • How do threat actors exploit IoT devices through the Identity of Things? 
    • What makes zero trust crucial for protecting IoT devices?
    • How can behaviour analysis detect threats in IoT networks?
    • What makes Rubrik an expert on IoT security?

    The post PodChats for FutureIoT: Zeroing in on securing IoT in 2022 and beyond appeared first on FutureIoT.

    ]]>
    PodChats for FutureIoT: Securing the enterprise IoT in 2022 https://futureiot.tech/podchats-for-futureiot-securing-the-enterprise-iot-in-2022/ Mon, 07 Feb 2022 01:00:00 +0000 https://futureiot.tech/?p=10336 Digital twins are detailed electronic models that use IoT technology to update the digitised model based on changes happening to the source object. Vishnu Andhare, a consultant with the Information Services Group (ISG), believes that IoT (IoT) digital twin technology will continue to mature rapidly because of the demand for this technology across many industries […]

    The post PodChats for FutureIoT: Securing the enterprise IoT in 2022 appeared first on FutureIoT.

    ]]>
    Digital twins are detailed electronic models that use IoT technology to update the digitised model based on changes happening to the source object.

    Vishnu Andhare, a consultant with the Information Services Group (ISG), believes that IoT (IoT) digital twin technology will continue to mature rapidly because of the demand for this technology across many industries as well as the remote needs required by pandemic workforces.

    The Connected Enterprise: IoT Security Report 2021
    Source: Palo Alto Networks 2021

    With the integration of IoT into the enterprise comes the potential for cybersecurity vulnerabilities. Ian Lim, field chief security officer, Asia-Pacific at Palo Alto Networks, offered his perspective on where IoT is headed and how securing IoT needs to step up or catch up with IT security.

    Major enterprise IoT trends in Asia for 2022

    Ian Lim: We see private 5G gaining popularity as people capitalise on its low-latency, high-bandwidth capability. Organisations will be looking into overlaying a private 5G network to facilitate their future use cases.

    Another major IoT trend will be digital twins, which is the concept of having a virtual version of a physical object. This creates the need for better connectivity with 5G technology so that any physical changes can be synced in the virtual model in a responsive and near real-time manner.

    State of IoT Security in Asia

    Ian Lim: The latest IoT security survey from Palo Alto Networks found that nearly all (96%) respondents reported their organisation’s IoT security needs improvement. Part of the reason is due to lack of visibility at scale because IoT falls in the grey area between security teams and operation teams. Organisations need to define their security ownership for better management and visibility over IoT devices.

    Another challenge is the knowledge gap between security tools and IoT technology. For example, there are still very few tools that can interpret 5G traffic, so the tools themselves are not ready to protect an organisation from IoT attacks.

    IoT use case in Asia where security needs to be addressed early on

    Ian Lim: The Internet of Medical Things (IoMT) has been leveraged heavily during the pandemic and is likely to stay. Handling IoMT devices means dealing with a patient's private data and physical health, so there can be severe ramifications if IoT data is compromised.

    The entire lifecycle of IoMT architecture needs to have embedded security to ensure it is secure by default. The IoMT network should also be segmented and secured with visibility, monitoring and response.

    Left out in securing enterprise IoT

    Ian Lim: People should be aware that many IoT devices are not secure by design. According to another IoT report by Palo Alto Networks, over 50% of IoT devices are vulnerable to medium- or high-severity attacks, making them low-hanging fruits for attackers.

    The next aspect is visibility. Many organisations often don’t know all the devices that are plugged into and lack understanding of any attacks targeting them and how they can remediate the attacks.

    The third question is the tug and pull of “who owns securing IoT”. Organisations should start defining IoT security ownership and promote collaboration between security teams and operation teams. Security teams will be responsible for defining strong security standards, while operation teams will need to comply with these standards and provide feedback on what works and doesn’t.

    IT-Ops working together

    Ian Lim: These teams should align around four common goals: visibility, context, control, and response.

    Organisations need a toolset that can automatically scan all IoT devices for visibility. Then, they need the context of what the device is by understanding its functions and vulnerabilities. Machine learning can help to build knowledge of the ecosystem at large. Next is control – organisations need to identify if a device is segmented and under a specific protocol. These rules lower the probability of attacks as access is limited. Lastly, response – systems that can automatically respond to threats gives us the ability to orchestrate a response swiftly.

    Key trends in IoT governance

    Ian Lim: Within Asia, we are looking at regulating IT manufacturers. We want to be able to see more devices that are secure by design, hopefully using government regulations. There’s also another area where we hope to see actions from governments, which is the architecture and infrastructure these IoT devices live on.

    Key trends in Persona-based IoT

    Ian Lim: Some general examples include Alexa, Siri and Google Home. Persona-based IoT is use case-based as it fits in some cases and not in others. When you align a persona with an IoT device, it’s much easier for people to understand and associate the IoT device.

    Key trends in sustainability initiatives around IoT

    Ian Lim: We need to be conscious about how we use energy, maintain our environment, and treat waste. Because of the proliferation of IoT, billions of devices are going to come online. We need to have a very strong strategy around sustainability because of its big numbers.

    Key trends in IoT-as-a-service

    Ian Lim: Much like how anything can be provided as a service nowadays, we may have companies that capitalise on their understanding of a device at scale in future. Take security robots as an example, instead of having every single organisation know how to manage those robots, it makes more sense for them to outsource the management process to an IoT-as-a-service provider. However, there are also IoT devices that are very specific to manufacturing plants and factories and will require specific in-house knowledge for managing them.

    Click on the PodChat player to hear Lim share his perspective on how to improve the security of IoT.

    1. What are the major enterprise IoT trends in Asia in 2022?
    2. Please describe the state of IoT Security in Asia in 2022.
    3. Can you cite one or two emerging IoT applications/use cases in Asia in 2022 where security needs to be addressed early on?
    4. What often gets left out in securing enterprise IoT?
    5. How should CIOs, the CISO and the IT team work with operations to improve the overall security of the entire operation?
    6. Coming into 2022, what are the key trends to expect on the following topics:
      a. IoT governance
      b. Persona-based IoT
      c. Sustainable initiatives
      d. IoT-as-a-services

    The post PodChats for FutureIoT: Securing the enterprise IoT in 2022 appeared first on FutureIoT.

    ]]>
    Xiaomi laid out proposed global standards for IoT security https://futureiot.tech/xiaomi-laid-out-proposed-global-standards-for-iot-security/ Wed, 19 Jan 2022 00:00:00 +0000 https://futureiot.tech/?p=10230 Now companies can use this guide to avoid some basic security and privacy protection risks, and to quickly improve the security and privacy protection capabilities of their IoT products.

    The post Xiaomi laid out proposed global standards for IoT security appeared first on FutureIoT.

    ]]>
    Xiaomi has published a new set of proposed global standards aimed at bolstering security of its consumer IoT products.

    "Users' security and privacy is the top priority of Xiaomi, and we promise that this applies to all markets where we operate,” said Cui Baoqiu, Xiaomi vice president and chairman of Xiaomi Security and Privacy Committee.

    He added: “Over the years, we have made great efforts to protect users' security and privacy. I'm confident and proud to say that Xiaomi is in the leading position of IoT security policies and practices in the world, and we will continue to work hard to build a better IoT ecosystem for our users."

    According to Xiaomi, its proposed security guideline meets the need of the consumer IoT industry as there is no such general standard that can be publicly queried and implemented.

    Now companies can use this guide to avoid some basic security and privacy protection risks, and to quickly improve the security and privacy protection capabilities of their IoT products

    Entitled "Cyber Security Baseline for Consumer Internet of Things Device Version 2.0",  the guideline aims to protect security and user privacy with a comprehensive set of requirements that span across device hardware, device software to device communication.

    The document  also states the requirements on data security and privacy, which include communication security, authentication and access control, secure boot and data deletion among others.

    It is a security baseline that all Xiaomi smart devices should follow.

    Xiaomi owns the world's leading consumer AIoT platform. As of November 2021, Xiaomi's AIoT platform has connected more than 400 million devices, excluding smartphones and laptops, and there are more than 8 million users with 5 or more Xiaomi IoT devices around the world.

    Achieving BSI Kitemark for IoT devices

    The guideline comes as the British Standards Institution (BSI) confirmed that Xiaomi Mesh System AX3000 has obtained the BSI IoT Kitemark Certificate, which has proved the high degree of consistency between the Cyber Security Baseline for Consumer Internet of Things Device of Xiaomi and the international IoT security standards held by BSI.

    David Mudd, BSI global digital and connected product certification director, said: "Connected devices can bring huge benefits to society, but it is imperative that their function and security can be trusted throughout the required device life. By achieving the BSI Kitemark for IoT Devices for its product and having its systems regularly and independently tested and monitored, Xiaomi is demonstrating to consumers their commitment to safeguarding information."

    The BSI IoT Kitemark is a product and service quality certification owned and operated by BSI. It conducts technical testing and security audits for IoT systems, giving consumers reassurance and confidence of secure and trust-worthy IoT devices under the highest standards. Obtaining the BSI IoT Kitemark Certificate means that Xiaomi products are in compliance with multiple cybersecurity standards, including the ETSI/EN303645 standard issued by European Telecommunications Standards Institute (ETSI), as well as the Open Web Application Security Project® (OWASP) Top 10 security requirements.

    It is the third time that Xiaomi received this international security accreditation, following Mi 360° Home Security Camera 2K and Xiaomi Home App, which achieved the BSI Kitemark™ Certificates in July 2021.

    Commitment to IoT security

    In the past few months, Xiaomi has been focused on putting more teeth into the security of its IoT products.

    In June 2021, Xiaomi published the Xiaomi IoT Privacy White Paper , explaining the security and privacy policies and practices of Xiaomi's IoT products, gaining trust by increasing the transparency.

    In November of the same year, in The Contemporary Use of Vulnerability Disclosure in IoT (Report 4: November 2021)  published by the Internet of Things Security Foundation (IoTSF), Xiaomi was listed as one of the 21 IoT device suppliers that met the extended threshold test, namely received the highest rating for security vulnerability disclosure policy, which shows Xiaomi's leadership in IoT security.

    In the future, Xiaomi will keep improving its IoT security framework, while strengthening its security management and technical testing capabilities to fulfil the responsibility of a global industry leader and let everyone in the world enjoy a better and smarter life through innovative and safe technology.

    The post Xiaomi laid out proposed global standards for IoT security appeared first on FutureIoT.

    ]]>
    Visa’s new cloud platform turns any device into a POS terminal https://futureiot.tech/visas-new-cloud-platform-turns-any-device-into-a-pos-terminal/ Mon, 17 Jan 2022 00:00:00 +0000 https://futureiot.tech/?p=10217 Cloud-connected POS lets sellers accept payments across a range of devices quickly, simply, and safely.

    The post Visa’s new cloud platform turns any device into a POS terminal appeared first on FutureIoT.

    ]]>
    Visa has unveiled a new cloud-based payment platform, which aims to revolutionise the industry by transforming almost any device into a cloud-connected payment terminal.

    Called Visa Acceptance Cloud (VAC), the platform will allow acquirers, payment service providers, point of sale (POS) manufacturers, and Internet of Things (IoT) players move payment processing software from being embedded in each hardware device to being universally accessible in the cloud.

    “Cloud acceptance is the future of payments,” said Mary Kay Bowman, senior vice president and global head of payment and platform products, Visa. “Cloud-connected POS lets sellers accept payments across a range of devices quickly, simply, and safely, whether at an unattended kiosk in a hotel, a mirror in a high-end retail store or virtual in-home gym, or a smart phone in the hands of a small seller with a roadside newsstand.”

    Already live across six geographies, VAC not only  turns virtually any device into a cloud-connected payment terminal, but it will also provide seamless, cloud-based software updates, robust analytics, and network services from Visa. Since VAC runs on Visa’s data centers, it also offers leading data security capabilities.

    “VAC is a universal platform that helps open up acceptance for all – by freeing our leading technology partners to innovate. On one end of the spectrum, cloud acceptance helps drive inclusion for more small sellers who want to offer digital payments. On the other end, Visa Acceptance Cloud enables advanced shopping and buying experiences that will be central to the future of retail for businesses of all shapes and sizes,” said Bowman. “Moving acceptance to the cloud opens up the possibility of so much innovation from the entire payments ecosystem. This is only the beginning.”

    Changing the payment landscape

    The new VAC platform comes on the heels of Visa’s successful “Tap to Phone” solution – another industry-first – that transforms current generation Android smartphones and tablets into contactless point of sale terminals.

    Introduced in January 2020, it is Visa’s first offering that let sellers accept payments on the devices they already own, just by downloading an app. As of December 2021, there were more than 300,000 devices across 54 countries using Tap to Phone.

    Now, expanding beyond phones, VAC enables any POS or connected device to seamlessly accept payments and to incorporate a range of added services, including buy now, pay later, fraud management, Rapid Seller Onboarding, and advanced data analytics.

    Ongoing pilots test VAC real-world viability

    According to Visa, ongoing pilots of VAC in North America, South America, Europe, Africa, Asia and Australia cater to a variety of use cases, including retailers and restaurants in Australia through Visa’s work with U.S.-based fintech, Bleu, NOBAL Technologies’ smart mirror and public trains in Brazil.

    “Bleu is working with Visa to bring seamless payments to businesses across Australia for the very first time,” said Sesie Bonsi, president & CEO, Bleu. “While the average business owner can spend as much as $1,000 on POS devices, plus countless hours and more money on time consuming certification processes, moving to Visa Acceptance Cloud removes the barriers of traditional hardware and burdens of device-bound kernel certifications, making it easier for the independent business that we serve to deliver touchless payment options to their customers through any connected device.”

    “Retailers are looking to enhance their in-store customer experience to meet the speed and convenience of the online and in-store checkout experiences,” says Bill Roberts, CEO, NOBAL Technologies. “NOBAL‘s intelligent mirror in partnership with VAC from Visa provides payment experiences on our mirror without the expense and expertise required for embedded hardware modules, helping us push the future of retail in new ways.”

    The post Visa’s new cloud platform turns any device into a POS terminal appeared first on FutureIoT.

    ]]>
    India IoT market to reach US$9.28 billion by 2025 https://futureiot.tech/india-iot-market-to-reach-us9-28-billion-by-2025/ Fri, 14 Jan 2022 00:00:00 +0000 https://futureiot.tech/?p=10205 Use cases such as industrial automation, building automation, security, and surveillance account for the majority of the market revenue.

    The post India IoT market to reach US$9.28 billion by 2025 appeared first on FutureIoT.

    ]]>
    The Indian IoT market is expected to reach US$9.28 billion by 2025 from US$4.98 billion in 2020, driven mostly by changes in enterprise behaviour triggered by the COVID-19 pandemic and verticals' focus on automation are driving the market.

    According to latest analysis by Frost & Sullivan, the growth of IoT adoption in the country is backed by strong connectivity and coverage, rising internet penetration, a surge in smart applications adoption, new business models, and government initiatives such as smart city projects.

    "IoT solution deployment for manufacturing industries, including automotive, energy and utilities, smart cities (government), retail, and other industries such as logistics, will drive investments for enterprise IoT products and services," said Apalak Ghosh, associate director, Information & Communications Technologies, Frost & Sullivan. "Enterprises are becoming more technology-focused and increasing investments in cellular IoT to generate value from their digital transformation."

    Ghosh added: "Use cases such as industrial automation, building automation, security, and surveillance account for the majority of the market revenue. Telcos may benefit from a share of this revenue, depending on their strategic partnerships with hardware providers and their roles in the IoT value chain."

    India offers multiple opportunities for IoT providers, and the country's IoT ecosystem is expected to continue growing to offer entire new streams of revenue. Market participants should focus on:

    • Private long-term evolution (P-LTE) for enhanced security: Indian telcos should focus on marketing the benefits of P-LTE to create awareness and approach enterprises with vertical-specific P-LTE solutions.
    • Real-time operational intelligence for heightened risk and compliance management: IoT providers must develop hardware and applications that are interoperable and pre-integrated to offer brand-agnostic IoT solutions.
    • Visual matrix solutions for improved CX: IoT providers should establish partnerships with visual surveillance system original equipment manufacturers (OEMs) to jointly offer in-store, live consumer analytics along with core security solutions.
    • IoT as a Service for Smart Diagnostics Laboratories: Starting with open source-based IoT solutions can reduce costs substantially and encourage the adoption of smart laboratories as a service.

    The post India IoT market to reach US$9.28 billion by 2025 appeared first on FutureIoT.

    ]]>
    Barracuda checklists for defending IoT against ransomware https://futureiot.tech/barracuda-checklists-for-defending-iot-against-ransomware/ Wed, 22 Dec 2021 08:20:10 +0000 https://futureiot.tech/?p=10081 Ransomware is a type of malware that infects your system, then locks or encrypts your most important data, allowing attackers to ask for a ransom. The attackers will offer to provide the decryption key only if you pay a certain amount of money within a short time. IoT is one of the newest conduits for […]

    The post Barracuda checklists for defending IoT against ransomware appeared first on FutureIoT.

    ]]>
    Ransomware is a type of malware that infects your system, then locks or encrypts your most important data, allowing attackers to ask for a ransom. The attackers will offer to provide the decryption key only if you pay a certain amount of money within a short time.

    IoT is one of the newest conduits for ransomware attacks. In the State of the Network Security 2021 report by Barracuda, 83% of respondents perceived the level of Operational Technology (OT)/Industrial Control Systems (ICS) cyber risk as either critical, high or moderate.

    Ransomware attackers are increasingly employing more sophisticated attacks and defeating existing defences.

    Click on the link to download this checklist for an effective ransomware protection plan for your organization.

    The post Barracuda checklists for defending IoT against ransomware appeared first on FutureIoT.

    ]]>
    A three-step guide to ransomware protection for IoT https://futureiot.tech/a-three-step-guide-to-ransomware-protection-for-iot/ Wed, 22 Dec 2021 08:14:47 +0000 https://futureiot.tech/?p=10078 Ransomware is not an if but a when. Developing your ransomware protection plan, therefore, is not about just being ready to counter the threats of a ransomware attack but being ready with actionable strategies for when the event does happen to start with your data. IoT is one of the newest conduits for ransomware attacks. […]

    The post A three-step guide to ransomware protection for IoT appeared first on FutureIoT.

    ]]>
    Ransomware is not an if but a when. Developing your ransomware protection plan, therefore, is not about just being ready to counter the threats of a ransomware attack but being ready with actionable strategies for when the event does happen to start with your data.

    IoT is one of the newest conduits for ransomware attacks. In the State of the Network Security 2021 report by Barracuda, 83% of respondents perceived the level of Operational Technology (OT)/Industrial Control Systems (ICS) cyber risk as either critical, high or moderate.

    In the Barracuda Networks e-book, Don’t pay the ransom: A three-step guide to ransomware protection, Barracuda lists three focus areas to direct an organization’s strategy: protecting your credentials, securing your web applications and access, and backing up your data.

    Key takeaways in this new e-book include:

    • The most effective detection and response tools and user training to help protect against credential theft and create a culture of awareness.
    • The current best practices to secure web applications and access, stop cybercriminals from exploiting vulnerabilities, and protect your network infrastructure.
    • The backup and disaster recovery solutions to ensure you always maintain access to your data and never have to pay a ransom.

    Click on the link to download your copy of this Barracuda Networks ebook.

    The post A three-step guide to ransomware protection for IoT appeared first on FutureIoT.

    ]]>
    Kaspersky creates cybersecurity policy for bionic devices https://futureiot.tech/kaspersky-creates-cybersecurity-policy-for-bionic-devices/ Tue, 07 Dec 2021 02:30:00 +0000 https://futureiot.tech/?p=9977 The cybersecurity policy developed by Kaspersky experts governs procedures for using bionic devices within the company and aims to reduce the associated cybersecurity risks in business processes.

    The post Kaspersky creates cybersecurity policy for bionic devices appeared first on FutureIoT.

    ]]>
    With an eye on a future where bionic devices are commonplace as part of human augmentation, Kaspersky has designed a cybersecurity policy to mitigate security risks that augmentation technology can pose to corporate IT networks.

    "Human augmentation is a burgeoning area of technology which in fact remains underexplored. That’s why making a first step towards clarifying issues related to its use, as well as strengthening security, will help us to ensure its potential is used in a positive way. We believe that to build a safer digital world for tomorrow, we need to digitally secure the future of human augmentation today,” said Marco Preuss, director of Kaspersky’s Global Research & Analysis Team (GReAT) in Europe.

    Bionic devices are artificial implants which replace biological functions which have been lost due to nerve damage. They use electrical signals to stimulate the remaining nerve cells following disease or injury. They have been around since the 1950s with the invention of cardiac pacemakers and  then cochlear implants, which made their appearance in the 1970s. Today, there are a diverse range of bionic devices from prosthetics to replace damaged limbs, other implants and NFC biochips.

    According to Global Market insights, the bionic devices market is projected to reach nearly US$8 billion in 2027 spurred by technological developments and rising disposable income in emerging economies. Between 2021 and 2027, the market is expected to grow at  a CAGR of more than 8.1%

    Safeguarding the future

    Amid all the excitement and innovation surrounding human augmentation, however, too little attention is paid to the security of the dedicated devices.

    There are legitimate fears among cybersecurity experts and the wider community  about lack of awareness around the topic, which can lead to uncertainty and risks for both further development of human augmentation technologies, and a safer digital world in the future.

    The cybersecurity policy developed by Kaspersky experts governs procedures for using bionic devices within the company and aims to reduce the associated cybersecurity risks in business processes.

    The proposed document creates a scenario where augmented employees become more common in the company in the future, and takes into account Kaspersky’s real-life tests with employees’ biochip implants. It addresses the entire company’s infrastructure and all of its business units.

    As a result, it applies to the full access control system, as well as administration processes, maintenance processes, and the use of automated systems.

    The policy is to be applied to both employees and temporary staff, as well as employees of third-party stakeholders that render contract services to the company. All these factors aim to enhance the cybersecurity of the corporate infrastructure on a larger level.

    It offers a range of standardisation processes, enhancing security and granting better inclusion of employees using bionic devices when in the office.

    “One of the major objectives of this initiative is also to engage the global IT and augmentation community in the discussion and pursue a collaborative effort for further steps of human augmentation security development. This includes ensuring digital privacy of devices, proving different levels of access rights to stored information, and mitigating any threats related to human health,” said Preuss.

    The post Kaspersky creates cybersecurity policy for bionic devices appeared first on FutureIoT.

    ]]>
    Veeam: reindustrialisation will drive IoT adoption in HK in 2022 https://futureiot.tech/veeam-reindustrialisation-will-drive-iot-adoption-in-hk-in-2022/ Tue, 30 Nov 2021 02:00:00 +0000 https://futureiot.tech/?p=9942 Together with the projected growth of installed IoT devices in Hong Kong, Veeam predicts increase data management at the edge as companies seek to process data close to where the devices are located.

    The post Veeam: reindustrialisation will drive IoT adoption in HK in 2022 appeared first on FutureIoT.

    ]]>
    Companies in Hong Kong will show growing interest in reindustrialisation in 2022, driving the adoption of industry 4.0 and IoT technologies in the city.

    Joseph Chan, Veeam Software

    “As these technologies are being explored, there is a need to address the data challenge with more data residing in these new end points and devices at the edge. We see businesses adding new apps and functionality to the edge as a result,” said Joseph Chan, senior director for Hong Kong and Taiwan at Veeam Software, a provider of backup, recovery and data management solutions.

    Reindustrialisation has been on top of the Hong Kong government agenda for several years now and has been one of the major focus for technology innovation in the city. In fact, the government launched  in July this year the HK$2-billion Re-industrialisation Funding Scheme under the Innovation and Technology Fund. The scheme subsidise to subsidise the cost for local manufacturers to set up new smart production lines.

    “We expect advanced manufacturing and high-quality processes to be areas of growth which will drive more IoT adoption [in the city],” Chan said, adding that Veeam has been in talks with the Hong Kong Productivity Council and other organisations who are helping businesses implement industry 4.0 technologies.

    Data management at the edge

    Together with the projected growth of installed IoT devices in Hong Kong, Veeam predicts increase data management at the edge as companies seek to process data close to where the devices are located before moving them to the cloud.

    “As businesses seek to run their applications and manage data efficiently at the edge, we're going to be there to be able to protect that data, and then I'll obviously unlock it and make it portable as well,” said Anthony Spiteri, senior technologist – global product strategy at Veeam.

    Anthony Spiteri, Veeam Software

    Spiteri pointed out that with Veeam’s acquisition of Kasten, a cloud-native backup and recovery solution for Kubernetes workloads and applications, would enable them to protect IoT data at the edge.

    “With Kasten, we are able to protect the data  no matter where it is. A piece of software like Kasten positions us very well to be able to backup data that's being generated at the edge,” Spiteri said.

    Indeed, looking at technology trends in 2022, Veeam predicts fluidity in the movement of data across the enterprise – whether physical or virtual.

    Data portability will be a big thing in the coming 12 months. Last year with the rise of working-from-home due to COVID-19, this concept has been somewhat suppressed. However, as employees return to office workspaces, data portability will again take centre stage.

    “In 2022, there will be a significant focus on the ability for users or owners of a given dataset to easily duplicate information across different software applications, platforms, services, and storage environments,” said Spiteri.

    He added that reducing the friction of data movement and enabling cloud acceleration are among the top benefits.

    “According to our 2021 Data Protections Trends report, 36% of executives believe the ability to move workloads from one cloud to another is the most important element to modern data protection. The goal is to allow any user to experience flawless services across cloud environments, and in turn help the data economy thrive. Veeam’s vision of ‘your data, when you need it, where you need it’ will be vital to ensure teams can access data anywhere, at any time,” Spiteri said.

    The post Veeam: reindustrialisation will drive IoT adoption in HK in 2022 appeared first on FutureIoT.

    ]]>
    Chip shortage will hinder IoT growth by 10% to 15% in 2022 https://futureiot.tech/chip-shortage-will-hinder-iot-growth-by-10-to-15-in-2022/ Thu, 18 Nov 2021 01:00:00 +0000 https://futureiot.tech/?p=9684 IoT devices will feel the pinch particularly hard because they generally use mature sensor, microcontroller, and communications technologies that have significantly
    more availability issues.

    The post Chip shortage will hinder IoT growth by 10% to 15% in 2022 appeared first on FutureIoT.

    ]]>
    Forrester Research predicts that the current global chip shortage, which reared its head early this year, will inhibit IoT market growth by 10% to 15%  in 2022, anticipating that the problem won’t be resolved until mid-2023.

    “Many businesses and consumer products will struggle with the availability and price increases through 2022. IoT devices will feel the pinch particularly hard because they generally use mature sensor, microcontroller and communications technologies that have significantly more availability issues than advanced chips like CPUs and GPUs,” said analysts at the technology research firm.

    They also predict that as a result  of the chip shortage, IoT-based products such as  appliances, automobiles, and consumer electronics will be unavailable, delayed, or overpriced.

    “In turn, this will increase demand for less smart equivalents,” the analysts added.

    The impact of  the shortage in semiconductors supply is one of the key takeaways in the 2022 Forrester Predictions report on IoT, Edge and Networking.

    Edge and IoT edge will power sustainability innovation in the supply chain

    According to Forrester, demand for sustainability-related services powered by edge and IoT will grow in 2022 for energy efficiency and resource management. The two technologies will drive new solutions for scope 3 emission reduction.

    Scope 3 emissions are all indirect emissions in an organisation’s value chain; they come from assets not owned or directly controlled.

    “High-demand use cases will include environmental monitoring (e.g., air quality, CO2 levels, and pollution); resource management (e.g., water, power, electricity, and lighting); and supply chain processes (e.g., fleet management, material sourcing, and asset tracking). These technology-led sustainability solutions will be especially fruitful for stakeholders who are keen on recognising business value and creating competitive differentiation with their sustainability investments,” the analysts said.

    Traditional smart-technology product vendors, IT, and professional services players and platform vendors that specialise in edge and IoT will bring these solutions to market in 2022 as standard offerings and bespoke IT solutions.

    Satellite internet will challenge 5G as the connectivity of choice

    Government red tape and delays in developing 5G have opened the door for the satellite internet market, according to Forrester.

    “In rural areas, low earth-orbiting satellite internet services like SpaceX’s Starlink show more promise than 5G does. Enterprises’ remote worker initiatives and remote facilities will benefit significantly from satellite internet in 2022,” the analysts said.

    They also predicted that wired connectivity providers — with no cellular business — will offer satellite internet services as a backup option instead of positioning competitor with a cellular backup connection.

    “Rural areas will see a significant proportion of users subscribing to satellite services; 85% of satellite users will be in rural locations,” Forrester analysts said.

    Smart infrastructure will increase by 40%

    Meanwhile, large government spending in China, Europe and the US will drive a 40% increase in investments in smart infrastructure, Forrester forecasts.

    “To facilitate pandemic recovery, city planners will prioritize initiatives that provide citizens with internet connectivity, address public health, and manage critical resources (e.g., water, power, and lighting) by using smart meters and predictive grid monitoring,” analysts said.

    They added that stakeholders will also harness insights captured from edge devices and IoT-enabled infrastructure to modify traffic patterns to reduce congestion; evaluate multimedia data to deliver insight for security applications; and combine 5G, V2X, and edge technologies to enable autonomous vehicles (e.g., container trucks and automated guided vehicles) in ports and airports.

    With the proliferation of connected devices, Forrester analysts warns that an IoT botnet will successfully take down communication infrastructure via DDoS.

    “Many IoT devices have notoriously weak security. Cybercriminals have been able to compromise these devices and build massive botnets that can launch disruptive DDoS attacks,” they said.

    This summer, they pointed out Cloudflare mitigated a DDoS attack of 17 million requests per second from the Mirai botnet, which was three times larger than any previously seen DDoS attack. That record was quickly shattered when Yandex repelled a DDoS attack of 22 million requests per second.

    “In 2022, we predict that an IoT botnet will launch a DDoS attack that surpasses 30 million requests per second, setting a new record. That level of traffic will successfully cause economic pain by denying some critical communications infrastructure,” they said.

    “Enterprises should evaluate their current DDoS mitigation vendors and test response plans in preparation for larger attacks in 2022,” they added.

    The post Chip shortage will hinder IoT growth by 10% to 15% in 2022 appeared first on FutureIoT.

    ]]>
    RMB400-M smart factory for EVs opened in Gangbei District https://futureiot.tech/rmb400-m-smart-factory-for-evs-opened-in-gangbei-district/ Tue, 09 Nov 2021 02:30:00 +0000 https://futureiot.tech/?p=9658 It is planned to equip the intelligent factory with 10 automatic production lines for synchronous pre-assembly, five of which have been completed to date.

    The post RMB400-M smart factory for EVs opened in Gangbei District appeared first on FutureIoT.

    ]]>
    Less than a year from ground-breaking in December 2020,  Guangxi Luyuan Electric Vehicle Co. has launched its RMB400-million smart factory at the China-ASEAN New Energy Electric Vehicle Production Base in Gangbei District, Guigang City in China’s Guangxi province.

    The new manufacturing facility is fitted with advanced pipe processing, welding, and assembly process equipment. It deploys real-time information connectivity and automatic processing in key processes such as frame manufacturing, iron and plastic parts coating, motor manufacturing, and whole motorcycle assembly. Moreover, its production equipment in the workshop is using the Internet of things (IoT) to improve efficiency and reduce labour cost.

    When fully operational, the smart factory can  produce an electric motorcycle can be produced in 30 seconds, with a frame accuracy error of less than 0.5 mm. Automatic cutting, bending and welding are realised in frame manufacturing of electric motorcycles, which are monitored with the MES system, so that the accuracy error of finished products is less than 0.5 mm.

    It is planned to equip the intelligent factory with 10 automatic production lines for synchronous pre-assembly, five of which have been completed to date.

    "We will try our best to cultivate a 100-billion-level new energy electric vehicle industry cluster, and strive to achieve the '311' project target for the electric vehicle industry during the '14th Five-year Plan', that is, 30 million electric vehicles (sets of accessories) will be produced every year, to achieve the output value of RMB 100 billion and the tax revenue of RMB 10 billion,” said Huang Yingmei, party secretary of Gangbei District.

    The district is capitalising on Guangxi’s proximity to the borders of Vietnam to tap into the burgeoning Southeast Asian market.

    In recent years, the Gangbei District in Guigang City, Guangxi, has seized the development opportunity brought by the Belt and Road Initiative, and continued to optimise the business environment, planning to build a 10,000-mu China-ASEAN New Energy Electric Vehicle Production Base.

    At present, nearly 100 electric vehicle enterprises have been introduced and more than 50 electric vehicle enterprises have started operation. Guangxi New Energy Electric Vehicle Products Quality Testing Center and Guangxi Electric Vehicle Industry Association have been established successively.

    An annual production capacity of 4 million two-wheeled electric motorcycles, 500,000 three-wheeled electric vehicles and 5 million sets of spare parts has been formed, with the local matching rate reaching 80%.

    From January to September this year, the industrial output value of enterprises above the designated size in the new energy electric vehicle industry of Gangbei District increased by 37.9% year on year. Key components such as motors and plastic parts are continuously sold to domestic and ASEAN markets.

    In addition, Gangbei District also creates "Marshal Travel", a local shared electric bicycle brand, which has been put into operation, and it plans to put more than 500,000 shared electric bicycles in Guangxi within five years, and expand to the whole country in the future.

    The post RMB400-M smart factory for EVs opened in Gangbei District appeared first on FutureIoT.

    ]]>
    PodChats for FutureIoT: Securing IT-OT convergence https://futureiot.tech/podchats-for-futureiot-securing-it-ot-convergence/ Mon, 08 Nov 2021 00:30:00 +0000 https://futureiot.tech/?p=9646 We tend to be familiar with “Information Technology” and the efforts organisations put to secure the data, applications, and systems we refer to IT. Operational Technology is less understood and only with the adoption of IoT, and more importantly, the attacks on infrastructure critical systems have the issue of securing OT become a point of […]

    The post PodChats for FutureIoT: Securing IT-OT convergence appeared first on FutureIoT.

    ]]>
    We tend to be familiar with “Information Technology” and the efforts organisations put to secure the data, applications, and systems we refer to IT.

    Operational Technology is less understood and only with the adoption of IoT, and more importantly, the attacks on infrastructure critical systems have the issue of securing OT become a point of contention starting with those is responsible for IT-OT or OT-IT converged systems.

    The implication of convergence to business

    Richard Farrell, Eaton Asia-Pacific director for Cloud, Data and Digitalization, is quick to remind us of what constitutes information technology (IT) comprise of servers, storage, switches, routers, and software.

    He goes to remind us of that operational technology as what is typically associated with facilities or commercial buildings, power generators, chillers, lighting systems, as well as SCADA software systems.

    Is it convergence or integration?

    Most discussions involving both IT and OT tend to use the term convergence. So, when FutureCIO asked Farrell for his opinion, he acknowledged that ‘integration’ is not something he is asked on the subject. He conceded that convergence has become a buzz term, losing its meaning in the process.

    For Farrell, the discussion is more than just the technology itself. He believed that it is about bringing the two, IT and OT, together. It is also about the people that have traditionally been associated with each technology.

    “To make that convergence is to bring these people together for governance and cultural purpose to have a common purpose. The integration for me is probably more on the technical side of things. How do we integrate our IT and OT systems? How do we integrate those and how do we converge teams to work together?” he opined.

    Influence of 5G on IT-OT

    At a compound annual growth rate of over 46%, Farrell says 5G is one of those technologies that are ‘smashing the IT and OT worlds together’. He opined that 5G is an enabler of the growth of IoT.

    “Think about what the Internet of Things is. It's a bunch of sensors that are gathering data and transporting that data to the internet. It is transporting back and forth, whether it be in the storage, back to the sensors, lots of lots of information, you know, coming in. The transport mechanism is 5G. And because this 5G is super quick, that's going to transport even more masses of data,” he continued.

    He is quick to remind that the growth is not exclusive, not strictly IT or OT or IoT or Industrial Internet of Things – as both benefits from the connectivity that 5G enables.

    “You are going to find that a lot of the information that is used in IT systems is going to be used to operate more efficiently, the Operational Technology systems. And vice versa, all that data we're getting through the Internet of Things, and 5G being an enabler, is going to send all the information back to IT networks works as well,” he elaborated.

    He believes these things are going to be smashed together, but it's going to be IoT and 5G that are rapidly, rapidly growing in the region, which is going to be the enabler for this.

    Holistic IT-OT cybersecurity programme

    Asked for his recommendation on best practices for a holistic IT-OT cybersecurity programme, Farrell suggests a better approach is cybersecurity lifecycle service. It is not about fixing the problem only once, and it is fixed forever.

    “We strongly advocate having a lifecycle service, meaning regularly assessing and auditing physical and virtual networks,” he added. He was emphasized that network is one network as IT and OT are interconnected today.

    “If you do an assessment, you can do asset management checks –checking what is physically and virtually connected to your network. It is having somebody who knows how to do this, comes out, sniffs around your network, walks around your facilities, and with the help of the local IT and OT teams map out all those devices virtually and physically that are connected,” he elaborated.

    You don't know what you don't know!

    He also advocated thinking like a customer.

    “The last thing you want to do is suddenly start to think you are having an attack or denial of service attack, and you have no idea what device is being affected, or where it is originating from. So, the simple thing first - know what's connected to your network, physically and virtually,” he reiterated.

    “What does a customer want? Customers want everything as a service. They want everything to be cloud-based. They want it to be accessible 24/7. They want to have zero security risks when they do it, and they want to know who is accessing the data, and they want to know what to do with that data,” he continued.

    Assume that the customer can see the data, will it help them make facilities operate more efficiently? How does this attach back into the IT world?

    “The reason we say everything as a service is because at the end of the day, anything as a service is going to live in the cloud, and it's going to have security vulnerabilities, right? If we look at just one, just something in isolation on the OT network, or something in isolation on the IT network, we're not looking at everything. So, look at everything as a service in there, and how that affects the organisation,” he explained.

    Lastly, he believes that best practice is about people and psychology.

    “It is a mixture of convergence and integration. You want one team that is working together for one goal. Whether you have operational people sitting in your IT team, or IT people sitting in your operations team, whichever way it may be – you have got to have the right governance in place,” he explained.

    Having the right culture – of ‘us’ and not ‘them’ in place will be important in this IT-OT connected world.

    “As these technologies integrate more, and they converge more, as well, there is probably not going to be an IT person. There is probably not going to be an operations person. They are just going to be the network security people in general,” he concluded.

    Click on the PodChats to listen to Farrell offer his expertise and opinion on IT-OT convergence.

    1. What is IT-OT convergence? What are the implications for businesses?
    2. Should it be considered IT-OT convergence or IT-OT integration?
    3. How has the growing adoption of 5G and IoT technologies led to the convergence (integration) of IT and OT systems?
    4. How should these be connected to the IT systems be secured?
    5. Please name 3 best practices for a holistic IT/OT cybersecurity programme?

    The post PodChats for FutureIoT: Securing IT-OT convergence appeared first on FutureIoT.

    ]]>
    Non-automotive LiDAR adoption to reach 16M by 2030 https://futureiot.tech/non-automotive-lidar-adoption-to-reach-16m-by-2030/ Thu, 04 Nov 2021 02:00:00 +0000 https://futureiot.tech/?p=9628 With the autonomous car market now not expected to take off until well into the second half of this decade, LiDAR suppliers are actively exploring many new use cases across various non-automotive verticals such as smart cities, security, and industrial automation.

    The post Non-automotive LiDAR adoption to reach 16M by 2030 appeared first on FutureIoT.

    ]]>
    Light Detection and Ranging (LiDAR) sensor technology, initially developed and positioned for three-dimensional (3D) map making, surveying, and autonomous driving,  is now ready for deployment in several Internet of Things (IoT) markets and verticals.

    According to ABI Research, the total installed based of LiDAR sensors in smart cities, security, and industry verticals will reach 16 million by 2030, higher than the 13 million LiDAR sensors to be installed in vehicles during the same time period.

    This coincides with technological innovation, such as the shift from mechanical to solid-state LiDAR sensors and the maturity of 3D perception software that enable the integration into and the automation of a growing number of important processes and applications.

    “This extends the opportunity for LiDAR manufacturers to not only serve highly competitive, concentrated, and price-sensitive markets like automotive, but also several large IoT markets, such as security, smart cities, and industrial automation, characterized by a larger and more diversified end-customer base,” said Dominique Bonte, vice president for End Markets and Verticals, ABI Research.

    In a recent whitepaper entitled “Demystifying LiDAR: IoT and Automotive Applications, Industries, and Business Models”, the technology intelligence firm explores how the unique features and benefits of LiDAR technology will drive innovation and value across industry segments.

    While the driverless vehicle market remains the largest opportunity for LiDAR sensor technologies in the longer term, there is a more imminent business proposition in various IoT markets.

    “With the autonomous car market now not expected to take off until well into the second half of this decade, LiDAR suppliers are actively exploring many new use cases across various non-automotive verticals such as smart cities, security, and industrial automation,” Bonte said.

    He added: “These markets are primed to leverage LiDAR’s inherent advantages of robustness in outdoor environments, reliability, range, and 3D resolution compared with other sensors such as camera, radar, and infrared sensors. Also, these IoT markets have less concentrated ecosystems representing both much larger addressable markets in terms of the number of potential buyers and more promising profit margins compared with automotive.”

    Moreover, the IoT markets will reach mass-market maturity faster than automotive, yielding significant business value before the middle of this decade.

    LiDAR use cases

    Bonte predicts that LiDAR technology  and its supplier ecosystem will continue to evolve in two important respects.

    “First, the shift from mechanical to solid-state LiDAR sensor technology will drive lower price levels, ultimately dropping below US$500, higher manufacturing scalability, and lower maintenance levels due to reduced tear and wear. Second, the LiDAR supplier ecosystem, currently consisting of more than 100 players, will mature and consolidate to between 10 and 20 key players by 2030,” he said.

    Specific aspects of the use of LiDAR in the various markets are highlighted below:

    • Smart Cities – While the use of LiDAR for vehicle traffic and pedestrian safety monitoring is already quite well established in the Intelligent Transportation Systems (ITS) market, new opportunities include people counting, flow monitoring, and management at airports and retail locations as well as building occupancy detection. Value propositions include protection against Covid-19, higher safety levels, increased efficiency and cost savings, improved user experiences, and the collection of marketing intelligence data.
    • Security – LiDAR sensors can be deployed in security contexts for a wide range of applications and use cases, including outdoor/indoor surveillance and public safety, border control, intruder detection, access control, and perimeter defence. Critical infrastructure represents the largest security market for LiDAR with data centres, energy generation and distribution, water and utilities, nuclear facilities, and oil and gas as the main segments. Other security categories include commercial buildings, warehouses, and border control. In many environments, LiDAR will coexist with biometrics sensors to offer a full range of security features stretching from early, long-range detection to facial recognition.
    • Industrial – LiDAR is currently adopted by automated material handling solutions in the industrial sector, including automated forklifts, pallet stackers, towers, and tuggers. These automated solutions help to resolve labour shortages and provide the necessary productivity gain. For effective operation, these automated solutions rely on 2D LiDAR for critical functions, including operational safety, localization, and navigation. As autonomous robots are increasingly deployed in dynamic and outdoor environments, 3D LiDAR is expected to play an important role in sensor fusion, mapping, and path planning in field environments, like mines, industrial plants, ports, and farmland.
    • Automotive – LiDAR has a well-established use case in the automotive industry, providing extra redundancy in the perception stack for unsupervised autonomous applications. As a ranging sensor able to deliver helpful semantic insight, LiDAR is ideally positioned to add the vital “third opinion” to the current camera-radar mix once the human driver has been taken out of the loop. However, these unsupervised autonomous applications will take years to materialize at scale, limiting the market potential for automotive LiDAR for the next five years.

    The post Non-automotive LiDAR adoption to reach 16M by 2030 appeared first on FutureIoT.

    ]]>
    PodChats for FutureIoT: How IoT brings the hospitality industry to the digital economy https://futureiot.tech/podchats-for-futureiot-how-iot-brings-the-hospitality-industry-to-the-digital-economy/ Tue, 26 Oct 2021 01:47:45 +0000 https://futureiot.tech/?p=9593 In the paper, IoT Technologies and Applications in Tourism and Travel Industries, the authors write that the Internet of Things (IoT) play a crucial role in the way of understanding and managing this industry, including how offers and demands are linked. It makes the case for Smart Destinations as a natural evolution of Smart Cities. […]

    The post PodChats for FutureIoT: How IoT brings the hospitality industry to the digital economy appeared first on FutureIoT.

    ]]>
    In the paper, IoT Technologies and Applications in Tourism and Travel Industries, the authors write that the Internet of Things (IoT) play a crucial role in the way of understanding and managing this industry, including how offers and demands are linked. It makes the case for Smart Destinations as a natural evolution of Smart Cities.

    The paper claims that Smart Destinations require this smart management as well as the integration of the stakeholders’ value-chain throughout the entire process. In this process, IoT has a crucial role in enhancing the experiences of tourists, managing the destination more efficiently, and offering a channel of information exchange.

    Sanjiv Verma, vice president, Ruckus Networks, APAC from CommScope, acknowledged that personalised guest experience remains at the top of the must-achieve for guests. That said, following the prolonged, there is a greater focus on sustainability.

    “From the hotel properties side, they are looking into how they can improve the operational efficiencies when they're delivering these services,” he opined. At the same time, there is pressure on these businesses to improve asset utilisation, so they have a better return on capital.

    According to Verma, IoT devices are used to improve facilities management by deploying sensors to regulate conditions such as temperature and air quality in tooms. “If somebody left the door open in the balcony, rather than the AC running, (sensors) can turn the AC off automatically so that there is much better conservation of energy,” he suggested.

    He conceded that one of the biggest challenges here is the integration of operational technologies (OT) with information technology (IT) – so that you have a single network where you can optimise your cost and efficiency, he continued.

    In addition, IoT can also be used to ensure both the security of guests and staff.

    He suggested that if a guest room is accidentally left open, sensors can inform hotel management of such and assign staff to check out what has happened and take appropriate actions.

    Verma is quick to remind that with more connected devices the more complex the ecosystem becomes, and the more important cybersecurity becomes.’

    “Any kind of connected devices poses the same risk as IoT devices will. Those that can be leveraged to make sure that when guests are in the hotel, their information is protected, their payments through the card system are protected and things like phishing attacks can be protected. A lot of this stuff is treated in the same way as an enterprise network. We need to make sure that those tools are in place and that the customer can be protected from all these attacks,” he suggested.

    Improving IT-OT connectivity

    Verma commented that the reality is that businesses maintain multiple networks that operate in silos. He acknowledged that some hotels are working to improve efficiencies by merging networks.

    The (merger) process starts with a consolidation of network protocols with the intent of merging the OT and IT on a single platform.

    “There is software like “SmartCell Insights” which are labelled, which can give you a common dashboard and will be able to provide all the visibility from various IoT devices that allows you to manage them from the control centre,” he elaborated.

    Click on the PodChat player and listen to Verma go into details about how the hospitality industry, one segment of the Tourism and Travel industries, can take advantage of IoT to move into the digital economy.

    1. How will the hospitality industry shift in the next few years in a technology perspective in terms of streamlining processes and ensure hotels operate more efficiently?
    2. Beyond the current IoT implementations in hotels, what are the other ways hotels can leverage IoT to increase efficiency level in building maintenance and what are the potential challenges they might face?
    3. With hotels adopting more advance security systems (for entire property and individual guestrooms), how do we ensure that they will not be bypassed by a third person?
    4. With travel slowly restarting, what can hotels implement to boost travellers’ confidence within the property, while at the same time allow hotels to ensure safe distancing and have sufficient health & safety protocols in place?
    5. You mentioned the need for OT to work with IT for better network efficiency. How do we bridge the divide between IT and OT to maximise value for the business and experience for customers?

    The post PodChats for FutureIoT: How IoT brings the hospitality industry to the digital economy appeared first on FutureIoT.

    ]]>
    Claroty opens APAC regional office in Singapore https://futureiot.tech/claroty-opens-apac-regional-office-in-singapore/ Mon, 25 Oct 2021 02:00:00 +0000 https://futureiot.tech/?p=9587 It takes specialist knowledge and experience to effectively implement cybersecurity for OT networks.

    The post Claroty opens APAC regional office in Singapore appeared first on FutureIoT.

    ]]>
    Claroty, an industrial cybersecurity company which specialises in protecting operational technology (OT) networks and the IoT devices connected to them, has established an office in Singapore that will function as its regional headquarters in the Asia Pacific.

    “With most of the region working remotely, demand for digital services in APJ is growing, and with digitalisation comes inherent risk. In the industrial world, that risk is particularly high as previously isolated OT networks become more integrated with IT networks, and thus exposed to a whole host of cyber threats they were not designed to face,” said Yaniv Vardi, CEO of Claroty. “Our expansion in in Asia Pacific and Japan is a reflection of this growing demand as well as the success we’ve achieved to date in the region, and we look forward to working with our strong ecosystem of partners to continue building upon this success.”

    According to ResearchandMarkets,  global OT cybersecurity market will be worth US$18.13 billion by 2023, with Asia-Pacific's OT cybersecurity market projected to grow at a higher CAGR in the forecast period. Manufacturing and mining will be the largest sectors with a strong growth trajectory over the study period. The impact of COVID-19 will be significant across these sectors and other key segments, including oil and gas, transportation and smart cities, and power verticals from 2020 to 2023.

    Claroty noted that spending on OT cybersecurity in the region is increasing as large-scale cyber incidents impacting critical industrial operations have become more pronounced – pointing out that countries in Southeast Asia have increased their spending on industrial cybersecurity as critical infrastructure in industries such as telecommunications, finance, energy and technology become targets of persistent threat actors.

    The company added that such incidents have also made regulators aware that they need to prioritise the security of critical national infrastructure, whether publicly or privately held. Thus, regional agencies are assessing how they will mandate that incident-reporting procedures and cybersecurity practices be installed and required of companies which operate in certain sectors, especially those in energy, oil and gas, transportation, finance, healthcare, and food and beverage. For one, Singapore’s Cyber Security Agency (CSA) has drafted a Master Plan for OT cyber resilience, and are installing expert panels to advise them.

    Eddie Stefanescu, general manager of APJ at Claroty

    Eddie Stefanescu, general manager of Asia-Pacific and Japan (APJ) at Claroty said the company’s remit with existing customers in the region has significantly expanded, as their industrial cybersecurity programs continue to mature.

    “It takes specialist knowledge and experience to effectively implement cybersecurity for OT networks, and what differentiates Claroty is the depth of visibility we have into those networks when our platform is implemented,” said Stefanescu. “That’s why public and private entities, including Coca-Cola EuroPacific Partners (Australia, Pacific, Indonesia), BHP, IRPC Public Company Limited, and Aboitiz Power, are investing in Claroty.”

    To date, the company  is experiencing hyper growth in the region, having doubled its client base and achieving 250% growth in revenue year-over-year from the first half of 2020 to 1H 2021. The company has tripled its headcount in the region over the past year, with hiring occurring across seven countries.

    “Across Australia and Asia, Claroty is a strong partner for companies in the oil and gas, utilities, manufacturing, water, and electrical power industries, but our customer base is broadening. In the past year, we have also experienced strong growth in the food and beverage sector, and in the pharmaceutical sector for the distribution of Covid-19 vaccines,” said Stefanescu.

    Meanwhile, the opening of Claroty’s regional office in Singapore comes shortly after Claroty’s US$140 million in its Series D financial round, which included participation from Temasek.

    The post Claroty opens APAC regional office in Singapore appeared first on FutureIoT.

    ]]>
    Keysight launches new IoT security assessment software https://futureiot.tech/keysight-launches-new-iot-security-assessment-software/ Mon, 18 Oct 2021 02:00:00 +0000 https://futureiot.tech/?p=9554 The software offers comprehensive, automated testing to rapidly cover a large matrix of known and unknown vulnerabilities. IoT security assessments include novel cybersecurity attack tools and techniques for wireless interfaces such as Wi-Fi, Bluetooth, and Bluetooth Low Energy (BLE) to test known vulnerabilities, as well as to discover new vulnerabilities.

    The post Keysight launches new IoT security assessment software appeared first on FutureIoT.

    ]]>
    Keysight Technologies has delivered a new Internet of Things (IoT) Security Assessment software solution that enables IoT chip and device manufacturers, as well as organisations deploying IoT devices, to perform comprehensive, automated cybersecurity assessments.

    The new solution  leverages more than 20 years of experience in network security testing to reveal security vulnerabilities across any network technology. The software offers comprehensive, automated testing to rapidly cover a large matrix of known and unknown vulnerabilities.

    IoT security assessments include novel cybersecurity attack tools and techniques for wireless interfaces such as Wi-Fi, Bluetooth, and Bluetooth Low Energy (BLE) to test known vulnerabilities, as well as to discover new vulnerabilities.

     Development organisations can easily integrate Keysight’s API-driven solution into their development pipeline with a single API for control and reporting. Organisations deploying IoT devices can leverage the software to validate IoT devices before they are delivered to end users and as new vulnerabilities become a concern. Ongoing research from Keysight’s Application and Threat Intelligence Research Center provides updates to the latest protocol fuzzing and attack techniques.

    IoT security vulnerabilities – BrakTooth discovery

    Recently, researchers at Singapore University of Technology and Design (SUTD) discovered a group of vulnerabilities, they named BrakTooth, in commercial Bluetooth chipsets that impact billions of end-user devices. The SUTD research was funded with a grant from Keysight. The SUTD published results were leveraged into improvements in Keysight’s IoT Security Assessment software.

    BrakTooth captures fundamental attack vectors against devices using Bluetooth Classic Basic Rate/Enhanced Data Rate (BR/EDR) and is likely to affect Bluetooth chipsets beyond those tested by the SUTD team.

    "It is hard to accurately gauge the scope of BrakTooth affected chipsets,” commented Sudipta Chattopadhyay, assistant professor, SUTD. “We advise all Bluetooth product manufacturers to conduct appropriate risk assessments, especially if their product may include a vulnerable chipset. We are thankful to Keysight for generously supporting our research and the opportunity to collaborate with the experienced Keysight security team.”

    The vulnerabilities, which include 20 common vulnerabilities and exposures (CVEs), as well as four awaiting CVE assignments, are found in Bluetooth communication chipsets used in System-on-Chip (SoC) boards.  These pose risks that include remote code execution, crashes and deadlocks. The SUTD team responsibly disclosed the findings to the affected vendors, providing a means to reproduce the findings and time to remediate vulnerabilities.

    “Research activities like these at SUTD are critical to improving cybersecurity in the connected world. If the good guys don’t improve it, the cyber criminals will take advantage of vulnerabilities for nefarious purposes,” said Steve McGregory, senior director of Keysight’s security research and development team. “While investment into research is needed and helpful, software and chipset manufacturers are responsible for delivering secure products using rigorous security testing.”

    IoT devices are the weakest cybersecurity link

    Increasing numbers of connected IoT devices enable hackers to leverage cybersecurity vulnerabilities for a range of attacks including malware, ransomware and exfiltration of data.

    According to Statista, the total installed base of IoT connected devices worldwide is projected to grow to 30.9 billion units by 2025 from 13.8 billion units expected in 2021.

    “IoT device vulnerabilities are especially dangerous as they can facilitate sensitive data breaches and lead to physical danger, such as industrial equipment malfunction, medical device defects, or a home security system breach,” wrote Merritt Maxim, vice president, research director, and Elsa Pikulik, researcher, Forrester, in the State of IoT Security Report 2021. “In 2020, IoT devices were the second most common vector for an external breach and technology leaders rank security issues as a top concern plaguing or hindering IoT deployments.”

    The post Keysight launches new IoT security assessment software appeared first on FutureIoT.

    ]]>
    PodChats for FutureIoT: State of IoT Security https://futureiot.tech/podchats-for-futureiot-state-of-iot-security/ Sun, 26 Sep 2021 23:46:13 +0000 https://futureiot.tech/?p=9460 As the IoT ecosystem continues to grow, so does the importance of securing those IoT networks. According to Gartner, spending on IoT security solutions will reach $631 million by 2021. This is a significant leap from $91 million, which was spent in 2016, and this annual global spending statistic shows that IoT solutions are headed […]

    The post PodChats for FutureIoT: State of IoT Security appeared first on FutureIoT.

    ]]>
    As the IoT ecosystem continues to grow, so does the importance of securing those IoT networks. According to Gartner, spending on IoT security solutions will reach $631 million by 2021. This is a significant leap from $91 million, which was spent in 2016, and this annual global spending statistic shows that IoT solutions are headed for a massive boom within the next decade.

    According to Gemalto, another worrying stat, 48% of businesses admit that they cannot detect IoT security breaches on their network. Nearly half of the companies that use IoT can’t identify when their network is compromised. As more businesses invest in IoT technology, we can only hope that this number decreases.

    According to Pieter Danhieux, the co-founder and CEO of Secure Code Warrior, an average building will have air conditioning, automated doors, surveillance cameras – many running on IoT systems. In the agriculture business, tractors, measuring devices and rainwater stations also run IoT.

    “In homes today, you will find IoT in Christmas lights, door locks, etc. IoT has infiltrated both enterprise and our personal lives, which is a good thing because it allows us to do many, many great things. But it could also be a very scary thing,” he commented.

    State of security in IoT devices

    Danhieux opined that when manufacturers build IoT devices they don’t think that these things would be exploited. He argued that manufacturers are under pressure to build these devices at the lowest possible cost and deployed them quickly.

    “People don’t think about the potential threats we could face with some of these IoT devices, whether it is hardware or IoT software development kits (SDKs). The vulnerability could be in how the IoT communicates from within the network,” he added.

    His point was that it's a very complex environment. “I think, and not many people, when they are building those devices are thinking about all the different problems that can go wrong, around IoT security,” he continued.

    In the IoT manufacturing space, everything needs to be minimal. This may mean a lack of processing power to do proper cryptography. “Those are the trade-offs that manufacturers make. Some cannot do remote updates, remote patching of firmware vulnerabilities. It is stock firmware that never changes even though it [may have] weaknesses in it,” Danhieux elaborated.

    Buyer beware

    At the personal level, there is increasing awareness and concern about device insecurity. Danhieux believes the same should apply to enterprises. He noted that very often the IoT network is separated from the IP network and managed by a different group.

    He warned that IoT can still be used as a launchpad for attacks. He cited the Mirai botnet that exploited vulnerabilities on software development kits of some 83 million IoT devices.

    “I do think both from an enterprise, we should ask the right questions to the manufacturers. I think from a personal life perspective, as well, we should make sure that manufacturers of IoT devices, that there is a level of responsibility they take around building secure devices, rather than just building a device and getting it out there,” he opined.

    Key considerations for revisiting security for infrastructure

    Danhieux recommends scanning and testing networks for vulnerabilities. This includes all devices connected to the network, regardless of age.

    The next step in the process is determining whether it makes sense to build layers of defences into the infrastructure. Can device manufacturers update the firmware of these devices? He recalled that some of these devices could be 20 to 30 years old.

    He recalled that 20 years ago, enterprises were dealing with web application securities. He now sees those same vulnerabilities appear in IoT devices today. Things like remote command injections and buffer overflows are well-known problems but are now appearing in the IoT world.

    Skills gap

    Danhieux warned that looking for a security expert that knows IoT may be a problem. It is a very specialist role, and there are very few firms around the world that focus on IoT security, including at the network, data, and software layers.

    He acknowledged the skills can be developed in-house.

    “Developers can be taught to write securely at the data and software layer. Network security architects and security engineers can be tasked with assessing the network component. You might find somebody that can work with physical devices to assess the physical side,” he continued.

    “But to find it all in one person inside an enterprise. I think it's almost impossible. That's probably a security expert. You need to hire for that. You can kind of split them up in the different layers of your organization.”

    Pieter Danhieux

    Ownership of IoT security

    Danheiux acknowledged that ownership of IoT security remains a philosophical issue. Internet Protocol (IP) security people normally do not care about the security of buildings.

    “However, at the end of the day, if it is a threat to your business, if it can damage your enterprise, if you could damage your reputation, does it matter which C level person in the company takes ownership of it? He queried.

    He opined that at the end of the day, it is a business risk. It doesn’t matter which C letter is responsible. Not covering it [security] is the big problem, he concluded.

    Click on the PodChat player and hear Danhieux talk about the state of IoT security in Asia.

    1. Let’s frame our discussion first: where can we find IoT technologies in a typical enterprise in Asia?
    2. What are prevailing misconceptions about IoT security?
    3. From your perspective, should leaders be concerned about IoT security?
    4. Where should senior leadership begin the discussion of IoT security?
    5. What should be the key considerations for revisiting the security of their IoT infrastructure?
    6. What about the skills/know-how around IoT security? Do we hire or outsource?
    7. What preconceived ideas should leaders set aside when discussing IoT security?

    The post PodChats for FutureIoT: State of IoT Security appeared first on FutureIoT.

    ]]>
    Semtech teams up with Vietnam-based Cloud Energy https://futureiot.tech/semtech-teams-up-with-vietnam-based-cloud-energy/ Tue, 21 Sep 2021 02:30:00 +0000 https://futureiot.tech/?p=9416 Cloud Energy said solar-powered systems saved its customers more than 30% on initial investment for a monitoring system.

    The post Semtech teams up with Vietnam-based Cloud Energy appeared first on FutureIoT.

    ]]>
    Semtech Corporation is teaming up with Vietnam-based startup Cloud Energy to develop and deploy a LoRaWAN-based network  for wireless solar power systems to be installed onto rooftops.

    Established in 2019, Cloud Energy specialises in IoT energy management for smart cities. It develops solutions for smart energy building management, smart utilities management and smart solar monitoring systems.

    The wireless rooftop-mounted solar power system being developed by Cloud Energy will feature Semtech’s Lo-RA devices and LoRaWAN connectivity are designed to provide a comprehensive, accurate and independent data management from inverters, electrical meters and sensors to its customers.

    “We believe that the future of monitoring solutions will largely adapt to LoRaWAN wireless technology, which is highly scalable, simple to deploy and provides a reliable wireless connection. Solar power monitoring solutions that use LoRaWAN technology may be a new future trend that not only solves the problem of reliable wireless connectivity, but also provides additional benefits of IoT standardisation, scalability, data analytics, and interoperability,” said Tuan Anh Pham, Cloud Energy founder.

    Furthermore, the company claimed that solar-powered system solutions saved its customers more than 30% on initial investment for a monitoring system.

    The company opted for a wireless LoRaWAN-based network for the solar power system because a wired solution has a higher hardware and installation costs and requires a high-level of maintenance, particularly in Vietnam’s rural areas where cables are like to encounter damage caused by rodents.

    The Cloud Energy wireless solar power system is a plug-and-play solution consisting of multiple wireless Cloud Energy modules, one Kerlink gateway using LoRaWAN and a Cloud Energy web-app to monitor real-time data to review and forecast performance independently across meters, inverters and sensors.

    Through the integration of LoRaWAN, the Cloud Energy solar power system is a true wireless solution offering stable data transmission for end users to manage energy usage across wide areas.

    “Cloud Energy’s successful implementation of the LoRaWAN standard for its wireless solar power systems showcases the versatility of the IoT technology to adapt to nearly any setting and budget. The robust connectivity from LoRaWAN is creating smarter buildings for more informed business decisions,” Marc Pégulu, vice president of IoT product marketing and strategy at Semtech’s Wireless and Sensing Products Group.

    The post Semtech teams up with Vietnam-based Cloud Energy appeared first on FutureIoT.

    ]]>
    Facial biometric systems installed at Haneda Airport https://futureiot.tech/facial-biometric-systems-installed-at-haneda-airport/ Fri, 03 Sep 2021 05:00:43 +0000 https://futureiot.tech/?p=9314 Provided by the Tokyo International Air Terminal Corporation (TIAT), the service eliminates the need to show passports and boarding passes at baggage check, security screening and boarding gates.

    The post Facial biometric systems installed at Haneda Airport appeared first on FutureIoT.

    ]]>
    Self-service passenger identification kiosks have recently been installed at Haneda Airport in Tokyo as part of airport’s new Face Express service, which aims for a contactless boarding procedure for outbound passengers.

    Provided by the Tokyo International Air Terminal Corporation (TIAT), the service eliminates the need to show passports and boarding passes at baggage check, security screening and boarding gates. The self-service kiosks captures facial images  to authenticate the  identity of passengers registering for the Face Express service.

    Initially, the self-service kiosks and Face Express are only available to passengers of Japan Airlines and All Nippon Airways.

    TIAT has chosen German-based Materna to integrates its IPS One ID software into the kiosks. The biometric software uses facial recognition technology to capture a passenger’s image and matched it with his picture from the scanned government-issued ID.

    Personal information collected from passengers are used solely for the purpose of providing and operating Face Express and is not given to anyone other than the participating airline. TIAT is responsible for recording and storing the data, and erasing it within 24 hours

    By allowing passengers to identify themselves at the self-service touch points, physical contact with airport staff, minimising the risk of COVID-19 infection.

    “Contactless technology has become an important way to maintain strict security standards during the pandemic,” said Yuya Yamazaki, technical project manager at TIAT. "We greatly appreciate that Materna completed the deployment of its IPS into the kiosks before the Tokyo 2020 Olympics and Paralympic Games, which is one of our goals of this project."

    Last year,  Materna  also installed its IPS  in 104 self-bag drop kiosks in Terminals 2 and 3 of the Tokyo Haneda Airport. These kiosks have now been upgraded to handle the facial biometric authentication needed for the Face Express Service.

    The post Facial biometric systems installed at Haneda Airport appeared first on FutureIoT.

    ]]>
    OT risk platform allows attack simulations through digital twin https://futureiot.tech/ot-risk-platform-allows-attack-simulations-through-digital-twin/ Wed, 25 Aug 2021 01:30:17 +0000 https://futureiot.tech/?p=9259 While this has been a common practice to prepare for attacks in the IT world through twin-network simulations, it is the first time that an OT environment can benefit from this proven strategy.

    The post OT risk platform allows attack simulations through digital twin appeared first on FutureIoT.

    ]]>
    OT facilities and production sites don’t have the capability to temporarily shut down operations for CISOs to run simulated attacks since it may take days to stop and then restart operations entirely.

    Radiflow has introduced the Cyber Industrial Automated Risk Analysis Platform (CIARA), which allows for a digital twin of multiple facilities to be created on the same UI in order for security and risk teams to execute OT-BAS (Breach & Attack Simulations) in a global enterprise view.  The  new enterprise-level risk management system for OT facilities allow CISOs to view all their sites in one dashboard.

    This takes the guesswork out of OT by letting teams anticipate the impact of potential threats via simulations of known attacks from a continuously updated global database. They can then simulate WHAT-IF scenarios of mitigations to decide which course of action would be most suitable in light of the changes in the threat landscape.

    While this has been a common practice to prepare for attacks in the IT world through twin-network simulations, it is the first time that an OT environment can benefit from this proven strategy. CIARA offers a first-of-its-kind, non-intrusive breach attack simulator that takes into account the business importance of each site so the CISO can find the most vulnerable points on their industrial automation networks across all their sires, allowing them to practice the most effective mitigation tools.

    The ability to configure business importance for each site and benchmark top sites in a central dashboard – while allowing site managers to view their individual risk posture and optimise their security roadmap – is  a major step in securing potential vulnerabilities across multiple facilities. Allowing CISOs to continuously monitor and simulate vulnerabilities, based on recent attacks that have been attempted in their industry or location, has a significant impact on the quality of OT monitoring, without slowing down or stopping critical infrastructure.

    Ilan Barda, founder & CEO of Radiflow

    “CIARA is now a central environment where CISOs can evaluate proven security techniques against the latest threats without tampering with their existing network”, said Ilan Barda, founder & CEO of Radiflow. “Using the revolutionary all-in-one dashboard to keep an eye on all global operations is a critical step to preventing any cyberattack on vital OT facilities.”

    Based in Tel-Aviv, Radiflow work directly with managed security service providers to oversee the discovery and management all relevant data security points. The company’s solution is currently installed in over 5,000 sites worldwide.

    Its newest CIARA software release was recognized as a vendor in the Cyber-Physical Systems (CPS) risk management category, which is in the Innovation Trigger of the Gartner® report titled, “Hype Cycle™ for Cyber and IT Risk Management”, 2021. Since its release, CIARA has earned acclaim for its capabilities in providing a data-driven approach to OT Security, especially following multiple major OT attacks, such as on the Colonial Pipeline and JBS.

     

    The post OT risk platform allows attack simulations through digital twin appeared first on FutureIoT.

    ]]>
    EIU: Digital security a high priority among cities https://futureiot.tech/eiu-digital-security-a-high-priority-among-cities/ Tue, 24 Aug 2021 03:00:53 +0000 https://futureiot.tech/?p=9232 The introduction of the new pillar for environmental security in this year's index reflects the increased importance of sustainability issues and climate adaptation measures amid the pandemic.

    The post EIU: Digital security a high priority among cities appeared first on FutureIoT.

    ]]>
    Singapore leads six other APAC cities that made the top 10 of  the Safe Cities Index (SCI) 2021 released yesterday by The Economist Intelligence Unit (EIU). The other APAC cities are Sydney, Tokyo, Wellington, Hong Kong and Melbourne.

    Now on its fourth edition, the index, is the centre piece of a research project sponsored by NEC Corporation. It ranks 60 cities across 76 indicators, organised along five pillars: personal, health, infrastructure, digital and – new this year – environmental security.
    The Lion City ranks third in the worldwide survey behind Copenhagen and Toronto, which place first and second respectively.

    “Digital security is now an even higher priority as more work and commerce have moved online; those responsible for infrastructure safety have to adjust to dramatic changes in travel patterns and where residents consume utilities,” said Naka Kondo, senior editor of The EIU and editor of SCI 2021.

    “Agencies responsible for personal security need to address a large, lockdown-driven shift in crime patterns; and the priority that urban residents and officials assign to environmental security has risen markedly as covid-19 serves as a stark warning of unexpected crises,” she added.

    Research shows that the performance of different safety pillars correlates very closely with each other, signifying that different kinds of safety are thoroughly intertwined. The top performers in each pillar are as follows:

    • Digital security: Sydney (1), Singapore (2), Copenhagen (3), Los Angeles / San Francisco (4),
    • Health security: Tokyo (1), Singapore (2), Hong Kong (3), Melbourne (4), Osaka (5)
    • Infrastructure security: Hong Kong (1), Singapore (2), Copenhagen (3), Toronto (4), Tokyo (5)
    • Personal security: Copenhagen (1), Amsterdam (2), Frankfurt (3), Stockholm (4), Brussels (5)
    • Environmental Security: Wellington (1), Toronto (2), Washington DC (3), Bogota (4), Milan (5)

    The Safe Cities Index reveals that different global region have distinct strengths. In particular, well-off Asia-Pacific cities tend to perform better on average when it comes to health security and infrastructure security, while European cities on personal security and North American cities on digital security.

    Meanwhile, the introduction of the new pillar for environmental security in this year's index reflects the increased importance of sustainability issues and climate adaptation measures amid the pandemic. Toronto and Copenhagen performed noticeably better in the new environmental security pillar than do any of the top-three cities from earlier years. Interestingly, the index also shows that leading middle-income cities do far better in this area than in any other categories. In particular, three at this income level finish in the pillar's top ten: Bogota (4th); Rio de Janeiro (8th); and Kuala Lumpur (10th).

    The post EIU: Digital security a high priority among cities appeared first on FutureIoT.

    ]]>
    Japanese firms to build world's first decentralised IoT platform https://futureiot.tech/japanese-firms-to-build-worlds-first-decentralised-iot-platform/ Wed, 07 Jul 2021 02:00:29 +0000 https://futureiot.tech/?p=8928 With the alliance, both companies will be working on a proof-of-concept project that intends to build a "decentralised IoT platform" that smoothly connects people and things, and a "smart concierge" that enables the contactless economy.

    The post Japanese firms to build world's first decentralised IoT platform appeared first on FutureIoT.

    ]]>
    CollaboGate Japan (CG) has formed a business alliance with Tessera Technology (TSSR) to develop a decentralised IoT platform – a first in the world – that will use robust hardware-based security functionality of the Renesas' microcontrollers (MCUs)  to verify contactless transactions conducted through IoT devices.

    Tokyo-based CG provides Japan's first decentralized ID platform called UNiD, while the Yokohama-based TSSR, has  strong expertise in IoT device software development.

    The rise of the Stay-at-Home economy has accelerated the adoption of contactless transactions at the consumer level, and both companies see a huge business potential in providing verification  of IoT devices used contactless transactions. Particularly with the shift to contactless transactions in smart bank branches, virtual concierges at healthcare and government services, digital orders at restaurants, and automated receptions at offices and hotels.

    According to a Deloitte study, the market size of the contactless economy in Asia Pacific will reach US$11 trillion, double the current level.

    “With the COVID-19 pandemic, the number and type of businesses that need to interact with users contactless have exploded beyond the specific industries. We believe that the verifiable data exchange platform between "people" and "machines" in a decentralised manner, will support the transformation to contactless systems in a wide range of fields, including new work styles, mobility, logistics, and smart cities, and will contribute to progress our digital society. We are pleased to be the first mover in the world to take on this challenge,” said Masayoshi Mitsui, CEO, CollaboGate Japan.

    A decentralised  IoT platform

    With the alliance, both companies will be working on a proof-of-concept project that intends to build a "decentralised IoT platform" that smoothly connects people and things, and a "smart concierge" that enables the contactless economy by using "UNiD" decentralized ID platform developed by CG and TSSR's expertise in embedded system development on Renesas’ MCUs.

    “In the current Internet system, it is difficult to automatically verify the data provided by users without a trusted third party. In reality, the manual verification process of the data is still necessary for businesses. By introducing a decentralised identity mechanism to IoT devices, we can build a mechanism that allows them to autonomously verify the data provided by users. This will enable the safe and quick delivery of services of their needs,” the companies said in a press statement.

    They added: “In this project, we will build a prototype of a "smart concierge" with an identity verification function for use in BFSI, healthcare, government, and access management at offices, hotels, factories, logistics warehouses.”

    IoT devices must be able to correctly identify, authenticate, and authorised users, automatically verify the data applied for, consider user privacy, and ensure the security of unattended IoT devices. A decentralised IoT platform that meets these requirements is needed for a smooth transition from the face-to-face to the non-face-to-face system.

    CG”s and TSSR’s “smart concierge model has four steps: first, service provider issues credentials (identity verification information, usage permit) to the user's mobile wallet; second,the user sends the credentials stored in the wallet to the IoT device; third, the IoT device verifies the credentials and opens/closes the gate; and fourth, access log is sent to the cloud server.

    Diagram of smart concierge system

    With the smart concierge model,  people can check in to hotels, accommodations, and other lodging facilities and unlock their rooms by simply carrying their mobile app. It can also streamline the validation and entrance for live music, concerts, baseball, football, and other sports, as well as theme park facilities. The system is also expected to enable contactless operations and efficiency that have been conducted face-to-face, such as the efficient management of office visitors, logistics warehouses, medical and educational facilities.

    User-centric and contactless experience based on the decentralized identity model

    Raising IoT security

    IoT devices that are connected to the network are subject to security risks such as hacking and identity theft. For one,  the access IDs and passwords hard-coded into IoT devices are vulnerable if they are left as default settings or are easy to guess. In fact, there was a case where a large number of IoT devices were illegally accessed and used as a botnet to launch DDoS attacks.

    For this reason, security by the PKI standards has significant advantages over the password method. However, the conventional PKI standards using CA certification authorities require manual management of many certificates for each IoT device. In addition to being a very time-consuming task, there are risks such as the leakage of private keys managed by the service operator. In addition, the time and effort required to renew certificates lead to the use of certificates with a long expiration date, which causes vulnerabilities. Thus, the conventional PKI standards have problems in terms of cost, operation, and security.

    By introducing a decentralised ID mechanism to IoT devices, first, a key pair is generated within the IoT device, then the public key corresponding to the digital signature is registered in the decentralised PKI network. Anyone from the network can reference this public key, and a cloud server communicating with the IoT device can retrieve this public key and verify the digitally signed data. This is expected to eliminate the need for manual verification, increase security strength, and significantly reduce the operating costs of IoT devices.

    Comparison between the traditional certification authority model and the decentralized PKI model

    Enabling privacy-preserving data transactions

    CG and TSSR will also design the decentralised IoT platform to comply with current regulations such as GDPR and CCPA, which impose a separation between holding data and using the data.

    In Japan, the Act on the Protection of Personal Information is scheduled to take effect in April 2022, and the handling of personal data via IoT devices will require system design based on the same consideration of individual privacy. Decentralized IoT platforms provide a mechanism that enables IoT service providers to provide the desired services without retaining unnecessary personal information. It provides a mechanism for safe and smooth authentication and data transactions between people and IoT devices based on personal consent, using a mechanism where individuals control their personal information.

    Diagram of the system to avoid collecting unnecessary personal information

    Sakae Ito, vice president of IoT Platform Business Division at Renesas Electronics is pleased to contribute in the decentralised IoT platform with its secure MCU/MPR technologies.

    “We hope that this demonstration experiment of the decentralized IoT Platform by the CollaboGate and Tessera will prove IoT devices can bring security and reliability as well as improved convenience to users, expanding the demand for contactless applications,” he said.

    The post Japanese firms to build world's first decentralised IoT platform appeared first on FutureIoT.

    ]]>
    PodChats for FutureIoT: Securing the Internet of Things https://futureiot.tech/podchats-for-futureiot-securing-the-internet-of-things/ Tue, 06 Jul 2021 04:30:27 +0000 https://futureiot.tech/?p=8913 Given that there are so many IoT devices out there, it is unrealistic to consider the security design of every single IoT device, but businesses can look at cybersecurity infrastructure and techniques to reduce risk

    The post PodChats for FutureIoT: Securing the Internet of Things appeared first on FutureIoT.

    ]]>
    Internet of Things are devices that connect to the Internet. Some are sensors that collect telemetry data about their surroundings and relay it to a collecting device via a wired or wireless connection to the internet. Others not only monitor but also control the activity of the device they are attached to like an air conditioner or lights. Still, others provide information like the navigation system in a vehicle or a power reactor.

    Gartner says organizations implementing IoT are increasingly focusing on the business outcomes of the technology. IoT initiatives are no longer driven by the sole purpose of internal operational improvement.

    The bad news is that this expanding universe of applications of IoT in industrial, government, consumer and commercial is drawing the interest of cybercriminals recognising a burgeoning opportunity.

    From the Mirai Botnet (aka Dyn Attack) of October 2016 to the discovery of hackable cardiac devices at St. Jude Medicals in 2019 to the hacking of a Bluetooth speaker that allowed the criminals to eavesdrop on a CFO’s private conversation, the threat is real, and it is now.

    The why of IoT security

     


    Beng Hai Sim, head of Technical Sales at ESET, Asia Pacific, defines IoT security as the act of securing the IoT device and the network it is connected to.

    “The interconnection of IoT poses a significant challenge for organisations due to the serious security risks posed by unmonitored and unsecured devices connected to the network. The need to think about security on a daily basis has never been greater, especially given that the number of internet-connected devices is expected to grow at an exponential rate,” he added.

    Bots: the who/what of IoT security

    Sim said IoT botnets are a type of malware that commonly targets IoT devices. He explained that IoT devices that have been compromised by bots are frequently used as communication channels to other compromised devices in the network known as botnets. Unpatched vulnerabilities may also exist in routers to which the IoT devices are connected.

    Citing ESET telemetry, Sim revealed that ESET scanned nearly 200,000 routers during the first four months of 2021 and discovered that over 2,200 of them had at least one known vulnerability. The most common type of router attack is distributed denial of service (DDoS).

    DDoS attacks affect 70% of organisations polled on a monthly basis.

    IoT security starts here

    Echoing a security industry theme, Sim says cybersecurity is a shared responsibility.

    From an IoT security perspective, he says the CISO has the responsibility to educate employees on cybersecurity awareness training.

    Beyond regular training and continuous awareness, he suggests that when purchasing IoT devices, organisations should first select a well-known, dependable IoT device provider who is likely to be around in the long term. This ensures that the manufacturers will be able to provide patches and fixes to the IoT devices in the future in a timely manner.

    “It is crucial that the IoT devices that they have selected are secure by design, with security being a key goal at all stages of product development and deployment,” he added.

    The reality of IoT security

    Sim acknowledges that not everything can be secured immediately!

    “Given that there are so many IoT devices out there, it is unrealistic to consider the security design of every single IoT device, but businesses can look at cybersecurity infrastructure and techniques to reduce risk,” he opined.

    He recommended adopting the Zero Trust security model requiring all users, both inside and outside of an organisation's network, to be authenticated, authorised and continuously validated for security, configuration and posture before being granted or maintaining access to application and data.

    He also suggested network segmentation as a useful approach to isolating IoT devices from other network systems.

    “A simple analogy I’d use is the current pandemic situation, where we enforce social distancing to minimise the spread of the Coronavirus,” he continued.

    According to Gartner, utilities will be one of the highest users of IoT endpoints, totalling 1.37 billion endpoints in 2020.

    An expanding universe of applications

    “Electricity smart metering, both residential and commercial will boost the adoption of IoT among utilities,” said Peter Middleton, senior research director at Gartner. “Physical security, where building intruder detection and indoor surveillance use cases will drive volume, will be the second-largest user of IoT endpoints in 2020.”

    Building automation, driven by connected lighting devices, will be the segment with the largest growth rate in 2020 (42%), followed by automotive and healthcare, which are forecast to grow 31% and 29% in 2020, respectively.

    In healthcare, chronic condition monitoring will drive the most IoT endpoints, while in automotive, cars with embedded IoT connectivity will be supplemented by a range of add-on devices to accomplish specific tasks, such as fleet management.

    Click on the PodChat player and listen to Sim describe the why and some options for securing the Internet of Things.

    1. Define security as it relates to the Internet of Things?
    2. What some of the most common vulnerabilities in IoT devices found in enterprises?
    3. Why is it important for organisations to pay attention to securing IoT devices?
    4. Who is responsible for securing IoT devices in an enterprise?
    5. What should organisations do to secure their IoT devices?
    6. Is it realistic to think that we can secure all the 50 billion IoT devices connected out there?
    7. It’s been said that remote work has accelerated IoT further. What is your advice to organisations today as regards securing known devices and protecting against the unsecured unknown?
    8. What should enterprises look for when it comes to security solutions to address IoT devices in the network?

    The post PodChats for FutureIoT: Securing the Internet of Things appeared first on FutureIoT.

    ]]>
    Trend Micro: ICS endpoints prone to cyberattacks https://futureiot.tech/trend-micro-ics-endpoints-prone-to-cyberattacks/ Mon, 05 Jul 2021 06:30:55 +0000 https://futureiot.tech/?p=8917 Cybercriminals are increasingly setting their sights on industrial control systems (ICS) with China topping the list of countries with the most malware detected on ICS endpoints, India with the most coinminer infections , and the US with the most ransomware infections.

    The post Trend Micro: ICS endpoints prone to cyberattacks appeared first on FutureIoT.

    ]]>
    Cybercriminals are increasingly setting their sights on industrial control systems (ICS) with China topping the list of countries with the most malware detected on ICS endpoints, India with the most coinminer infections , and the US with the most ransomware infections.

    These are the findings of the 2020 Report on Threats Affecting ICS Endpoints released today by Trend Micro researchers who warned of the  growing risk of downtime and sensitive data theft from ransomware attacks aimed at industrial facilities.

    "Industrial Control Systems are incredibly challenging to secure, leaving plenty of gaps in protection that threat actors are clearly exploiting with growing determination," said Ryan Flores, senior manager of threat research for Trend Micro. "Given the US government is now treating ransomware attacks with the same gravity as terrorism, we hope our latest research will help industrial plant owners to prioritise and refocus their security efforts."

    Flores is referring to the cyberattack on Colonial Pipeline at the US East Coast  that locked down its systems last May for several days, causing a spike in gas prices, fuel shortage and panic buying in affected areas. US authorities suspected Russian hackers behind ransomware attack. In response, the U.S. Department of Justice, last month, was reported to have issued a guidance elevating investigations of ransomware attacks to a similar priority as terrorism.

    Downside of IT/OT convergence

    The growing trend towards Internet of Things (IoT) has accelerated the coupling of IT and OT networks. While great business and operational benefits are derived from being able to access data from connected devices, it also unfortunately expanded the enterprises’ attack surface. And it has been recognised for several years now that ICS endpoints are the weak links in the chain.

    IT/OT networks use ICS endpoints in the design, monitoring, and control of industrial processes. These endpoints are a crucial element of utility plants, factories and other facilities.

    According to the Trend Micro research paper, there has been a significant rise in ransomware activity affecting industrial control systems in 2020, mostly due  to increased Nefilim, Ryuk, LockBit, and Sodinokibi attacks from September to December. Together, this  group of ransomware makes up more than half of ransomware attacks affecting ICSs last year.

    The US is by far the country with the most ransomware detections affecting ICSs, with India, Taiwan, and Spain a far second.

    “The US is a big country, with a vast number of organizations that can fall victim to ransomware. If we take the percentage of organizations running industrial control systems that had ransomware affecting their systems, Vietnam, Spain, and Mexico actually makes up the top three,” Trend Micro researchers said.

    They added that Vietnam’s ransomware detections were residual infections of GandCrab, a ransomware that  was seen targeting Vietnam in 2018. but has since been mainly out of sight — likely because of its distributor’s arrest in 2020.

    Legacy malware thrive

    Legacy malware such as Autorun, Gamarue, and Palevo became rampant in 2013 and 2014 but have since waned as security policies that disable autorun have become widely adopted.

    However, Trend Micro researchers pointed out that they still thrive in IT/OT networks. While they are found in less than 2% of organisations, they are detected frequently and on several endpoints within the same network, signifying a localised outbreak.

    “There are a couple of practices that contribute to the situation. First, transferring files and data via USB thumb drives is usually performed as a convenient solution for bridging air-gapped networks; however, this allows the propagation of such legacy worms.

    “Second, asset owners create system backups or cold standby terminals and store them in removable drives but do not perform security scans against the package that might harbour malicious software,” the researchers said, adding that their continued presence in IT/OT networks suggests inadequate security and poor maintenance of data backups and removable drives.

    Other threats

    According to Trend Micro, coinminers are another financially motivated malware affecting ICSs. While a coinminer’s code is not designed to destroy files or data, the mining activity’s CPU utilisation can  adversely affect ICS endpoint performance.

    “In our factory honeypot research, we have experienced  unresponsive ICS endpoints after attackers installed coinminers in them. Indirectly, a coinminer can cause loss of control and view over an ICS, especially if those computers have low CPU capacity and/or running outdated operating system, a setup that is not rare in industrial environments,” researchers said.

    The top coinminer family found on ICS endpoints for 2020 is MALXMR, a post-intrusion coinminer. It was usually installed through fileless techniques, but starting in 2019, we have seen MALXMR infections that use Equation group tools to exploit the EternalBlue vulnerability to aid distribution and lateral movement.

    Of the countries with MALXMR running on ICS endpoints, India accounts for more than a third of detections. However, this does not mean that India is specifically being targeted by MALXMR gangs to run their cryptominers. A look at WannaCry ransomware infections showed that India also had more than a third of WannaCry infections on ICS endpoints.

    “This suggests that India has the most MALXMR infections because a lot of computers running ICS software are vulnerable to EternalBlue, as Equation group tools used by MALXMR and WannaCry both exploit the said vulnerability. This data shows how a country’s general patch level makes it susceptible to certain threats,” they said.

    Meanwhile, Trend Micro still sees Conficker (aka Downad) as a persistent threat for ICS endpoints. First discovered back in 2008, this computer worm is still being persistently detected on 200 unique endpoints.

    “We found that at least 94% of the endpoints we analysed were running Windows 10 and Windows 7 operating systems. The most widely known propagation method of Conficker is exploiting the MS08-067 vulnerability that could allow remote code execution if an affected system received a specially crafted Remote Procedure Call (RPC) request. But MS08-067 does not apply to Windows 10 and Windows 7, which leads us to the conclusion that these infections are propagated using either removable drives or dictionary attacks on ADMIN$ share,” researchers said.

    Trend Micro said security should be a major consideration when interconnecting the IT network with the OT network. Specifically, security issues that are used by both the legacy malware and the latest attack trends should be addressed.

    “We recommend that IT security staff approach ICS security by understanding the unique requirements these systems have and why they were set up that way. With that in mind, IT security staff should work with OT engineers to properly account for key systems, identify various dependencies such as OS compatibility and up-time requirements, and learn the process and operational practices to come up with a suitable cybersecurity strategy to properly protect these important systems,” researchers said.

    The post Trend Micro: ICS endpoints prone to cyberattacks appeared first on FutureIoT.

    ]]>
    Making the jump to hyperscale network security alongside IoT https://futureiot.tech/making-the-jump-to-hyperscale-network-security-alongside-iot/ Fri, 02 Jul 2021 06:15:00 +0000 https://futureiot.tech/?p=8901 This Check Point whitepaper to learn Check Point Maestro addresses current and future network security requirements in the cloud.

    The post Making the jump to hyperscale network security alongside IoT appeared first on FutureIoT.

    ]]>
    A recent Omdia report on IoT employments finds that enterprise IoT adoption has matured and brought serious benefits for key industries, though security and IT-OT integration remain key blockers. The deployment follows alongside the wider adoption of cloud computing.

    As enterprises accelerate their digital transformation, and with it, the shift to the cloud of many of its core technologies, it becomes quickly imperative for organisations to revisit their security strategy, else they come the next victim to the increased cybercrime activities observed that started in 2020 and continues today.

    Traditional firewall solutions have proven to be difficult and cumbersome to dynamically scale up to meet unpredictable traffic patterns, as seen with Denial of Service (DoS) attacks, new product launches, breaking news, or other sudden increase in demand for firewall processing capabilities.

    This Check Point Software Technologies white paper, Making the jump to hyperscale network security, offers a detailed and practical look at the technical and operational challenges that enterprises looking to tap the hyperscale growth must address.

    Click on the link and download this Check Point whitepaper to learn Check Point Maestro addresses current and future network security requirements in the cloud.

    The post Making the jump to hyperscale network security alongside IoT appeared first on FutureIoT.

    ]]>
    Claroty to bolster IoT security of industrial assets https://futureiot.tech/claroty-to-bolster-iot-security-of-industrial-assets/ Fri, 18 Jun 2021 02:30:57 +0000 https://futureiot.tech/?p=8854 The company is on a mission to drive visibility, continuity, and resiliency in the industrial economy by delivering comprehensive solutions that secure all connected devices within the four walls of an industrial site.

    The post Claroty to bolster IoT security of industrial assets appeared first on FutureIoT.

    ]]>
    Industrial cybersecurity firm Claroty has renewed its commitment to securing IoT devices and to empowering enterprises’ cloud journey, as the company secured a new round of investment amounting to US$140 million.

    The new funding will also be used to accelerate the company’s expansion into new verticals and regions.

    Yaniv Vardi, CEO, Claroty

    “Our mission is to drive visibility, continuity, and resiliency in the industrial economy by delivering the most comprehensive solutions that secure all connected devices within the four walls of an industrial site, including all operational technology (OT), Internet of Things (IoT), and industrial IoT (IIoT) assets,” said Yaniv Vardi, CEO of Claroty. “With this new investment, we have the financial runway to execute on our proven product strategy in a hyper-growth market, with a world-class leadership team and a strong ecosystem of partners to take us there.”

    That latest round of funding is led by Bessemer Venture Partners’ Century II fund and 40 North, alongside additional strategic investors such LG and I Squared Capital’s ISQ Global InfraTech Fund. All previous investors, including Team8 and long-time customers and partners Rockwell Automation, Siemens, and Schneider Electric, have also participated. The round brings the company’s total funding to US$235 million.

    According to Cybersecurity Ventures, global ransomware damage costs are predicted to exceed US$265 billion by 2031, up from US$20 billion in 2021. As these incidents show no signs of slowing, Claroty’s new investment has firmly placed the company at the forefront of the market with the resources, experience, and capabilities needed to shore up industrial cyber defences for the future.

    Claroty protects organisations’  industrial assets, connections, and processes, with deployments in thousands of locations and facilities across 50 countries in all seven continents. For one, the company has worked closely with Pfizer to secure its COVID-19 vaccine supply chain in its race to meet unprecedented global demand.

    Other customers include General Motors, BHP, Coca-Cola EuroPacific Partners (Australia, Pacific, Indonesia), IRPC Public Company Limited, Aboitiz Power, Rockwell Automation, Siemens, and Schneider Electric.

    The company’s  platform connects seamlessly with customers’ existing infrastructure and programs while providing a full range of industrial cybersecurity controls for visibility, threat detection, risk and vulnerability management, and secure remote access—all with a significantly reduced total cost of ownership.

    To date, Claroty has deployed its solution in a range of verticals, including pharmaceuticals, food & beverage, automotive, chemicals, mining & materials, manufacturing, medical devices & life sciences, oil & gas, electric, water & waste.

    Meanwhile, the Claroty Research Team continues to lead in investigating potential risks to industrial control systems (ICS). The team is known for its development of proprietary threat signatures, protocol analysis, and discovery and disclosure of ICS vulnerabilities. Equipped with the industry’s most extensive ICS testing lab, the team works closely with leading industrial automation vendors to evaluate the security of their products. To date, the team has discovered and disclosed more than 120 ICS vulnerabilities.

    The post Claroty to bolster IoT security of industrial assets appeared first on FutureIoT.

    ]]>
    Bluetooth flaws open devices to impersonation attacks https://futureiot.tech/bluetooth-flaws-open-devices-to-impersonation-attacks/ Thu, 27 May 2021 01:00:15 +0000 https://futureiot.tech/?p=8768 Depending on the vulnerability exploited, a successful attack could lead to impersonation attack, AuthValue disclosure or man-in-the-middle attack.

    The post Bluetooth flaws open devices to impersonation attacks appeared first on FutureIoT.

    ]]>
    Updated on May 21, 2021, 1:30pm to include a statement from Cradlepoint

    Serious security vulnerabilities have been found in  Bluetooth Core and Mesh Profile Specifications, which allow hackers to impersonate legitimate devices and carry on Man-in-the-Middle(MITM) attacks.

    Researchers from Agence nationale de la sécurité des systèmes d'information (ANSSI) disclosed several vulnerabilities in the two Bluetooth specifications used  for low-energy and Internet of Things (IoT) devices or and many-to-many (m:m) device communication for large-scale networks.

    Both the Bluetooth Core and Mesh specifications define the technical and policy requirements for devices that want to operate over Bluetooth connections.

    Depending on the vulnerability exploited, a successful attack could lead to impersonation attack, AuthValue disclosure or man-in-the-middle attack.

    “Devices supporting the Bluetooth Core and Mesh Specifications are vulnerable to impersonation attacks and AuthValue disclosure that could allow an attacker to impersonate a legitimate device during pairing,” said an advisory from the Carnegie Mellon University CERT Coordination Center.

    An attacker within wireless range of the vulnerable Bluetooth devices could use a specially crafted device to exploit the vulnerabilities.

    According to the Carnegie Mellon CERT Coordination Center advisory, the Android Open-Source Project (AOSP), Cisco, Cradlepoint, Intel, Microchip Technology, and Red Hat are vendors affected by the security flaws.

    A spokesman from Cradlepoint told FutureIoT: "Cradlepoint was notified of the BLE vulnerabilities prior to public disclosure. We have a production release of our NetCloud OS code available (NCOS version 7.21.40) that fixes the cited issues. As a result, we consider this security vulnerability remediated.”

    Companies are advised to install the latest recommended updates from manufacturers into their Bluetooth devices..

    Identified vulnerabilities

    Researchers have discovered the following security flaws in the Bluetooth Core and Mesh specifications:

    • Impersonation in the Passkey Entry Protocol: The Passkey Entry protocol used in Secure Simple Pairing (SSP), Secure Connections (SC), and LE Secure Connections (LESC) of the Bluetooth Core Specification is vulnerable to an impersonation attack that enables an active attacker to impersonate the initiating device without any previous knowledge (CVE-2020-26558).

    An attacker acting as a man-in-the-middle (MITM) in the Passkey authentication procedure could use a crafted series of responses to determine each bit of the randomly generated Passkey selected by the pairing initiator in each round of the pairing procedure, and once identified, the attacker can use these Passkey bits during the same pairing session to successfully complete the authenticated pairing procedure with the responder. Devices supporting BR/EDR Secure Simple Pairing in Bluetooth Core Specifications 2.1 through 5.2, BR/EDR Secure Connections Pairing in Bluetooth Core Specifications 4.1 through 5.2 and LE Secure Connections Pairing in Bluetooth Core Specifications 4.2 through 5.2 are affected by this vulnerability.

    • Impersonation in the Pin Pairing Protocol: The Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack (CVE-2020-26555). An attacker could connect to a victim device by spoofing the Bluetooth Device Address (BD_ADDR) of the device, reflect the the encrypted nonce, and complete BR/EDR pin-code pairing with them without knowledge of the pin code.

    A successful attack requires the attacking device to be within wireless range of a vulnerable device supporting BR/EDR Legacy Pairing that is Connectable and Bondable. Devices supporting the Bluetooth Core Specification versions 1.0B through 5.2 are affected by this vulnerability.

    • Impersonation in Bluetooth Mesh Provisioning: The Mesh Provisioning procedure could allow an attacker without knowledge of the AuthValue, spoofing a device being provisioned, to use crafted responses to appear to possess the AuthValue and to be issued a valid NetKey and potentially an AppKey (CVE-2020-26560).

    For this attack to be successful, an attacking device needs to be within wireless range of a Mesh Provisioner and either spoof the identity of a device being provisioned over the air or be directly provisioned onto a subnet controlled by the provisioner.

    • Predictable AuthValue in Bluetooth Mesh Provisioning Leads to MITM:The Mesh Provisioning procedure could allow an attacker observing or taking part in the provisioning to brute force the AuthValue if it has a fixed value, or is selected predictably or with low entropy (CVE-2020-26557).

    Identifying the AuthValue generally requires a brute-force search against the provisioning random and provisioning confirmation produced by the Provisioner. This brute-force search, for a randomly selected AuthValue, must complete before the provisioning procedure times out, which can require significant resources. If the AuthValue is not selected randomly with each new provisioning attempt, then the brute-force search can occur offline and if successful, would permit an attacker to identify the AuthValue and authenticate to both the Provisioner and provisioned devices, permitting a MITM attack on a future provisioning attempts with the same AuthValue.

    • Malleable Commitment: The authentication protocol is vulnerable if the AuthValue can be identified during the provisioning procedure, even if the AuthValue is selected randomly (CVE-2020-26556). If an attacker can identify the AuthValue used before the provisioning procedure times out, it is possible to complete the provisioning operation and obtain a NetKey.

    Similar to CVE-2020-26557, identifying the AuthValue generally requires a brute-force search against the provisioning random and provisioning confirmation produced by the Provisioner. This brute-force search for a randomly selected AuthValue, which can require significant resources, must complete before the provisioning procedure times out.

    • AuthValue Leak:The Mesh Provisioning procedure could allow an attacker that was provisioned without access to the AuthValue to identify the AuthValue directly without brute-forcing its value (CVE-2020-26559).

    Even when a randomly generated AuthValue with a full 128-bits of entropy is used, an attacker acquiring the Provisioner’s public key, provisioning confirmation value, and provisioning random value, and providing its public key for use in the provisioning procedure, will be able to compute the AuthValue directly.

     

    The post Bluetooth flaws open devices to impersonation attacks appeared first on FutureIoT.

    ]]>
    OT systems of CI a lucrative market for cybersecurity https://futureiot.tech/ot-systems-of-ci-a-lucrative-market-for-cybersecurity/ Tue, 25 May 2021 03:00:12 +0000 https://futureiot.tech/?p=8759 The Frost & Sullivan study pointed out that critical infrastructure organisations remain far behind where they should be in their cyber maturity and digital resilience strategies, necessitating a rapid push to fortify cyber defenses and manage their cyber-risk profiles.

    The post OT systems of CI a lucrative market for cybersecurity appeared first on FutureIoT.

    ]]>
    Cybersecurity vendors seeking to tap the anticipated demand from critical infrastructure (CI) operators must ensure that their data traffic monitoring solutions for operational technology (OT) systems can detect the actions of active and passive assets and all data traffic types, then decide how best to analyse the data.

    This is one of the major pieces of advice given by Frost & Sullivan in its latest analysis of the global critical infrastructure cybersecurity market. Segmented into oil and gas facilities, utilities (electric and water), maritime (ports and entry points), and airports, the research firm estimates the market will reach US$24.22 billion by 2030 from US$21.68 billion in 2020.

    Despite the ever-increasing threat landscape and their incredibly high-risk profile, the Frost & Sullivan study pointed out that critical infrastructure organisations remain far behind where they should be in their cyber maturity and digital resilience strategies, necessitating a rapid push to fortify cyber defenses and manage their cyber-risk profiles.

    "While oil and gas facilities will continue to remain, the largest segment investing in cybersecurity solutions, airports will prove to be the fastest-growing one, with a CAGR of 10.1%. Spending is expected to reach US$1.87 billion by 2030," said Danielle VanZandt, industry analyst for security at Frost & Sullivan.

    "This is driven by the ongoing construction of new facilities, significant digitalization upgrades within existing airports, and the incremental updates being made to cybersecurity systems to keep up with the changing cyber-threat landscape and improve detection capabilities," she added.

    Besides ensuring that their data traffic monitoring for OT systems are up to scratch, the Frost & Sullivan analysis said cybersecurity vendors should focus on the following in order to tap into a potentially lucrative market:

    • Network topology solutions for vulnerability and risk assessment: Market participants seeking to provide network topology capabilities need to ensure that they can identify and discover the variety of information technology (IT), Internet of Things (IoT), and operational technology (OT) devices within an organization's network architecture to begin building the topological model.
    • Continuous discovery for organisational assets: For security vendors, emphasizing continuous monitoring and automatic discovery tasks will help attract new customers and improve their market share.
    • Predictive analytics and threat intelligence for incident detection: Cybersecurity solutions providers must emphasize automatic and predictive capabilities in their system tests and proofs of concept with customers to show how these systems will not overwhelm their existing security functions.
    • Secure-by-design initiatives for operational technology assets and systems: Security operators that want to update older OT assets and devices should look at any components that are not engineered via secure-by-design manufacturing.

    The post OT systems of CI a lucrative market for cybersecurity appeared first on FutureIoT.

    ]]>
    Johnson Controls, DigiCert raise security of smart buildings https://futureiot.tech/johnson-controls-digicert-raise-security-of-smart-buildings/ Tue, 25 May 2021 01:30:08 +0000 https://futureiot.tech/?p=8755 Johnson Controls-DigiCert PKI solution elevates operations within the Operational Technology (OT) and Internet of Things (IoT) space to ensure that hardware, software and communication remains trusted throughout the lifecycle of the smart building.

    The post Johnson Controls, DigiCert raise security of smart buildings appeared first on FutureIoT.

    ]]>
    Johnson Controls has partnered with DigiCert to enable its OpenBlue digital solutions suite use DigiCert ONE PKI platform, providing advanced security  and  trusted connectivity for smart building technology.

    "This strategic partnership allows Johnson Controls to offer our customers increased peace of mind by mitigating the risk of costly operational interruptions due to cybersecurity attacks while providing resilient, trusted smart building solutions that use the most advanced PKI technology from DigiCert, the clear leader in its field," said Mike Ellis, executive vice president and chief customer & digital officer at Johnson Controls. "Our domain expertise in healthy, secure and smart buildings, combined with DigiCert's trusted digital identity and automated certificate management capabilities, will further enhance our OpenBlue suite and offer a clear advantage for smart building operations."

    Johnson Controls-DigiCert PKI solution elevates operations within the Operational Technology (OT) and Internet of Things (IoT) space to ensure that hardware, software and communication remains trusted throughout the lifecycle of the smart building. This approach brings modern PKI security as well as advanced expertise in managing digital certificates to provide device authentication and identity, data encryption and integrity for each component of the ecosystem.

    "Johnson Controls is taking an important leadership stance in providing building owners confidence that their devices are safely and securely connected to the network using robust PKI solutions," said Mike Nelson, vice president of IoT security at DigiCert. "DigiCert ONE singularly offers container-based, cloud-native technology for fully automated certificate management with flexible deployment and secure and simple integration with the OpenBlue ecosystem. DigiCert ONE's IoT Device Manager provides complete IoT device lifecycle management that, together with OpenBlue, will ensure secure digital transformation of smart buildings."

    DigiCert's vigilance in addressing the current and future landscape of digital identities and cryptography combined with Johnson Controls unmatched experience across all building systems will allow for OpenBlue to provide and maintain trusted smart building solutions within an ever-changing cybersecurity landscape.

    Johnson Controls also recently announced its partnership with Pelion, to accelerate innovation in connectivity, security and intelligence at the edge for Johnson Controls OpenBlue technology. Pelion's device and edge management capabilities will be used with DigiCert services to ensure digital identities maintain the most stringent level of trust in OpenBlue solutions.

     

    The post Johnson Controls, DigiCert raise security of smart buildings appeared first on FutureIoT.

    ]]>
    New IoT standard automates and secures device onboarding https://futureiot.tech/new-iot-standard-automates-and-secures-device-onboarding/ Thu, 20 May 2021 01:30:08 +0000 https://futureiot.tech/?p=8739 Device onboarding through a standardised protocol like FDO simplifies device set-up by abstracting the underlying complexities of the hardware, which will accelerate the adoption of IoT in industry.

    The post New IoT standard automates and secures device onboarding appeared first on FutureIoT.

    ]]>
    Addressing challenges of security, cost and complexity tied to IoT device deployment at scale, the FIDO Alliance recently launched a new, open IoT standard that enables devices to simply and securely onboard to cloud and on-premise management platforms.

    Called FIDO Device Onboard (FDO) for IoT,  the new specification was collaboratively developed to solve the issue of IoT security in onboarding – just as the alliance has done with its FIDO authentication standards to help address the global data breach problem.

    The FDO specification has reached Proposed Standard status and is open and free to implement. Initially, the specification is targeted at industrial and commercial applications.

    “The FDO standard builds on our ongoing efforts to help close the security gaps that currently exist on the web, by expanding this work into IoT applications,” said Andrew Shikiar, executive director and CMO of the FIDO Alliance.

    He pointed out that companies see the huge potential of the IoT and the enormous benefits it can bring to manufacturing, retail, healthcare, transportation, logistics and more.

    “The paradigm needs to shift immediately so we can move IoT technologies ahead with safer, stronger and more secure means of authentication for these important uses in industrial and commercial environments,” Shikiar said.

    Formed in 2012, the FDO Alliance addresses the lack of interoperability among strong authentication technologies, and remedy the problems users face with creating and remembering multiple usernames and passwords.

    The FIDO Alliance has been introducing standards for simpler, stronger authentication that define an open, scalable, interoperable set of mechanisms that reduce reliance on passwords. FIDO Authentication is stronger, private, and easier to use when authenticating to online services.

    To date, the alliance is composed of over has 250  of the world’s  most influential and innovative companies and government agencies,  working on cybersecurity to eliminate data breaches and  to secure online experiences.

    Security a major barrier to IoT adoption

    IDC expects the IoT market to maintain a double-digit annual growth rate and surpass the US$1 trillion mark in 2022.

    Despite this projected growth, a recent survey has found a majority of businesses have serious concerns about breaches to their infrastructures. Of the 170 IoT leaders polled, the survey found that 85% say security concerns remain a major barrier to IoT adoption. Almost two-thirds (64%) of respondents stated that end-to-end IoT security is their top short-term priority, surpassing edge compute (55%), artificial intelligence (AI)/machine learning (50%) and 5G deployments (28%).

    The new FDO standard is an automated onboarding protocol for IoT devices, leveraging asymmetric public key cryptography to provide the industrial IoT industry with a fast and secure way to onboard any device to any device management system.

    “This is a major milestone that aims to solve one of today’s critical challenges with deploying IoT systems. The new FDO standard will help reduce cost, save time and improve security, all helping the IoT industry to expand rapidly,” said Christine Boles, vice president, Internet of Things Group and General Manager, Industrial Solutions Division at Intel. “Implementation of the FDO standard will enable businesses to truly take advantage of the full IoT opportunity by replacing the current manual onboarding process with an automated, highly secure industry solution.”

    The business benefits from the FDO standard include:

    • Simplicity – Businesses no longer have to pay more for the lengthy and highly technical installation process than they do for the devices themselves. The highly automated FDO process can be carried out by people of any level of experience quickly and efficiently.
    • Flexibility – Businesses can decide which cloud platforms they want to onboard devices to at the point of installation (as opposed to manufacture). A single device SKU can be onboarded to any platform, thereby greatly simplifying the device supply chain.
    • Security – FDO leverages an “untrusted installer” approach, which means the installer no longer needs – nor do they have access to – any sensitive infrastructure/access control information to add a device to a network.

    Open-arm welcome

    IoT industry stakeholders expressed optimism over the new FDO standard, which is expected to enable device makers to deploy, onboard and manage secure IoT devices faster at a lower cost.

    “As the IoT rapidly expands, the security of devices cannot be optional, and a strong foundational root of trust is essential. It will help scale IoT across both industrial and consumer use cases,” said Mohamed Awad, vice president, IoT Business at Arm

    Mohammad Zoualfaghari, research manager and IoT Architect at BT said: "FDO is a revolutionary standard, which can address a critical need for the IoT, Edge Compute and 5G industries and help them to scale up securely and fully automated, from the manufacturer to the consumer, from the device to edge, and from edge to the cloud."

    Joe Pearson, technology strategist, IBM Cloud and Technical Steering Committee Chair, Open Horizon project, is looking forward to implementing FDO in their smart agriculture use cases and in the open retail reference architecture.

    “The Open Horizon project wanted a simple solution to zero-touch provisioning that would have wide support from hardware manufacturers, maximum flexibility, and a staged approach. The FDO specification from the FIDO Alliance certainly meets those requirements,” said Pearson. “After implementing and shipping support in Open Horizon, we're pleased with the results and with the feedback we've received from those using it in the field.”

    Jürgen Rebel, senior vice president and general manager Embedded Security at Infineon Technologies is pleased that the FDO protocol is built with security in mind.

    “It enables FDO based systems to store the private key secrets and device credentials in a Trusted Platform Module. TPM is a widely accepted and used technology that creates trust in manufacturing and supply chain. It is a major contribution towards the acceleration of IoT device deployment,” Rebel said.

    Sam George, VP of IoT, Microsoft Azure, echoed the same sentiment:  “Device onboarding through a standardised protocol like FDO simplifies device set-up by abstracting the underlying complexities of the hardware, which will accelerate the adoption of IoT in industry. We are thrilled to see the FIDO Alliance address such a critical piece of the IoT device lifecycle.”

    The post New IoT standard automates and secures device onboarding appeared first on FutureIoT.

    ]]>
    Balancing act: digital innovation and security in retail https://futureiot.tech/balancing-act-digital-innovation-and-security-in-retail/ Fri, 14 May 2021 00:00:58 +0000 https://futureiot.tech/?p=8714 Retailers that want to introduce self-scanning technologies in-store should adopt a privacy by design approach which ensures customer data is as secure as possible, whether the scan occurs on a company- or customer-owned device.

    The post Balancing act: digital innovation and security in retail appeared first on FutureIoT.

    ]]>
    How often do you check your work devices’ security settings, much less change them? The answer for most may not be favourable. With the ongoing pandemic, cybercriminals are taking the chance to prey on vulnerabilities in devices and networks, with increasing reports that Southeast Asia is becoming a hotspot for cyber-attacks. Unsurprisingly, cyber incidents rank as one of the top three business risks in Asia Pacific (APAC).

    With the pandemic reshaping the way retailers in the region engage with customers and digital technology adoption accelerating, security must come to the forefront of device management strategies.

    This sheer quantity of connected devices in retail today opens innumerable points of access for cyberattacks with costly repercussions. Customers using Internet of Things (IoT) devices and mobile applications to shop in-store and avoid long lines at checkout are at risk of exposing their data to online breaches. And those who use retail-owned devices, such as the handheld mobile computers powering personal shopping solutions (PSS), also open retailers’ systems up to vulnerabilities.  Though some may be hesitant to assume the risk given the significant impact a breach can have on business, delaying digital transformation efforts isn’t really an option anymore. Zebra’s 13th annual Global Shopper Study found that 65% of shoppers in APAC prefer shopping at stores with contactless payment options.

    As such, retailers in Asia must continue to invest in connected devices to increase their competitive advantage and enhance the customer experience. Yet they must do so in a way that also prioritise security.

    The need for privacy by design

    Privacy has also been top of mind with both businesses and shoppers as the collection and utilisation of digital data has exploded. Retailers that want to introduce self-scanning technologies in-store should adopt a privacy by design approach which ensures customer data is as secure as possible, whether the scan occurs on a company- or customer-owned device. This strategy integrates shopper safety into the entire development process of innovative retail point of sale (POS), customer service, and returns solutions. Privacy protocols that are essential to handling personal data, like encryption and data housing, must be included from the very beginning.

    When a retailer implements any scan-and-go or IoT solution, there are critical processes and elements that should be in place to reinforce the security of the platform and protect shoppers’ data.

    Retail operations and customer data must be kept separate so retailers can track and monitor physical retailer-owned devices but not the data housed on them. Once the data is uploaded, retailers should always ensure mechanisms that allow the customer to delete the data are in place. Customer data should also never be saved in plain text but in encrypted data. This makes it much more difficult to decipher, hence helping to protect shoppers’ privacy in the case of a data breach. These measures will bring about greater ease for Asian shoppers as they continue to shop on both their personal devices and the devices retailers offer for in-store use.

    Enhancing the shopping experience without compromising safety and sales

    As retailers in Asia work to boost operations while providing a safe and enjoyable shopping experience, retailers need to look for more ways to ensure shoppers are in safe hands. Countries like Singapore have issued safe distancing guidelines for retail and food and beverage outlets, ensuring establishments comply and even pushing for more adoption of mobile ordering and payment solutions.

    In retail, self-scanning devices can offer customers personalised shopping experiences and frictionless checkout, while maintaining social distancing and minimising surface contacts. For example, solutions such as PSS allow retailers to send highly personalised promotions directly to customers as they navigate store aisles. They also enable customers to upload personal shopping lists and other information to make the shopping experience easier. Plus, the solution can identify items customers are scanning into their carts and recommend recipes. If customers are interested, the PSS can then direct customers to the other ingredients they will need.

    In addition, these mobile computing devices can instantly price check and plot a course to the next destination in the store for the customer. This helps customers monitor spending in real time, which can help them budget better – which statistically leads to more spending. Retailers that employ self-serve contactless shopping solutions also find lines at checkout are heavily reduced – if the customer must go to the register at all. Shoppers like the option to pay on the device from anywhere in the store using a simple credit card swipe. It enables them to avoid the time-consuming process of unpacking, re-scanning, and re-bagging items already in their carts. Once payment is made, the customer simply needs to return the scanner to the display for sanitisation and preparation for the next customer before proceeding to the exit.

    A customer-first mindset can help retailers recover quickly

    Contactless self-service shopping solutions can help to increase revenue and reduce costs as they provide a platform to enable next-generation digital services. More importantly, as the pandemic persists, the only hands touching the customers’ groceries are their own. Social distancing is also far easier to maintain when customers can bypass the checkout lane. Additionally, store associates can use the scanners for online orders and carry-outs, further increasing retailers’ return on investment.

    The benefits of this technology are vast, but whenever shared devices access personal information, retailers must take measured steps to preserve customers’ security and privacy.

    It is undoubtedly vital to stay compliant with the data protection laws being enacted in Asian countries such as Singapore, Malaysia, and Thailand. Beyond that, on a more granular level, retailers must work with technology solution providers to integrate and maximise toolsets that provide multiple layers of protection and maintain a high level of security throughout each product’s full lifecycle.

    Retailers in APAC should also work with leading security vendors and invest in security training to equip personnel to meet today’s security challenges and protect customer data in this era of IoT.

    The post Balancing act: digital innovation and security in retail appeared first on FutureIoT.

    ]]>
    Cyber threat intelligence sharing across auto industry eyed https://futureiot.tech/cyber-threat-intelligence-sharing-across-auto-industry-eyed/ Thu, 22 Apr 2021 01:30:03 +0000 https://futureiot.tech/?p=8612 The ThreatQ platform will support turning threat data into threat intelligence to be shared and applied to security solutions for automotive product.

    The post Cyber threat intelligence sharing across auto industry eyed appeared first on FutureIoT.

    ]]>
    The Automotive Security Research Group (ASRG) is gearing up for cyber threat intelligence sharing across the automotive industry, and has partnered with ThreatQuotient to provide the technology platform that serves as a critical tool for automotive companies to strengthen their security practices.

    “The growth of technology’s role in the automotive industry has prompted the need to focus attention on cybersecurity,” said John Heldreth, founder of ASRG. “The more information that engineers and developers have regarding the products they are developing and their operating environments, the better implementation and more secure solutions can be expected. Engineers and developers will have the opportunity to access shared information through ThreatQ that will enhance the industry’s security.”

    Established in 2017, ASRG is a non-profit organisation that supports the development of security solutions for automotive products. Currently, it has over 6,000 members in 19 countries, including Australia, China, Japan, India, Singapore and the Philippines.

    Compared to other industries, the development of cyber and data security solutions for automotive products is in its infancy. However, the security goals are the same across all automotive manufacturers and even across different products.

    Sharing enriched threat data externally helps strengthen defenses across a larger community of users. The ThreatQ platform will provide granular controls over what, when and how much data is shared so that ASRG members can comfortably share and gain valuable insights from other users. Finding and knowing where to look for information is the first step to understanding problems and proposing informed solutions.

    “ASRG’s goal is to reduce hesitation on the part of automotive stakeholders to share vulnerabilities or cyber issues related to their products and to offer a safe and secure platform for intelligence sharing. We are thrilled to partner with and sponsor ASRG with our threat intelligence platform for members to gain critical knowledge,” said Markus Auer, CTI advisor and regional manager CEE at ThreatQuotient.

    He added: “We share ASRG’s vision for solving the global challenge of using threat intelligence more constructively across multiple use cases, which is larger than any one company or solution. We look forward to the positive impact ASRG will have on security in the automotive industry.”

    According to Jasmine Rhyder, lead of the ASRG Sydney Chapter of ASRG, having a wealth of information in one place makes it easier for researchers, analysts and engineers to find relevant data, and to do so more quickly.

    “ThreatQuotient and ASRG are providing a clear path towards effective security operations, leading the way not only in developing this security solution for the automotive industry, but doing so in a way that encourages meaningful information sharing. It will be exciting to see the full impact this collaboration will have on the industry."

    The ThreatQ platform provides a unique combination of capabilities that streamline threat operations and management to accelerate security operations. Beyond the threat intelligence platform use case, ThreatQ can be leveraged for a number of security operations priorities including threat hunting, incident response, spear phishing, alert triage and vulnerability prioritisation.

    The post Cyber threat intelligence sharing across auto industry eyed appeared first on FutureIoT.

    ]]>
    Yokogawa and Claroty team up to protect process operations https://futureiot.tech/yokogawa-and-claroty-team-up-to-protect-process-operations/ Thu, 15 Apr 2021 02:00:40 +0000 https://futureiot.tech/?p=8592 Partnership delivers industrial cybersecurity solution to critical infrastructure organisations in Southeast Asia, Australia, and New Zealand

    The post Yokogawa and Claroty team up to protect process operations appeared first on FutureIoT.

    ]]>
    Industrial automation provider Yokogawa Engineering Asia is set to give customers in Southeast Asia, Australia and New Zealand access to Claroty’s cybersecurity platform to enable these enterprise organisations to protect their process operations against cyberthreats.

    In a reseller agreement signed recently between the two companies, Yokagawa agreed to add the Claroty platform either as an added service or embedded within its own managed security services. The agreement expands upon Yokogawa’s and Claroty’s reseller agreement in Europe, which was established last year.

    “We are continuously investing in secure products and services as part of our commitment to quality, safety, security, reliability, and sustainability, with highly competent and experienced resources in Asia,” said Charles Lim, head of digital innovation & security solution at Yokogawa. “Our partnership with Claroty further reinforces process operation cybersecurity protection and will deliver plant security lifecycle services based on the defence-in-depth approach corresponding to international standards for enhanced operational resilience.”

    The industrial automation business founded in 1915 engages in broad-ranging activities in the areas of measurement, control, and information. Yokogawa provides vital products, services, and solutions to a diverse range of process industries including oil, chemicals, natural gas, power, iron and steel, and pulp and paper. With the life innovation business, the company aims to radically improve productivity across the pharmaceutical and food industry value chains. The test & measurement, aviation, and other businesses continue to provide essential instruments and equipment.

    Yokogawa co-innovates with its customers through a global network of 114 companies spanning 62 countries, generating US$3.7 billion in sales in FY2019.

    Assets in industrial environments – including operational technology (OT), Internet of Things (IoT), and industrial IoT (IIoT) – are hard to detect, hard to manage, and even harder to secure. Adding to this challenge is the accelerating convergence of IT and OT networks, which enhances the efficiency of industrial operations, but also increases the attack surface available to adversaries. As a result, industrial enterprises and critical infrastructure providers need to be able to detect and respond to cyber threats more quickly and effectively than ever before.

    The Claroty Platform reveals 100% of OT, IoT, and IIoT assets on enterprise networks and protects them from vulnerabilities, emerging threats, malicious insiders, and unintentional errors. Its threat detection model continually monitors the network for both known and unknown threats, automatically weeds out false positives, and gives clear direction on how to take action. This is all enriched by Claroty’s extensive ecosystem of third-party technical integrations, as well as the latest threat signatures and remediation guidance from the renowned Claroty Research Team.

    “Our software combined with Yokogawa’s expertise gives organisations like IRPC Public Company Limited Thailand deep visibility into their industrial environments, comprehensive security controls for those environments, and actionable insights that allow them to better assess and improve their security posture,” said Eddie Stefanescu, general manager of APJ at Claroty. “We are delighted with the proven success of this collaboration with Yokogawa to date and look forward to its continued global expansion.”

     

    The post Yokogawa and Claroty team up to protect process operations appeared first on FutureIoT.

    ]]>
    Facial recognition use to secure payments to grow 120% https://futureiot.tech/facial-recognition-use-to-secure-payments-to-grow-120/ Tue, 13 Apr 2021 01:00:25 +0000 https://futureiot.tech/?p=8583 The report also finds that fingerprint sensors are expected to be on 93% of biometrically-equipped smartphones in 2025.

    The post Facial recognition use to secure payments to grow 120% appeared first on FutureIoT.

    ]]>
    The number of users of software-based facial recognition to secure mobile payments will exceed 1.4 billion globally by 2025, from just 671 million in 2020 – a rapid growth of 120%.

    This is based on a new study from Juniper Research which shows how widespread facial recognition has become; fuelled by its low barriers to entry, a front-facing camera and appropriate software. The research identified the implementation of FaceID by Apple as accelerating the growth of the wider facial recognition market, despite the challenges to facial recognition during the pandemic with the use of face masks.

    The research recommends that facial recognition vendors implement robust and rapidly evolving AI based verification checks to ensure the validity of user identity, or risk losing user trust in the authentication method as spoofing attempts increase.

    Fingerprint Sensors Dominant, Hardware-based Facial Recognition Growing

    Entitled Mobile Payment Authentication: Biometrics, Regulation & Market Forecasts 2021-2025, the study found that fingerprint sensors are expected to be on 93% of biometrically-equipped smartphones in 2025. This compares favourably to hardware-based facial recognition, with just 17% of biometrically equipped smartphones featuring these capabilities in 2025.

    “Hardware-based facial recognition is growing, but the ability to carry out facial recognition via software is limiting its adoption rate. As the need for a secure mobile authentication environment grows, smartphone vendors will need to increasingly turn to more robust hardware-based systems to keep pace with fraudsters’ evolving tactics,” said research co-author Susan Morrow.

    The research also found that the use of voice recognition for payments is increasing, from 111 million users in 2020, to over 704 million in 2025. The study identified that, at present, voice recognition is mostly used in banking, and will struggle to grow beyond this, due to concerns around robustness. Juniper Research recommends that vendors adopt a multi-method biometric strategy, which encompasses facial recognition, fingerprints, voice and behavioural indicators to ensure a secure payment environment.

    The post Facial recognition use to secure payments to grow 120% appeared first on FutureIoT.

    ]]>
    Cyberlink scales up video monitoring with upgraded facial recognition https://futureiot.tech/cyberlink-scales-up-video-monitoring-with-upgraded-facial-recognition/ Wed, 07 Apr 2021 02:30:48 +0000 https://futureiot.tech/?p=8558 Small business owners can literally setup affordable single-computer, single-camera systems on their own.

    The post Cyberlink scales up video monitoring with upgraded facial recognition appeared first on FutureIoT.

    ]]>
    Taiwan-based CyberLink, a pioneer in AI and facial recognition technologies, has rolled out a major upgrade of its FaceMe Security solution, adding features such as people identification and contactless access control.

    FaceMe is optimised for IoT devices, being uniquely positioned to integrate edge-based AI facial recognition into a wide range of IoT and AIoT solutions. FaceMe is optimised to run on most hardware configurations, from high-end workstations to low-power chipsets typically used in IoT devices. It is compatible with Windows, Linux, Android and iOS systems.

    The solution latest updates include the ability to identify people with a high degree of precision even when wearing a mask, as well as mask detection and temperature measurement for health control. The solution now offers enhanced compatibility to a number of mainstream video management systems (VMS) and further optimisation to chipset support, including the cost-effective NVIDIA Jetson platform.

    “Biometric and vision technologies are setting new standards for IP surveillance deployments. Not only can solutions using top-tier facial recognition accurately verify identity, even for faces partially covered by a mask, but they can also detect if the mask is worn properly,” said Dr. Jau Huang, CEO of CyberLink.

    The solution comes with all the features needed to enable automated and contactless security monitoring, access control and health checks, each of which are relevant to organisations of all types and sizes, in all sectors of the economy.

    Small business owners can literally setup affordable single-computer, single-camera systems on their own. The solution’s robust and scalable architecture enables a rapid and easy deployment by system integrators anywhere, from single-location businesses to very large organisations, addressing use cases relevant across a wide range of industries and sectors, including retail, manufacturing, warehousing, office management, hospitality and many others.

    Its flexibility, such as the ability to connect into existing IP cameras and run on multiple types of computers and workstations, often allows integrators to implement FaceMe Security across entire organisations, all from the server room. The versatility of its features and a collection of APIs ensure a seamless integration into systems such as visitor management, employee time and attendance, access control and automated door operation, in addition to connecting easily into existing surveillance and monitoring systems.

    All-inclusive solution

    The newest edition of FaceMe Security Workstation allows for real-time face detection and facial template extraction at the edge. Optimised to run across a wide range of edge-based hardware, FaceMe Security Workstation can be deployed on high-end Windows workstations equipped with single or multiple NVIDIA Quadro GPUs for heavily trafficked areas of up to 80,000 people per hour. For mid-sized sites with traffic ranging from 2,000 – 6,000 people per hour, such as a warehouse, FaceMe Security Workstation can be deployed on NVIDIA Jetson AGX Xavier or Xavier NX, providing modest levels of performance with a significantly lower financial and energy costs.

    “FaceMe Security is an all-inclusive solution that can completely overhaul existing IP surveillance infrastructures to deliver the latest security, access control and health screening capabilities, for organisations of all sizes, across all industries,” Huang said.

    Furthermore, FaceMe Security’s notification API supports mainstream VMS (video management systems), including Milestone, Network Optix Nx Witness and VIVOTEK VAST2. It enables real-time detection of VIP, block-listed and tagged personnel entering surveillance zones and triggers a notification to the VMS, informing security personnel of real-time events.

    In addition to its built-in features, FaceMe Security offers two add-ons that expand its capabilities to provide complete time and attendance as well as integrated health screening. The FaceMe Security Check-In add-on can be deployed on light-weight PCs at building entrances for real-time, on-screen identity verification along with check-in information. The FaceMe Security Health add-on provides an inconspicuous health-monitoring solution for any facility. The AI engine detects if a person is wearing a mask properly over the nose and mouth, verifies their identity, and measures their body temperature. When detecting a person with elevated body temperature or someone not wearing a mask, a notification including the person’s picture and location is sent instantly to security personnel for further actions.

    The post Cyberlink scales up video monitoring with upgraded facial recognition appeared first on FutureIoT.

    ]]>
    Smart factories easy target of cyberattacks https://futureiot.tech/smart-factories-easy-target-of-cyberattacks/ Thu, 01 Apr 2021 01:00:44 +0000 https://futureiot.tech/?p=8536 Fewer than half of the participants said they're implementing technical measures to improve cybersecurity.

    The post Smart factories easy target of cyberattacks appeared first on FutureIoT.

    ]]>
    Approximately 61%, of manufacturers have experienced cybersecurity incidents in their smart factories and are struggling to deploy the technology needed to effectively manage cyber risk, according to Trend Micro.

    "Manufacturing organisations around the world are doubling down on digital transformation to drive smart factory improvements. The gap in IT and OT cybersecurity awareness creates the imbalance between people, process and technology, and it gives bad guys a chance to attack." said Akihiko Omikawa, executive vice president of IoT security for Trend Micro.

    The prevalence of cyberattacks on smart factories was one of the major findings in an independent research conducted by Vanson Bourne on behalf of Trend Micro. The online survey involved 500 IT and OT professionals in the United States, Germany and Japan.

    The research also showed that 75% of smart factories that had been targeted suffered system outages, with more than two-fifths (43%) of these outages lasting for more than four days.

    Trend Micro commissioned independent research specialist Vanson Bourne to conduct an on-line survey with 500 IT and OT professionals in the United States, Germany and Japan and found that over three-fifths (61%) of manufacturers have experienced cyber incidents, with most (75%) of these suffering system outages as a result. More than two-fifths (43%) said outages lasted over four days.

    "That's why Trend Micro has integrated IT and OT intelligence and provides a comprehensive solution from the shop floor to the office. We're helping put visibility and continuous control back in the hands of smart factory owners,” Omikawa said.

    The results from all three countries showed that technology (78%) was seen as the biggest security challenge, although people (68%) and process (67%) were also cited as top challenges by many respondents. However, fewer than half of the participants said they're implementing technical measures to improve cybersecurity.

    Other key findings include:

    • Asset visualisation (40%) and segmentation (39%) were the least likely of cybersecurity measures to be deployed, hinting that they are the most technically challenging for organizations to execute. Organisations with a high degree of IT-OT collaboration were more likely to implement technical security measures than those with less cohesion. There was a particularly big gulf between organisations with high IT-OT collaboration verses those with little to no IT-OT collaboration in the use of firewalls (66% verses 47%), IPS (62% verses 46%) and network segmentation (54% verses 37%).
    • Standards and guidelines were cited as the top driver for enhanced collaboration in the United States (64%), Germany (58%) and Japan (57%). The National Institute of Standards and Technology's (NIST) Cyber Security Framework and ISO27001 (ISMS) were among the most popular guidelines.
    • The most common organisational change cited by manufacturers in all three countries was appointing a factory Chief Security Officer (CSO).

    Trend Micro recommends a three-step technical approach to securing smart factories and keeping their operations running:

    1. Prevention by reducing intrusion risks at data exchange points like the network and DMZ. These risks could include USB storage devices, laptops brought into a factory by third parties, and IoT gateways.
    2. Detection by spotting anomalous network behaviour like Command & Control (C&C) communication and multiple log-in failures. The earlier the detection, the sooner attacks can be stopped with minimal impact on the organisation.
    3. Persistence is crucial to protect smart factories from any threat that has evaded prevention and detection stages. Trend Micro TXOne Network's industrial network and endpoint security solutions are purpose-built for OT environments. They work at a wide range of temperatures and are easy to use with minimal performance impact.

     

    The post Smart factories easy target of cyberattacks appeared first on FutureIoT.

    ]]>
    Edge computing: Out with the old, and in with the new https://futureiot.tech/edge-computing-out-with-the-old-and-in-with-the-new/ Wed, 24 Mar 2021 02:00:29 +0000 https://futureiot.tech/?p=8479 As enterprises accelerate investments in digital transformation projects, edge technologies will open up new opportunities to succeed in the marketplace.

    The post Edge computing: Out with the old, and in with the new appeared first on FutureIoT.

    ]]>
    Asia Pacific is set to see the highest growth in global edge computing on the back of accelerated IoT and cloud computing adoption, according to research firm, MarketsandMarkets. Globally the edge computing market is set to grow from US$ 3.6 billion in 2020 to US$ 15.7 billion by 2025, as COVID has spurred rapid digital transformation of industries and sparked a decentralisation of data and technology.

    Edge computing is defined loosely as a model that brings computational, data storage and connectivity resources closer to the locations where they’re needed, saving bandwidth and accelerating response times. Edge technologies power millions of IoT applications in industrial, retail, healthcare and smart cities environments, and, prior to 2020, analysts expected an additional bump from virtual reality and 5G in the coming years.

    Then the pandemic hit, and the need for edge technologies suddenly accelerated. As millions of workers shifted out of enterprise hubs into more remote locations, they put a strain on networks, creating increased latency and a greater need for computer power, capacity, and storage closer to the new network edge.

    Changing roles

    It’s not just workers connecting on Zoom occupying this new edge. Across the Asia region, industries and businesses are rethinking the way they operate. Video editors working from home are transmitting huge files, schools are engaging thousands of students in online classes, and physicians are conducting remote health visits where high-res images are posted and circulated. Investing in edge solutions that process data locally and enable more seamless connections avoids having to slog through increasingly overburdened public networks.

    Asia will see a strong uptake of edge computing and IoT applications coming into 2021 as a lot of organisations face the pressure to create new ways of working, new ways for customer engagement and new ways of business. This will spark exponential growth in hyper-scale cloud adoption for organisations and increased effort on completing the edge computing and IoT journey. This casts a spotlight on the availability of your services and data which becomes critical in ensuring sustained success.

    The proliferation of Big Data and IoT, edge computing will be a key architecture design challenge to solve respect to volume, velocity and variety of data from multiple sources. The end goal is to achieve the highly desirable outcome of data availability, data agility and business acceleration.

    The prediction is for a boom in edge-related hardware, software and applications. Analysts are predicting a major growth spurt at the edge, rocketing up 30% a year to US$44.0 billion by 2030.

    As enterprises accelerate investments in digital transformation projects, edge technologies will open up new opportunities to succeed in the marketplace. Here are a few areas where they’ll play prominent roles.

    Customer service

    Customers, of course, can be demanding. They want choices, information, intuitive purchasing options, respect for their privacy and, at times, a little coddling. Businesses can respond better in transactional situations if they can have information and insights available in the moment. This plays right to the strengths of edge applications.

    Retailers, for instance, can use edge devices with web caching functions to replicate online customer experiences in the physical world. They can capture customer information, apply insights from shopping patterns, process connections in real time and be ready to serve the customer better at key points of the buying journey.

    Outside the store, changeable digital displays can broadcast pop-up sales to attract customers inside. As customers enter, the network connects to their personal devices and access their purchase history. Customers then can request customised coupons or connect to personalised shopper assistance. Inside the store, strategically positioned kiosks and screens display customised promotional offers based on each shopper’s buying patterns.

    Sales associates can use digital assistant devices to check updated inventory levels or gather insider product information. Easy-to-use product finder displays can steer customers to the right products based on individual, self-selected preferences.

    Security

    The proliferation of edge computing applications has significant – and seemingly contradictory – ramifications for security.

    On one hand, adding more nodes opens up more places vulnerable to attack. This will force IT security leaders to bolster their defences to ensure that information and applications stored at the edge match the strength their applying inside the data centre itself.

    At the same time, edge computing’s decentralised nature brings some security benefits. If an edge device is breached, security teams can easily wall off the endpoint, so the attack doesn’t spread to the whole network. They can also configure their edge models to keep more data at the endpoints and limit the amount of information that gets sent back to home office. That adds an extra layer of security, keeping threats away from the data centre, where more mission-critical resources are stored.

    To optimise the security of an edge-enabled system, organisations will need to establish strong governance programs to control the data that’s being generated, processed and transferred from individual sites.

    Plus, since IoT devices are tough to secure, it’s important that the edge computing deployment emphasises proper management of the devices themselves. They’ll need to establish policy-driven configuration enforcement and security for computing and storage, paying special attention to encryption of data at rest and in flight.

    While edge security isn’t a new concept, the scale of the challenge has grown with the expansion of remote work and on-site IoT-related applications. Solving these edge security issues will be a top priority in 2021 and beyond.

    This article was co-authored with Dave Russell, Vice President of Enterprise Strategy and Raymond Goh, Technical Director for Asia & Japan, Veeam Software

    The post Edge computing: Out with the old, and in with the new appeared first on FutureIoT.

    ]]>
    PodChats for FutureIoT: Securing edge, core and everything in between https://futureiot.tech/podchats-for-futureiot-securing-edge-core-and-everything-in-between/ Tue, 16 Mar 2021 18:30:07 +0000 https://futureiot.tech/?p=8447 IoT and consumer IoT devices have found a place in our home network, and now with COVID-19 and WFH, the influence inadvertently introducing risks to corporate networks of employees working from home

    The post PodChats for FutureIoT: Securing edge, core and everything in between appeared first on FutureIoT.

    ]]>
    After years of hype, anticipation, and steady uptake, the Internet of Things (IoT) seems poised to cross over into mainstream business use. The number of businesses that use IoT technologies has increased from 13% in 2014 to about 25% today. The worldwide number of IoT-connected devices is projected to increase to 43 billion by 2023, an almost threefold increase from 2018.

    McKinsey notes that as IoT become easier to implement, it will open the door for wider adoption by enterprises spanning industry, business focus and even the size of the organisation.

    IDC forecasts IoT investments to grow at 13.6% per year through 2022.

    To be clear, IoT is not limited to smart devices such as wearables and smartphones. IoT can be found in climate control, traffic systems, medical practice and even in education. At issue is given the disparity in the device use and the extent to which these connected devices have intelligence built into them, how do you keep the enterprise secure?

    Vulnerabilities that come with IoT

    The case of a major bank heist in Asia of a few years back was brought about by the discovery by cybercriminals of an old router in the bank’s datacentre. In that instance, the router – an IoT device – had unpatched firmware which made it vulnerable to hacking. And that was what happened. But Jonathan Jackson, director of engineering, APAC at Blackberry, is more worried about another element that more current generations of IoT technology can do, and are doing in some use cases, and that is the capturing and storing of data.


    That IoT devices store data is not a new or novel thing. Our smart devices, phones, watches, headsets and earpieces, are all IoT devices and many store data. Jackson says it is the storing of data and information which has an impact on consumers with regards to their data, and obviously, their privacy.

    IoT and consumer IoT devices have found a place in our home network. This has, according to Jackson, effectively become a big problem for enterprises during the COVID situation where everybody is working from home.

    “It now means that the home is becoming a new kind of makeshift enterprise. And that is a big challenge for enterprises, who are struggling with an expanding threat footprint, trying to protect data and devices, and assets and people.”

    According to Jackson, this has the spillover effect of an acceleration in threat actor activities.

    “They (threat actors) have now got multiple avenues for an attack at their disposal. Previously, everything was protected by an enterprise in a powerful set of security controls and measures. But suddenly that has been eroded and taken away overnight because now everybody is suddenly accessing corporate information and accessing data on an unsecured potential home network. And that is a big problem for a lot of companies out there today,” he surmised.

    What’s with the Cybersecurity Labelling Scheme

    The Cyber Security Agency of Singapore (CSA) has launched the Cybersecurity Labelling Scheme (CLS) for consumer smart devices, as part of efforts to improve Internet of Things (IoT) security, raise overall cyber hygiene levels and better secure Singapore's cyberspace.

    Under the scheme, smart devices will be rated according to their levels of cybersecurity provisions. This will enable consumers to identify products with better cybersecurity provisions and make informed decisions. The scheme hopes to become an incentive, in and of itself, for device manufacturers to develop more secure products, even as they respond to shorter time-to-market cycles.

    According to Jackson, Singapore’s CLS is along the lines of other frameworks such as in the UK. He lauds the effort and says it will give consumers insight into the potential protection and the security controls that are provided. It will also identify which manufacturers are taking security seriously.

    “We know that IoT devices are usually created with – from a consumer perspective – to be functional, capable, very productive devices – just get things done with slick UI and design. Often security is not even thought about. If it is, it needs to be bolted on right at the end. And that is a big challenge. Initiatives, like CLS, are going to help to address consumer confidence in IoT devices that are coming into our homes and enterprises,” he commented.

    IoT in the WFH – a CIO/CISO concern

    Jackson noted that in Australia, homes typically have different smart devices connected to a flat network. With people now working from home, that same home network now has access to corporate data.

    One technique that may be deployed in WFH environments is micro-segmentation – a technique used in data centres to create logically distinct security segments down to individual workload levels and define security controls and security services for each unique segment.

    Here Jackson brings the idea of zero trust – making sure access to data and networks is limited to only authorised devices, and that those devices go through the authentication process each time a request is made.

    Highlighted by the FBI as an IoT best practice, Jackson acknowledged that implementing zero trust is a big challenge for organisations today, especially in this COVID-19 world that we are currently living in.

    He warned that threat actors are actively looking for opportunities with the least resistance, and unfortunately, some IoT devices present unsecured open opportunities to the internet – a way to backdoor into a home network that has corporate data on it. The Mirai botnet attack is an example of a threat.

    Cyber hygiene – real of hoax

    Asked whether people understand the idea behind cyber hygiene, Jackson skirted the query instead commenting that people should understand the data and privacy implications of the information that they are sharing. They should also understand the vulnerabilities that exist on unpatched systems, on unmanaged devices where there are no security controls, he added.

    He alluded to the digital detox which involves a review of cyber hygiene and cybersecurity practices.

    “It is taking stock of what has access to what information, where is your data being stored, how it is being encrypted, who has access to information and what will happen if an organisation or device or system or cloud environment is breached,” he explained.

    For him, it comes back to zero trust.

    IoT responsibilities

    Jackson says IoT device manufacturers must take the security aspect of the devices they make seriously. These devices now store information, they have data traversing the cloud with data stored somewhere. Manufacturers must look at a security-first approach to software engineering, what Jackson calls industry SDLC (software development life cycle) – a set of measures to make sure that security is built into the products they are delivering from the start and is not bolted on afterwards.

    For CIOs (and CISOs), they need to have the assurance that the devices that are being used by the consumers in their home or even in the enterprise, must meet a minimum standard set of security capability and requirements to ensure that corporate data is secured at all times.

    “And that is a big challenge today for organizations. But things like this initiative from Singapore with the labelling scheme is a great start to be able to bring security front of mind to both manufacturers of IoT devices as well as organizations and consumers who are utilising these devices today,” he concluded.

    Click on the podchat player to listen to Jackson as he candidly discusses some of these vulnerabilities and ways around protecting both edge and core.

    • Let’s start off with what does BlackBerry have to do with IoT?
    • What vulnerabilities are we seeing with consumer IoT devices and what kind of spillover effects could this have in a work-from-home world?
    • What is your take on the Singapore governments Cybersecurity labelling Scheme?
    • How does the scheme help in tackling the problem of hacking and cybersecurity in the IoT ecosystem?
    • How do you see CLS contributing to the overall cyber hygiene levels of end users?

    The post PodChats for FutureIoT: Securing edge, core and everything in between appeared first on FutureIoT.

    ]]>
    Palo Alto Networks unveils IoT security solution for healthcare https://futureiot.tech/palo-alto-networks-unveils-iot-security-solution-for-healthcare/ Thu, 18 Feb 2021 02:00:52 +0000 https://futureiot.tech/?p=8347 Through ML-powered visibility, it delivers deep insights on healthcare-specific devices and vulnerabilities to help improve data security and patient safety.

    The post Palo Alto Networks unveils IoT security solution for healthcare appeared first on FutureIoT.

    ]]>
    Palo Alto Networks has introduced a new IoT security for healthcare geared to protect medical devices from unauthorised access. Using machine learning and crowd-sourced telemetry, the new solution  quickly and accurately profile all devices on the network — even those never seen before.

    Through ML-powered visibility, it delivers deep insights on healthcare-specific devices and vulnerabilities to help improve data security and patient safety, while meeting the needs of both IT teams and biomedical engineering teams.

    “The Internet of Medical Things (IoMT) has the potential to improve healthcare, save lives, and bring massive savings. But if not properly secured, these same devices can pose huge risks,” said Anand Oswal, senior vice president and general manager, Firewall as a Platform, Palo Alto Networks. “Our vision is to give healthcare organisations complete visibility, in-depth risk analysis, and built-in prevention so they can get the maximum benefits from this transformative technology while reducing risks to patients and their data.”

    According to a recent report from Unit 42, 83% of medical imaging devices are running on unsupported operating systems, making them potential avenues for attackers. Attacks on medical devices like these can potentially disrupt the quality of care and allow attackers to steal patient data.

    The new solution is designed to ensure healthcare organisations can realise the benefits of IoT for patient care without sacrificing security.  It even  offers ML-powered policy recommendations to reduce manual effort; intrusion prevention to block exploits; sandboxing to detect and prevent IoT malware; and URL and DNS security to stop IoT attacks via the web.

    One of the first healthcare organisations to implement Palo Alto’s new IoT security solutions is Valley Health Systems in order to enable vulnerability management of medical devices that connects to its IT network.

    “As the initial step, we needed to identify those devices and understand how and where they connect within our infrastructure. As we looked at and explored various products, we saw great potential and benefits to identify not only biomed, but all network connected devices and systems,” said Miroslav Belote, chief information security officer, Valley Health System in New Jersey, US.

    Belote said that installation, configuration, and initial device discovery was straight forward.

    “Within hours of turning on the system, we began seeing results – inventory, classifications, device and device risk profiles on thousands of devices. We gained complete visibility to over 4,000 non-traditional IT devices, about 30% more devices than what we had prior. We now plan to extend our inventory, vulnerability detection, and prevention process and practice as an integral part of our ongoing efforts to protect our IT and IoT assets,” he said.

    Meanwhile the new IoMT security features of the new solutions include:

    • MDS2 Document Ingestion: Manufacturer Disclosure Statement for Medical Device Security documents allow medical device manufacturers to disclose the security-related features of their devices, allowing for deeper vulnerability analysis, tuned anomaly detection and specific recommended policies.
    • Operational Insights: These insights give biomedical and clinical engineering teams visibility into how, when and where medical devices on their network are being used, allowing teams to optimise resource allocation, improve patient care, make capital planning decisions and reduce maintenance costs.
    • Expanded IoMT Discovery: With the addition of many other medical-specific protocols App-ID now enables expanded discovery and security for unique IoMT devices and healthcare applications.

    The post Palo Alto Networks unveils IoT security solution for healthcare appeared first on FutureIoT.

    ]]>
    IoT security services to reach US$16.8 billion in 5 years https://futureiot.tech/iot-security-services-to-reach-us16-8-billion-in-5-years/ Mon, 15 Feb 2021 04:13:12 +0000 https://futureiot.tech/?p=8332 Cloud and communication security, secure device provisioning and management, secure data hosting and storage, secure OTA (over-the-air) management and firmware updates are among the key applications that are expected to receive a significant revenue boost over the next five years.

    The post IoT security services to reach US$16.8 billion in 5 years appeared first on FutureIoT.

    ]]>
    IoT security services will reach US$16.8 billion by 2026 with focus primarily around secure device management, network security, secure data hosting, over-the-air device management and firmware updates, according to a latest research by ABI Research.

    “The fervent expansion of IoT communications and interconnected assets has become a rather attractive target for cyberattacks, which have been increasing in intensity and sophistication with each passing year,” said Dimitrios Pavlakis, digital security analyst, ABI Research.

    “Additionally, since the onset of the COVID-19 pandemic IoT connectivity, digitisation and automation demands have risen sharply for most end-markets while digital security services struggled to maintain IoT operations under overburdened IT infrastructures for Operational Technologies (OT) assets,” he added.

    However, he pointed out that these realisations alone did not sway the perspective of many IoT players who still chose to forego security across a wide range of IoT applications, mainly industrial, infrastructure, healthcare and other OT-heavy markets.

    What did work in favour of the security ecosystem, however, is that organisations honing their IoT monetisation strategies have finally started to acknowledge digital security as an integral part of a healthy ROI over time and reliable management of IoT assets.

    “The lackluster state of digital security in IoT is not a new thing and we certainly have a long way to go before reaching a sufficiently optimized ecosystem,” said Pavlakis.  “But having asset management, security investments and IoT monetisation strategies as part of the same equation is certainly a most welcome change. Service providers for both cloud and on-prem deployments should take heed, adapt and greatly expand their service portfolio in order to better serve their clients.”

    IoT security offerings across device, network, application and data services all feature unique scalable, albeit variable, traits which differ across end-markets. Cloud and communication security, secure device provisioning and management, secure data hosting and storage, secure OTA (over-the-air) management and firmware updates are among the key applications that are expected to receive a significant revenue boost over the next five years.

    ABI Research said that with cloud computing still being one of the most dominant factors in IoT security, leaving cloud powerhouses like Microsoft Azure, AWS, and Google Cloud and intelligence-focused vendors like IBM and Cisco to attract the market spotlight.

    However, IoT security has allowed other innovative vendors like Cipher, ControlScan, Alert Logic to enable the transition of IT security tools into the IoT and attract increased attention.

    “Developing new IoT security monetisation features, accommodating flexible and scalable pricing models, and formulating future-looking KPIs should be some of the top strategic priorities for IoT security vendors,” Pavlakis said.

     

    The post IoT security services to reach US$16.8 billion in 5 years appeared first on FutureIoT.

    ]]>
    Beware of risks of unsecured webcams and video calls https://futureiot.tech/beware-of-risks-of-unsecured-webcams-and-video-calls/ Tue, 26 Jan 2021 03:00:55 +0000 https://futureiot.tech/?p=8267 Familiarise yourself with exactly what your device does, so you also can turn off any functions you don’t use regularly, such as a camera on your smart TV.

    The post Beware of risks of unsecured webcams and video calls appeared first on FutureIoT.

    ]]>
    Despite the economic disruption of the current COVID-19 pandemic, outlook for the IoT market remains cautiously optimistic. IoT Analytics recently revised its two-year-old prediction, raising the number of IoT-connected devices from 21.5 billion to 30.9 billion globally by 2025.

    Indeed, the research firm cited that for the first time in 2020  In 2020, for the first time, there are more IoT connections (e.g., connected cars, smart home devices, connected industrial equipment) than there are non-IoT connections (smartphones, laptops, and computers). Of the 21.7 billion active connected devices worldwide, 11.7 billion (or 54%) will be IoT device connections at the end of 2020. By 2025, it is expected that there will be more than 30 billion IoT connections, almost 4 IoT devices per person on average.

    It is not surprising, therefore, that IoT security has gained a lot of traction in the last 12 months, as inconspicuous devices such as webcams have been identified as the easiest point of entry for hackers. And with the increased popularity of video conferencing apps, the risks of a user’s device camera being switched on without their knowledge are greater than ever.

    User privacy can be violated without malicious intent

    Technology experts at UK-based Reincubate noted that user privacy can be violated by a simple accident, and without malicious intent.

    Plenty of  Zoom users haven’t realised that their cameras were on, or that when joining a Zoom call that the call host might have configured the call to start with user cameras on. Additionally, it’s possible to join a Zoom call with one’s camera off, be placed in a waiting room before the call begins, and then have the camera turn on once the host admits the user to the call.

    It is  worth considering not connecting your devices to Wi-Fi unless it’s necessary for their function and to disable any microphones and cameras that aren’t in use, as this too will lower the risk of others accessing your devices’ microphone and camera,” said Aidan Fitzpatrick, CEO and co-founder of Reincubate told FutureIoT.

    “Familiarise yourself with exactly what your device does, so you also can turn off any functions you don’t use regularly, such as a camera on your smart TV,” he added.

    Fitzpatrick pointed out that using an external webcam or mobile device as a webcam is not only smart solution to the often poor webcam video quality of built-in webcams in laptops and PCs, they can also better protect users from risk of hacking than their devices’ built-in webcam that many fear could be spying on them constantly.

    “However, these are not completely protected against potential hackers, and connected devices (IoT) will face even further vulnerability to hackers as most of them lack encryption. To make your devices harder to access for others, ensuring the software is all up to date and using two-factor authentication and unique passwords for every device is a great rule to follow,” he said.

    Tips for securing web cameras

    Fitzpatrick shared some tips to secure web cameras:

    1. Covering your webcam is important on a PC, but it’s arguably helpful for all users, in that it will serve as a reminder to think about security whilst using the computer.Realistically, you’re more likely to inadvertently broadcast yourself without knowing than you are to be remotely monitored by anyone else, and a cover helps make that risk obvious. Anything that makes you more security-conscious is likely a good idea. You’ll see no end of ads online trying to sell plastic webcam covers: these are junk, and you don’t need them.A piece of tape or a sticky note is good enough for Mark Zuckerberg, and it’ll work well enough for you. Any residue left behind will be easy to remove. And besides, well-designed laptops won’t leave enough room to be closed without damaging themselves when an additional plastic cover is stuck on.
    2. Use external, physically connected cameras and audio devices. Relying on an external mic and camera makes it crystal clear whether they are physically connected to your computer or not. This has the advantage that you can then permanently block your device’s internal camera and mic. Camo is a good example of a product like this and has the additional benefit of greatly increasing the quality that a user will get when they join calls. Beware of products that require installation of drivers, or which are from unknown or untrusted sources.
    3. Close your laptop or power off your computer when not using it will make it harder or impossible for people to access it remotely.
    4. If you step away from your Zoom call whilst muted to make a coffee, beware that a host might remotely unmute you without you knowing. If your mic has a physical mute button, you’ll be OK. But if you’re using AirPods, or an internal mic, there’s no mute that can override Zoom’s settings. If you’re on a call, always assume you might be overheard.
    5. Keep your software up to date, especially the main software on your phone and computer, and any browsers you use.
    6. Don’t disable your computer’s firewall or malware. Nowadays these are enabled by default on just about every type of computer and phone, and there’s little need to install additional software, beyond specific products for monitoring webcam use (see above).
    7. Be aware of general security best practices and be sure to securely store any video, audio, or photos that you’ve already taken.
    8. Don’t let anyone untrusted use – or repair – any of your devices. Who knows what they might install or change in them?

    The post Beware of risks of unsecured webcams and video calls appeared first on FutureIoT.

    ]]>
    Mastercard’s tokenised chip turns wearable into secure payment device https://futureiot.tech/mastercards-tokenised-chip-turns-wearable-into-secure-payment-device/ Fri, 08 Jan 2021 02:30:07 +0000 https://futureiot.tech/?p=8206 The three-way collaboration will enable MatchMove Mastercard® cardholders to easily and securely add their payment cards to a chip which can turn accessories into payment-ready wearables.

    The post Mastercard’s tokenised chip turns wearable into secure payment device appeared first on FutureIoT.

    ]]>
    In a move to further secure contactless payment, Mastercard last month introduced in Singapore tokenisation of payment chips that can be simply attached on battery-less wearables and accessories such as watchstrap and keyrings.

    The company has teamed up with Singapore-based banking-as-a service provider MatchMove and wearable payment integrator Tappy Technologies to develop the innovation that turns custom wearables into secure contactless payment devices by simply attaching the small tokenised chip.

    MatchMove cardholders can now add their MatchMove Mastercard to this payment chip by simply placing the wearable or the accessory on a Bluetooth-connected device developed by Tappy Technologies.

    Tokenisation is the industry-leading security standard in electronic payments. Its integration into Tappy’s product is particularly important at the present moment, as consumers in Asia and across the world are migrating towards contactless payments during the pandemic to stay safe and adhere to social distancing measures. A Mastercard global 2020 study  found 91% of respondents in Asia Pacific were using tap-and-go payments, while 75% said they would keep using contactless after the pandemic is over due to concerns about safety.

    After downloading the Tappy app and following the in-app instructions, the MatchMove Mastercard will be tokenised via Mastercard’s Digital Enablement Service (MDES) into the secure payment chip of a wearable via the Bluetooth device. This contactless enabled wearable device works exactly like any contactless card or digital wallet where the user taps the wearable at any contactless accepted terminal.

    “We are proud to introduce network tokenization to the world of wearables in partnership with MatchMove and Mastercard.  The Tappy patented provisioning accessory digitalises payment credentials into wearables within seconds which is an absolute game changer to the banking industry.  Embedded inside the wearable is the Mastercard-certified payment chip which operates contactlessly without batteries.  Our goal is to rewrite the standards of consumer wearable by producing products that are secure, easy to use and at the same time maintaining the natural aesthetics of the fashion wearable accessories which is critical to end consumers,” said Wayne Leung, CEO, Tappy Technologies.

    Mastercard initially developed its relationship with Tappy through the Mastercard Accelerate initiative, a global platform which offers start-ups and emerging brands a range of programs that support and provide assistance for every stage of their growth and transformation. The Accelerate program that connected Mastercard with Tappy is Mastercard Engage—an initiative that identifies qualified technology partners and connects them with thousands of Mastercard customers to help scale their business, quickly and efficiently.

    “Mastercard is constantly innovating technologies that securely and seamlessly integrate payments into people’s day-to-day lives. By combining the versatility of Tappy and MatchMove’s technologies with tokenization, Mastercard is able to meet consumers’ need for both security and convenience at a time when contactless payments are more important than ever,” said Ben Gilbey, senior vice president for digital payments and labs, Asia Pacific at Mastercard.

    Amar Abrol, chief commercial officer, MatchMove said the company’s collaboration with Mastercard and Tappy enables them to continue the process of innovation in a safe and secure manner.

    “With the addition of the Tappy solutions to our banking-as-a service offering, our customers will be able to take greater control of how they make payments and how payments can fit in their lifestyles. We see this as a real opportunity to drive conversations in this space and create a new dimension of what’s possible,” he said.

    The post Mastercard’s tokenised chip turns wearable into secure payment device appeared first on FutureIoT.

    ]]>
    AWS unveils five machine learning services https://futureiot.tech/aws-unveils-five-machine-learning-services/ Thu, 10 Dec 2020 01:00:23 +0000 https://futureiot.tech/?p=8115 Axis, ADLINK Technology, BP, Deloitte, Fender, GE Healthcare, and Siemens Mobility among customers and partners using new AWS industrial machine learning services

    The post AWS unveils five machine learning services appeared first on FutureIoT.

    ]]>
    Amazon Web Services (AWS) yesterday announced five new machine learning services aimed at helping companies in the industrial and manufacturing sectors embed intelligence in their production processes.

    The new services – Amazon Monitron,  Amazon Lookout for Equipment, the AWS Panorama Appliance, the AWS Panorama SDK, and Amazon Lookout for Vision – are designed to help these companies to improve operational efficiency, quality control, security, and workplace safety.

    The services combine sophisticated machine learning, sensor analysis, and computer vision capabilities to address common technical challenges faced by industrial customers, and represent the most comprehensive suite of cloud-to-edge industrial machine learning services available.

    “Industrial and manufacturing customers are constantly under pressure from their shareholders, customers, governments, and competitors to reduce costs, improve quality, and maintain compliance. These organizations would like to use the cloud and machine learning to help them automate processes and augment human capabilities across their operations, but building these systems can be error prone, complex, time consuming, and expensive,” said Swami Sivasubramanian, vice president of Amazon Machine Learning for AWS. “We’re excited to bring customers five new machine learning services purpose-built for industrial use that are easy to install, deploy, and get up and running quickly and that connect the cloud to the edge to help deliver the smart factories of the future for our industrial customers.”

    Applying machine learning in industrial environments

    The technology vendor pointed out that companies today are looking to add machine learning capabilities to industrial environments, such as manufacturing facilities, fulfilment centres, and food processing plants.

    “For these customers, data has become the connective tissue that holds their complex industrial systems together. Industrial systems typically have numerous interdependent processes that operate with small tolerances for error, and even minor issues can have major ramifications,” AWS said in a media statement.

    It added: “Being able to analyse data about the equipment operating in their facilities helps customers address this challenge, and many customers have embraced services like AWS IoT SiteWise as a way to collect data and generate real-time performance metrics from their industrial equipment. As customers have begun to use the cloud to collect and analyse industrial data, they have also asked for new ways to incorporate machine learning to help make sense of the data and further drive operational efficiency.

    “In some cases, customers want to use machine learning to help them realize the promise of predictive maintenance to reduce costs and improve operational efficiency. In other cases, customers running in disconnected or latency-sensitive environments want to use computer vision at the edge to spot product defects and improve workplace safety. With these evolving needs and opportunities, industrial companies have asked AWS to help them leverage the cloud, the industrial edge, and machine learning together to get even more value from the vast amounts of data being generated by their equipment.”

    Taking predictive maintenance to the next level

    A major challenge facing industrial and manufacturing companies today is the ongoing maintenance of their equipment.

    Historically, most equipment maintenance is either reactive (after a machine breaks) or preventive (performed at regular intervals to ensure a machine doesn’t break). Reactive maintenance can result in significant costs and downtime, while preventive maintenance can be costly, result in over-maintenance, or fail to prevent breakdown if not performed often enough.

    The new Amazon Monitron and Amazon Lookout for Equipment will enable predictive maintenance powered by machine learning

    “Predictive maintenance (the ability to foresee when equipment is likely to need maintenance) is a more promising solution. However, in order to make it work, companies have historically needed skilled technicians and data scientists to piece together a complex solution from scratch,” AWS said.

    This included identifying and procuring the right type of sensors for the use case and connecting them together with an IoT gateway (a device that aggregates and transmits data). Companies then had to test the monitoring system and transfer the data to on-premises infrastructure or the cloud for processing.  Only then could the data scientists on staff build machine learning models to analyse the data for patterns and anomalies, or create an alerting system when an outlier was detected.

    “Some companies have invested heavily in installing sensors across their equipment and the necessary infrastructure for data connectivity, storage, analytics, and alerting. But even these companies typically use rudimentary data analytics and simple modelling approaches that are expensive and often ineffective at detecting abnormal conditions compared to advanced machine learning models,” AWS said, adding that most companies lack the expertise and staff to build and refine the machine learning models that would enable highly accurate predictive maintenance.

    The new Amazon Monitron is targeted at enterprises that do not have an existing sensor network. The service delivers an end-to-end machine monitoring system comprised of sensors, a gateway, and a machine learning service to detect anomalies and predict when industrial equipment will require maintenance.

    “It enables customers to remove cost and complexity from building a sophisticated, machine learning-driven predictive maintenance system from scratch, and it also allows them to focus on their core manufacturing, supply chain, and operations functions,” AWS said.

    It explained that  Amazon Monitron detects when machines are not operating normally based on abnormal fluctuations in vibration or temperature, and notifies customers when to examine machinery in order to determine if preventative maintenance is needed. The end-to-end system includes IoT sensors to capture vibration and temperature data, a gateway to aggregate and transfer data to AWS, and a machine learning cloud service that can detect abnormal equipment patterns and deliver results in minutes with no machine learning or cloud experience required.

    “Amazon Monitron can give both large industry manufacturers as well as small ‘mom and pop shops’ the ability to predict equipment failures, giving us the opportunity to pre-emptively schedule equipment repairs,” said  Bill Holmes, global director of facilities at Fender Musical Instruments Corporation, a leading manufacturer of guitars, basses, amplifiers and related equipment.

    Over the past year, Fender worked with AWS to help develop the critical but sometimes overlooked part of running a successful manufacturing business, knowing your equipment condition.

    “For manufacturers worldwide, maintaining equipment uptime is the only way to remain competitive in a global market. Unplanned downtime is costly both in loss of production and labour due to the fire-fighting nature of breakdowns,” said Holmes.

    With Amazon Monitron,  AWS said maintenance technicians can start tracking machine health in a matter of hours, without any development work or specialised training. The service can be used on a variety of rotating equipment, such as bearings, motors, pumps, and conveyer belts in industrial and manufacturing settings. Use cases range from monitoring a few critical machines like the cooling fans or water pumps used in data centres, to large scale installations in manufacturing facilities with production and conveyance systems.
    Amazon Monitron also includes a mobile app for a customer’s onsite maintenance technicians to monitor equipment behaviour in real time. With the mobile app, a technician can receive alerts of any abnormal equipment conditions across different machines, check up on the health of the machine, and decide if they need to schedule maintenance.

    Meanwhile, for enterprises that have existing sensors but don’t want to build machine learning models, Amazon Lookout for Equipment provides a way to send their sensor data to AWS to build models for them and return predictions to detect abnormal equipment behaviour.

    To get started, AWS said these customers upload their sensor data to Amazon Simple Storage Service (S3) and provide the S3 location to Amazon Lookout for Equipment. Amazon Lookout for Equipment can also pull data from AWS IoT SiteWise, and works seamlessly with other popular machine operations systems like OSIsoft.

    Amazon Lookout for Equipment analyses the data, assesses normal or heathy patterns, and then uses the learnings from all of the data on which it is trained to build a model that is customised for the customer’s environment. Amazon Lookout for Equipment can then use the machine learning model to analyse incoming sensor data and identify early warning signs for machine failure.

    “This allows customers to do predictive maintenance, saving them money and improving productivity by preventing the crash of an industrial system line. Amazon Lookout for Equipment allows customers to get more value from their existing sensors, and it helps customers make timely decisions that can materially improve the entire industrial process,” AWS said.

    Using computer vision to improve industrial operations and workplace safety

    Many industrial and manufacturing customers want to be able to use computer vision on live video feeds of their facility and equipment to automate monitoring or visual inspection tasks and to make decisions in real time.

    For example, enterprises routinely need to inspect high-speed processes to determine if adjustments are needed (e.g. fine milling or laser tooling), to monitor site and yard activity to ensure operating compliance (e.g. ensure pedestrians and forklifts remain in designated work zones), or to assess worker safety within their facilities (e.g. appropriate social distancing or use of PPE).

    However, the typical monitoring methods used today are manual, error prone, and difficult to scale. Customers could build computer vision models in the cloud to monitor and analyse their live video feeds, but industrial processes typically need to be physically located in remote and isolated places, where connectivity can be slow, expensive, or completely non-existent.

    This problem is even more difficult for industrial processes that involve manual review like quality checks on manufactured parts or security feeds. For example, if a quality issue emerges on a high throughput production line, customers want to know immediately because the costs of letting the problem persist is steep. This type of video feed could be automatically processed in the cloud using computer vision, but video feeds are high bandwidth and can be slow to upload.

    “Customers are required to monitor video feeds in real time, which is hard to do, error prone, and expensive. While there is a desire to use smart cameras that have enough processing power to run these models, getting low latency performance with good accuracy from these cameras can be challenging. Most customers end up running unsophisticated models that can’t be programmed to run custom code that integrates into the industrial machines,” AWS said.

    To meet this challenge, the AWS Panorama Appliance provides a new hardware appliance that allows organisations to add computer vision to existing on-premises cameras that customers may already have deployed.

    Enterprises start by connecting the AWS Panorama Appliance to their network, and the device automatically identifies camera streams and starts interacting with the existing industrial cameras. The AWS Panorama Appliance is integrated with AWS machine learning services and IoT services that can be used to build custom machine learning models or ingest video for more refined analysis,” AWS said.

    "Every month, millions of trucks enter Amazon facilities so creating technology that automates trailer loading, unloading, and parking is incredibly important,” said Steve Armato, VP Middle Mile Production Technology at Amazon.com. “Amazon’s Middle Mile Products & Technology (MMPT) has begun using AWS Panorama to recognise license plates on these vehicles and automatically expedite entry and exit for drivers. This enables safe and fast visits to Amazon sites, ensuring faster package delivery for our customers."

    AWS Panorama  extends AWS machine learning to the edge to help customers make predictions locally in sites without connectivity. Each AWS Panorama Appliance can run computer vision models on multiple camera streams in parallel, making possible use cases like quality control, part identification, and workplace safety.

    The AWS Panorama Appliance works with AWS and third party pre-trained computer vision models for retail, manufacturing, construction, and other industries. Also, customer-developed computer vision models developed in Amazon SageMaker can be deployed on the AWS Panorama Appliance.

    Meanwhile, the AWS Panorama Software Development Kit (SDK) enables hardware vendors to build new cameras that can run meaningful computer vision models at the edge.

    Cameras that are built with the AWS Panorama SDK run computer vision models for use cases like detecting damaged parts on a fast-moving conveyor belt or spotting when machinery is outside of a designated work zone. These cameras can use chips designed for computer vision from NVIDIA and Ambarella.

    By using the AWS Panorama SDK, manufacturers can build cameras with computer vision models that can process higher quality video with better resolution for spotting issues. They can also build more sophisticated models on low-cost devices that can be powered over Ethernet and placed around a site. Customers can train their own models in Amazon SageMaker and deploy them on cameras built with the AWS Panorama SDK with a single click. Customers can also add Lambda functions to cameras built with the AWS Panorama SDK to be alerted to potential issues via text or email. AWS also offers pre-built models for tasks like PPE detection and social distancing, and can deploy these models in minutes without doing any machine learning work or special optimisations.

    “Our teams are excited to work with AWS on this new technology and expect it to help us address many new use cases,” said Grant Matthews, chief technology officer at BP America.

    BP is a global energy company, providing customers with fuel for transport, energy for heat and light, lubricants to keep engines moving, and the petrochemicals products used to make everyday items as diverse as paints, clothes, and packaging. The organization has 18,000 service stations and more than 74,000 employees worldwide.

    “Our engineering teams here at bpx are working very closely with AWS to build an IoT and cloud platform that will enable us to continuously improve the efficiency of our operations,” said Matthews. “One of the areas we have explored as part of this effort is the use of computer vision to help us further improve security and worker safety. We want to leverage computer vision to automate the entry and exit of trucks to our facility and verify that they have fulfilled the correct order.”

    “Additionally, we see possibilities for computer vision to keep our workers safe in a number of ways, from monitoring social distancing, to setting up dynamic exclusion zones, and detecting oil leaks. AWS Panorama offers an innovative approach to delivering all of these solutions on a single hardware platform with an intuitive user experience,” he added.

    Automated fast and accurate visual anomaly detection

    One use case where AWS customers are excited to deploy computer vision with their cameras is for quality control. Industrial companies must maintain constant diligence to maintain quality control. In the manufacturing industry alone, production line shutdowns due to overlooked errors result in millions of dollars of cost overruns and lost revenue every year.

    The visual inspection of industrial processes typically requires human inspection, which can be tedious and inconsistent. Computer vision brings the speed and accuracy needed to identify defects consistently, but implementation can be complex and require teams of data scientists to build, deploy, and manage the machine learning models. Because of these barriers, machine learning-powered visual anomaly systems remain out of reach for the vast majority of companies.

    The new Amazon Lookout for Vision offers enterprises a high accuracy, low-cost anomaly detection solution that uses machine learning to process thousands of images an hour to spot defects and anomalies.

    Customers send camera images to Amazon Lookout for Vision in batch or in real-time to identify anomalies, such as a crack in a machine part, a dent in a panel, an irregular shape, or an incorrect colour on a product. Amazon Lookout for Vision then reports the images that differ from the baseline so that appropriate action can be taken.

    Amazon Lookout for Vision is sophisticated enough to handle variances in camera angle, pose, and lighting arising from changes in work environments. As a result, customers can accurately and consistently assess machine parts or manufactured products by providing as few as 30 images of the baseline “good” state. Amazon Lookout for Vision also runs on Amazon Panorama appliances. Customers can run Amazon Lookout for Vision in AWS starting today, and beginning next year, customers will be able to run Amazon Lookout for Vision on AWS Panorama Appliances and other AWS Panorama devices so customers will be able to use Amazon Lookout for Vision in locations where Internet connectivity is limited or non-existent

    “To uphold our brand and deliver best-in-class products trusted by healthcare professionals, we're excited about the possibility of using Amazon Lookout for Vision to programmatically improve the speed, consistency, and accuracy of detecting product defects across our factories in Japan and potentially in other plants globally in the near future,” said Kozaburo Fujimoto, operating officer, general manager, Manufacturing Division, and plant manager at GE Healthcare Japan, pointed out that the company currently use manual inspection to verify the quality of their medical equipment.

    GE Healthcare is a leading global medical technology and digital solutions innovator that develops, manufactures, and distributes diagnostic imaging agents, radiopharmaceuticals, medical diagnostic equipment, including CT and MRI machines, and intelligent devices supported by its Edison intelligence platform.

    The post AWS unveils five machine learning services appeared first on FutureIoT.

    ]]>
    Court ruled on China’s first case over facial recognition tech https://futureiot.tech/court-ruled-on-chinas-first-case-over-facial-recognition-tech/ Thu, 26 Nov 2020 00:30:48 +0000 https://futureiot.tech/?p=8066 The lawsuit sparked a heated debate over the widespread use of face recognition technology, which has raised technical and ethical concerns among experts and the wider public.

    The post Court ruled on China’s first case over facial recognition tech appeared first on FutureIoT.

    ]]>
    Handing down its verdict in China’s first court case over face recognition technology, the Fuyang District People’s Court in the eastern Zhejiang province found that Hangzhou Safari Park’s use of the technology without visitors’ consent to facilitate their admission into the park “illegal and unnecessary”.

    The court also ruled that the park should pay the plaintiff 1,038 yuan (US$160) for a partial membership fee refund and compensation for travel expenses.

    The verdict was handed down last Friday, a little more than a year after  associate law professor Guo Bing from Zhejiang Sci-Tech University and his wife sued  the park for violating China’s consumer rights protection law by collecting sensitive personal information without permission of its patrons.

    The disagreement between the two parties started when the wildlife park upgraded its admission system from fingerprint to face recognition technology to activate visitors’ annual pass. Guo had his fingerprints and photo taken by the park in April 2019  for the previous fingerprint admission system, when 1 ,360 yuan (US$207).

    The park then twice notified Guo last July and October about an upgrade of its admission system and required his facial recognition information for activation of the admission card.

    He refused, saying he was willing to have his fingerprint scanned instead. When told that option was not available, Guo asked to cancel his annual card with full refund. He took the park operator to court last October after it rejected his request citing infringement of his privacy and breach of service contract.

    In an interview with domestic media, Guo said at the time that he was taking a stand not for financial gain, but to “fight the abuse of facial recognition technology” in China.

    The lawsuit sparked a heated debate over the widespread use of face recognition technology, which can now be found in shopping malls, residential complexes, schools, public transport, concerts and even beer festivals. It has become so ubiquitous that it has raised technical and ethical concerns among experts and the wider public.

    In issuing a ruling in favour of  the plaintiff, the court said the change in the park’s admission policies from fingerprint to face recognition during the contract period is a breach of contract, and added that text messages that the park sent to Guo could not be regarded as contract content agreed by both parties – hence, it had no legal effect on Guo, who has the right to require the park to shoulder related legal responsibilities.

    Both sides eyeing an appeal

    Guo and the safari park operation both decided to appeal the court ruling.

    In an interview to publication SixthTone, Guo’s lawyer Ma Ce  said that they were pleased with the verdict “to a certain degree” with the court confirming that it was illegal for the park to facial information without visitors’ consent,  they had hoped the court would provide a guiding opinion on the use of face recognition technology.

    “Personally, I think the court’s statements are mostly just discussing the case on its own merits without elaboration,” said Ma. Guo and his lawyer also disagree with other aspects of the court’s verdict, including that the park’s policy did not constitute fraud because it did not result in adverse consequences.

    Ma said Guo will appeal the verdict, as the court had not supported some of his other litigation requests.

    “We hope this case will push our whole society to come up with a more refined definition of the boundaries of collecting information as sensitive as fingerprints and facial features,” said Ma.

    In an interview with Global Times last Saturday, Guo said "The most meaningful claim in my litigation was to confirm the invalidation of the park's notice to visitors about collecting their facial recognition information due to the new admissions system, which was overruled by the court."

    However, Guo noted the court's ruling did not support his most important claim, which was to delete the facial recognition information, although his litigation also included requests to delete other biometric data such as fingerprints.

    "It is a common phenomenon that the public have no incentive to defend their rights although the infringement of privacy is an illegal behaviour," said Guo, who noted that the verdict of breach of contract has almost no deterrence value for the park’s illegal action.

    Meanwhile, the lawyer for Hangzhou Safari Park said the park is not satisfied with the court's verdict, and it will appeal to the Hangzhou Intermediate People's Court, according to a CCTV reported last Sunday.

    Draft law seeks ban on the use of face recognition technology

    Facial recognition technology has been in China for several years now. Initially adopted for security purposes in residential  buildings, it is  now being deployed in consumer applications such as paying bills, accessing cell phones and more.

    To date, there is no law in China that regulates the use of biometric data such as facial images or fingerprints.

    Hangzhou published a draft plan to ban facial recognition technology in residential areas last month. The draft law has now been submitted to the local legislative department, and a public opinion solicitation has begun.

    The revised draft of municipal property management regulations stipulates that property management companies are not allowed to demand that residents submit to facial and other biometric scans when entering residential compounds.

    If the draft is passed, it will be the first local law in China to ban the use of facial recognition technology in residential areas.

    The post Court ruled on China’s first case over facial recognition tech appeared first on FutureIoT.

    ]]>
    Tuya Smart secures Wi-Fi chip with ioXt Alliance https://futureiot.tech/tuya-smart-secures-wi-fi-chip-with-ioxt-alliance/ Mon, 23 Nov 2020 02:00:37 +0000 https://futureiot.tech/?p=8055 Tuya Smart's newly certified WBR3N Wi-Fi+BT module is an RTOS platform that integrates many function libraries. It is ideal for various applications, such as smart appliances, smart electrical and lighting, security cameras, and healthcare products.

    The post Tuya Smart secures Wi-Fi chip with ioXt Alliance appeared first on FutureIoT.

    ]]>
    The ioXt Alliance, the global standard for IoT security, said last week Tuya Smart has certified its Wi-Fi module through the ioXt Certification Program. The product certification marks the beginning of Tuya’s relationship with ioXt and further expansion for the ioXt Alliance through Tuya’s global all-in-one AIoT platform.

    The Alliance is backed by the biggest names in technology, including  Google, Amazon, T-Mobile, Comcast and more. It is a group of more than 200 leading OEMs, wireless carriers, standards groups, compliance labs, and government organisations dedicated to harmonising best security practices and establishing testable standards that give manufacturers, retailers and consumers product confidence in a highly connected world.

    Products that are certified through the ioXt Certification Program are evaluated against eight different ioXt pledge principles that outline required levels of security. Once devices pass lab or self-attestation testing, they are deemed safe to receive the ioXt SmartCert label.

    With major manufacturers and tech disruptors on their board, membership growing, and four authorised labs as exclusive test providers, the ioXt Alliance continues to pave the way in defining industry-led global security standards that can be tested at scale.

    “We’re excited to see Tuya Smart certify their WBR3N Wi-Fi+BT module with the ioXt Alliance. They have a great global developer community and amazing number of global manufacturers who have used the Tuya Platform to bring the power of IoT to a wide array of consumer products. Tuya demonstrates that secure IoT can be accomplished at the scale needed for consumer products,” said Brad Ree, ioXt Alliance CTO.

    He noted that any company entering or already in the smart device segments now has tremendous pressure by government entities and consumers alike to make their products as secure as possible.

    “The stakes are incredibly high, and that’s why participation from companies like Tuya Smart that are firmly rooted in IoT and are proponents of security standards is so important for us,” said  Ree. “We’re excited to have Tuya on board, and are confident that their ongoing participation will continue to advance IoT device security.”

    A newly-minted member of the Alliance, Tuya is the global provider all-in-one AIoT platform. The company provides manufacturers, brands, OEMs, and retail chains cloud, connectivity, and mobile application services that transform products into smart devices and systems.

    Its newly certified WBR3N Wi-Fi+BT module is an RTOS platform that integrates many function libraries. It is ideal for various applications, such as smart appliances, smart electrical and lighting, security cameras, and healthcare products.

    “We aim to set down collaborative roots throughout the world, partnering with like-minded, forward-thinking companies seeking to maximize product security and consumer protection,” said Fritz Werder, general manager for Tuya North America. “Joining with ioXt aligns with our commitment to help securely power IoT products and fuel IoT systems that are squarely focused on making a safe and secure Internet of Things, specifically with regards to global smart home markets.”

    Tuya Smart has smart-enabled more than 200,000 products worldwide across eight major smart categories—including security, lighting, and healthcare products—to develop smart products for the home and commercial markets quickly, safely, easily, and affordably. Tuya is internationally operated with headquarters in the U.S., Germany, India, Japan, Colombia, and China.  Its global partner reach now includes more than 180,000 companies, all leaders in their respective industries and regions.

    The post Tuya Smart secures Wi-Fi chip with ioXt Alliance appeared first on FutureIoT.

    ]]>
    Navigating the Internet of Troubles https://futureiot.tech/navigating-the-internet-of-troubles/ Tue, 17 Nov 2020 09:46:36 +0000 https://futureiot.tech/?p=8044 IoT devices are smart but flawed with many lacking the necessary security to counter threats making them easy targets for malicious intent.

    The post Navigating the Internet of Troubles appeared first on FutureIoT.

    ]]>
    The term ‘IoT’ has become ubiquitous in everyday business conversation, as the Internet of Things has become integrated into our daily lives. As a result, IoT revenue is expected to grow rapidly, with IDC predicting worldwide spending on IoT software and hardware to grow from $726 billion in 2019 to $1.1 trillion in 2023. However, though the benefits and convenience of increasing IoT prevalence cannot be denied, neither can we ignore the inherent and manifold security risks that come with increased adoption.

    IoT devices are smart but flawed with many lacking the necessary security to counter threats. These security vulnerabilities make them easy targets for malicious intent, with potentially dire consequences such as the Mirai botnet network that launched the largest DDoS attack ever recorded and incapacitated websites from Twitter to CNN to name a few.

    Though incidents of this severity are not everyday occurrences, they serve to highlight the importance for companies interested in adopting IoT technology to weigh the benefits of building security from the ground up.

    Costs and Benefits – IoT devices

    From collecting valuable data for analysis to improved operational efficiencies and customer experiences, the benefits of integrating IoT devices into business operations is undeniable and it is no surprise that this is driving an invisible revolution of connected devices.

    However, IoT devices have a well-documented catch – their security vulnerabilities, which pose major challenges for enterprises of all sizes. Nearly all respondents (97%) polled by Microsoft expressed security concerns when implementing IoT, and yet companies continue to integrate the technology without taking the necessary security considerations.

    The reasons this happens are simple – enterprises embrace the opportunity and benefit of IoT devices, without adequately considering the risks involved with their integration.

    Despite increasing IoT security incidents, many businesses weigh the short-term cost of building in security to their IoT networks and decide to omit it, without fully considering potential long-term consequences.

    Others may consider IoT security but build it in as an afterthought – according to a 2018 survey by Trend Micro, 43% of IT leaders recognize that security is not adequately considered during implementation for reasons such as complexity, cost, and a lack of a universal standard.

    However, security should be key to the IoT implementation process from the offset - building security controls into systems from the get-go is far more cost-effective than doing so later in the development cycle, or after a vulnerability occurs or becomes public.

    The challenges of IoT security

    It is understandable why businesses may find IoT device security a challenge. The ubiquity and fast growth of IoT popularity has led to a fragmented IoT landscape with a lack of well-defined and agreed standards. With ten ongoing and different initiatives to define standards and frameworks for IoT devices, businesses may struggle with the challenges at hand.

    Another challenge that businesses face comes from a limited internal understanding of IoT security. IT leaders with an IoT skillset are a limited resource, as a result of the relative novelty of IoT technology – meaning a good number of companies simply do not have the in-house expertise to evaluate and roll out security measures for their IoT devices.

    Lastly, businesses may struggle with the implementation of security patches for reasons such as complexity or cost. Many IoT devices at the edge run on low power – sometimes even battery or solar power, meaning security patches need to be seamless and easily implemented.

    This is further complicated by the cost factor – with these devices often costing very little, security solutions need to be cost-effective and scalable at size in order to be viable for businesses to adopt.

    How to approach IoT security

    With this in mind, how can companies approach their IoT security challenges? While the balance between the trade-off of security and cost are hard to manage, it is still necessary for companies to make security a standard from the outset, instead of an afterthought.

    Enterprises should be looking to evaluate security as a process and not a product or an option while prioritizing it as an item in budgets in order to reap the benefits of IoT.

    With the complexities of IoT security presenting a challenge, and with a security skillset as a resource being hard to find, companies can explore secure software libraries as a security option. By consulting with a qualified expert, secure software libraries offer a middle ground between hardware and software security, allowing for the crucial management of edge devices with end-to-end security.

    This is how enterprises may be able to secure their IoT presence affordably and at scale, countering the serious risks of unsecured IoT adoption while reaping the rewards that they can offer.

    As incidences like the Mirai botnet attack demonstrate – it only takes one vulnerability for enterprises to be exposed, and as IoT becomes only more prevalent, businesses need to be taking active steps to protect their IoT infrastructure.

    The post Navigating the Internet of Troubles appeared first on FutureIoT.

    ]]>
    Only 20% of industrial firms prioritise IoT-related incidents https://futureiot.tech/only-20-of-industrial-firms-prioritise-iot-related-incidents/ Thu, 15 Oct 2020 02:00:22 +0000 https://futureiot.tech/?p=7904 Only 14% have introduced network anomaly detection – these solutions allow security teams to track anomalies or malicious activity in IoT systems.

    The post Only 20% of industrial firms prioritise IoT-related incidents appeared first on FutureIoT.

    ]]>
    The digitalisation of industrial infrastructure is underway and 55% of organisations are confident that the Internet of Things (IoT, as one of its key aspects, will change the state of security in industrial control systems (ICS), according to Kaspersky’s recent report.

    Entitled “The State of Industrial Cybersecurity in the Era of Digitalization”,  the report however found only 20% of organisations have already prioritised IoT-related incidents but solutions effective against IoT threats are yet to become widespread.

    “While industrial enterprises will only increase the implementation of connected devices and smart systems, they should strive for the same efficiency level when it comes to protection,” said Grigory Sizov, head of KasperskyOS business unit, Kaspersky. “To achieve this, protection should be built-in when a project is initiated, and for some companies, it should be done today. IIoT components must be secure at their core to eliminate the possibility of an attack on them. “

    “Along with traffic protection and other technologies, this makes the entire system secure by design and this means it becomes immune to cyber-risks,” he added.

    Indeed, industrial organisations continue to implement digitalisation and Industry 4.0 standards despite the market slowdown as a result of the coronavirus pandemic.

    For instance, McKinsey & Company’s recent research revealed that 90% of manufacturing and supply chain professionals plan to invest in talent for digitisation. It also showed that companies, where such projects had already been introduced, feel more confident during crises.

    Kaspersky pointed out that the growing number of digitalisation projects, such as industrial IoT, raises awareness of the associated risks. For one-in-five companies (20%), attacks on IIoT have already become one of their main cybersecurity concerns, bypassing such serious threats as data breaches (15%) or attacks on the supply chain (15%). The cybersecurity vendor said addressing these threats increasingly requires security professionals’ involvement, not just IT teams. In 2020, in almost half of the enterprises surveyed, IT security personnel are working on initiatives to protect digitalized OT systems (44%).

    The report showed that today, however, not all organisations may feel ready to face threats to IoT. Thus, only 19% of companies have implemented active network and traffic monitoring, and 14% have introduced network anomaly detection – these solutions allow security teams to track anomalies or malicious activity in IoT systems.

    To ensure IIoT systems are used effectively and safely, Kaspersky experts provide organisations with the following advice:

    • Consider protection at the very beginning of IIoT implementation by using dedicated security solutions. For example, Kaspersky IoT Infrastructure Security solution is designed to safeguard industrial and business networks for IoT devices – including smart meters, controllers and others. Its key element is Kaspersky IoT Secure Gateway, based on KasperskyOS.
    • Assess the status of a device’s security before its implementation. Preferences should be given to devices that have cybersecurity certificates and products from those manufacturers that pay more attention to information security.
    • Conduct regular security audits and provide the security team responsible for protecting IoT systems with up-to-date threat intelligence.
    • Establish procedures for obtaining information on relevant vulnerabilities in software and applications, and available updates to ensure proper and timely responses to any incidents. ICS Threat Intelligence Reporting service provides insights into current threats and attack vectors, as well as the most vulnerable elements in OT and industrial control systems and how to mitigate them.
    • Implement cybersecurity solutions designed to analyse network traffic and detect anomalies and prevent IoT network attacks, then integrate the analysis into the enterprise network security system. Kaspersky Machine Learning for Anomaly Detection analyses telemetry and identifies any suspicious actions in the network before it causes any damage.

    The post Only 20% of industrial firms prioritise IoT-related incidents appeared first on FutureIoT.

    ]]>
    New malware variant targets IoT devices https://futureiot.tech/new-malware-variant-targets-iot-devices/ Wed, 07 Oct 2020 23:30:16 +0000 https://futureiot.tech/?p=7878 Roughly 62%  of  machines infected by the malware are located in Asia.

    The post New malware variant targets IoT devices appeared first on FutureIoT.

    ]]>
    A new variant of the InterPlanetary Storm malware is targeting IoT devices, such as TVs that run on Android operating systems, and Linux-based machines, such as routers with ill-configured SSH service, according to Barracuda Networks researchers.

    The new variant gains access to machines by running a dictionary attack against SSH servers, similar to FritzFrog, another peer-to-peer (p2p) malware. It can also gain entry by accessing open ADB (Android Debug Bridge) servers. The malware detects the CPU architecture and running OS of its victims, and can run on ARM-based machines – CPUs based on reduced instruction set computer architecture (RISC), which are quite common in routers and other IoT devices.

    In their  latest Threat Spotlight report, Barracuda Networks researchers found that the malware is building a botnet, which its researchers estimate currently includes roughly 13,500 infected machines located in 84 different countries around the world.

    Majority of the machines infected by the new variant are located in Asia: 59% in Hong Kong, South Korea and Taiwan; 3% in China; 8% in Russia and Ukraine; 6% in Brazil; 5% in Canada and the US; and 3% in Sweden.

    “While the botnet that this malware is building does not have clear functionality yet, it gives the campaign operators a backdoor into the infected devices so they can later be used for cryptomining, DDoS, or other large-scale attacks, said James Forbes-May, Vice President of APAC for Barracuda.

    Cloud-enabled security solutions provider Barracuda discovered the new variant in late August. The InterPlanetary Storm malware, which targeted Windows machines, was first uncovered in May 2019, and a variant capable of attacking Linux machines was reported in June of this year.

    “These cases continue to rise, so it’s important to remain vigilant,” said Forbes-May.

    Barracuda researchers found several unique features designed to help the malware protect itself once it has infected a machine. These include automatically updating itself to the latest available version; installing a service using a Go daemon package, and killing other processes on the machine that pose a threat to the malware, such as debuggers and competing malware.

    “In order to protect against such attacks, it’s incredibly important to properly configure SSH access on all devices, said Forbes-May. “This means using keys instead of passwords, which will make access more secure. When password login is enabled and the service itself is accessible, the malware can exploit the ill-configured attack surface. This is an issue common with routers and IoT devices, so they make easy targets for this malware, he added.

    He added: “Using a cloud security posture management tool to monitor SSH access control to eliminate any configuration mistakes, which can be catastrophic, is crucial, while deploying an MFA-enabled VPN connection and segmenting your networks, rather than granting access to broad IP networks, can provide an additional layer of security against this kind of attack.”

    The post New malware variant targets IoT devices appeared first on FutureIoT.

    ]]>
    Gaping holes in IoT challenging security teams https://futureiot.tech/gaping-holes-in-iot-challenging-security-teams/ Mon, 28 Sep 2020 07:48:32 +0000 https://futureiot.tech/?p=7811 Palo Alto Networks study reveals connected heart monitors, kettles and exercise bikes are challenging security teams in Hong Kong

    The post Gaping holes in IoT challenging security teams appeared first on FutureIoT.

    ]]>
    Business Insider Intelligence forecasts there will be more than 41 billion IoT devices by 2027, up from 8 billion last year. Gartner says the IoT security market is driven by annual average growth of 20%, but spend patterns vary significantly across sectors. While manufacturing, automotive and transportation drive spending, other sectors lag behind.

    When you consider that some devices like smart TVs, fridges, and air conditioners are now connected to the internet, IoT security cannot continue to be an afterthought.

    The risks are real

    In 2019, incidents, threats and vulnerability disclosures outside of traditional enterprise IT systems increased and pushed leading organizations to rethink security across the cyber and physical worlds. Emerging threats such as ransomware attacks on business processes, potential siegeware attacks on building management systems, GPS spoofing and continuing OT/IOT system vulnerabilities straddle the cyber-physical world. Organizations primarily focused on information-security-centric efforts are not equipped to deal with the effect of security failures on physical safety.

    To what extend should organisations worry about IoT security (or insecurity) and can one continue to ignore what is right in front of them?

    Sean Duca

    Sean Duca, vice president and regional chief security officer, Japan & Asia Pacific with Palo Alto Networks, commented: “After all, it’s a device connected to the internet, runs software and more than likely was not able to be securely updated, had rudimentary authentication (default username and password) which in this day and age, makes for a perfect target for cybercriminals.”

    The risk of continued ignorance is that we have a plethora of devices which are connected to the internet which can easily be compromised for nefarious activities. As we become more dependent on these devices and the networks they sit on, they can be used to prevent us from using our own systems and access what is needed.

    Asked whether IoT insecurity is driven by ignorance or avoidance, Duca sees it more of the latter.

    “The least path to resistance has been an approach used by many before. IoT security is important as we have just crossed the point of 8 billion connected devices in 2019 and it is expected we will have 41 billion connected devices in 2027, now is the time we need to make change occur as the problem will be a lot harder with an exponential increase in the number of devices,” stressed Duca.

    The key starting point is to have visibility.

    “If an enterprise cannot see what is connected to their network, they will not be able to do something about it. It starts with visibility as it will allow you to then be informed to segment what is critical from devices and systems which may comprise an organisation’s risk posture,” concluded Duca.

    Recap

    Earlier, FutureIoT cover the issues in an earlier post. Below is a recap of the issues as published on "Cybersecurity risks loom over medical wearables and kitchen appliances"

    Tanner Johnson

    Tanner Johnson, senior cybersecurity analyst at Omdia, said traditional networks are ill-equipped to handle the surge in adoption of IoT devices.

    “Device behaviour baselines need to be established to allow for new recommended policies to help stop malicious activity. For instance, it would raise a flag if a connected thermostat started transmitting gigabytes of data to an unfamiliar site,” said Johnson.

    Survey findings

    In a new report commissioned by Palo Alto Networks revealed that heart monitors, kettles and exercise bikes and other connected devices are found to be regularly connecting to corporate networks in Hong Kong.

    Overwhelmingly, 91% of Hong Kong respondents report a rise in the number of IoT devices connecting to their networks over the last year. One red flag emerged: 31% of respondents said they need to make a lot of improvements to the way they approach IoT security, and 37% said that a complete overhaul is needed, amounting to more than two-thirds of those polled.

    Wickie Fung

    “Devices that employees innocently bring onto an organization's network are often not built with security in mind, and can be easy gateways to a company’s most important information and systems,” said Wickie Fung, managing director, Hong Kong and Macau at Palo Alto Networks. “To address that threat, security teams need to be able to spot new devices, assess their risk, determine their normal behaviours and quickly apply security policies.”

    One in five of those surveyed reported that they have not segmented IoT devices onto separate networks – a fundamental practice for building safe, smart networks. Only 21% reported following best practices of using micro-segmentation to contain IoT devices in their own tightly controlled security zones.

    The post Gaping holes in IoT challenging security teams appeared first on FutureIoT.

    ]]>
    IoT World Asia goes virtual as part of ConnecTechAsia 2020 https://futureiot.tech/iot-world-asia-goes-virtual-as-part-of-connectechasia-2020/ Thu, 24 Sep 2020 08:22:54 +0000 https://futureiot.tech/?p=7787 IoT is powering digital transformation – that’s the message from the organisers of this year’s IoT World Asia, part of the annual mega-event, ConnecTechAsia.

    The post IoT World Asia goes virtual as part of ConnecTechAsia 2020 appeared first on FutureIoT.

    ]]>
    IoT is powering digital transformation – that’s the message from the organisers of this year’s IoT World Asia, part of the annual mega-event, ConnecTechAsia.

    2020 marks the first time that ConnecTechAsia will be held on a pure virtual environment. Slated for September 29-October 1, 2020 the conference will feature 220 speakers and more than 200 sessions, and cover the latest trends within the Telecom, Media and Technology (TMT) space.

    Headliner sessions will address three broad tech themes:

    Day one: Resilient Future in Asia Through Tech, discusses how regional government and tech leaders can use next-generation technologies to address critical needs and solve problems in this current pandemic to build a stronger more resilient future.

    Day two: Enterprise Outlook: Tech Reality Check, covers emerging technologies and strategies enterprises should focus on, such as the developments of advancements in analytics through automation, distributed cloud systems, bridging the gap between data storage and computation and data-driven policing.

    Day three: Tech for Good: Using Technology to Improve Well-Being, will deep dive into the potential technology has in helping society achieve better well-being, and improve the quality of life for the less privileged. It will examine how technology like artificial intelligence (AI), Internet of Things (IoT), augmented reality, robotics, connectivity and digital fabrication can provide a greater good to society.

    Government, business and technology illuminaries slated to speak at the event include Anne Chow, ceo, AT&T Business; Huey Tyng Ooi, managing director and head of GrabPay, Grab; Brenda Harvey, general manager, IBM Asia Pacific; Vikram Sinha, coo, Indosat Ooredoo; ST Liew, vp & president, Taiwan & SEA, Qualcomm; Bicky Bhangu, president - Southeast Asia, Pacific and South Korea, Rolls Royce; and Martin Huang, md Southeast Asia, SenseTime

    Four tracks will run concurrently over the three-day conference.

    The CommunicAsia conference brings together Asia’s telcos and shines the spotlight on the latest telecommunications developments in the region.

    Executives from AIS, Axiata Group, DTAC, Huawei, NTT Docomo, Ooredo Group, Optus, PCCW, PTCL, Reliance Jio, SK Telecom, Spark New Zealand, Telkom Indonesia and others will share their insights on the digital transformation of telcos, industries and communities in the era of 5G, monetising and delivering consumer 5G products and services, and technologies including virtualisations, cloud, automation and edge computing.

    The BroadcastAsia conference will feature speakers from Sony Pictures Networks, Star TV Network, NHK and Viddsee. Expect discussions to be around the future of broadcasting technologies, and how media companies can harness tech such as 5G, AI, cloud and virtualisation to thrive in this media revolution.

    The conference will also table strategies to navigate the new world of content consumption, revenues and advertising – from the latest hybrid TV and pay TV platforms to the best approach for building streaming services to engage consumers and compete in the future media ecosystem.

    To be held as part of ConnecTechAsia, TechXLR8 Asia, brings together innovation leaders from enterprises including, Bank of Singapore, CIMB Bank, Daimler Trucks Asia, DB Schenker, DHL, Facebook, Rolls Royce, SPTel, TCL Capital and Visa, among others.

    TechXLR8 Asia is actually two conferences under one roof – IoT World Asia and the AI Summit, and covering emerging technologies like AI, IoT, Blockchain and AR/VR, their applications for various vertical industries, and how will they drive the economy to the next level of digital transformation. The conference will bring together.

    A new addition to the mega-conference is the SatelliteAsia with industry experts from ABS, AsiaSat, Gilat, KT Sat, Hughes Network System, MEASAT operators, SKY Perfect JSAT Corporation coming together to address the satellite communications market in Asia as well as satellite’s role in the rollout 5G and video distribution.

    The inaugural Asian editions of accelerateHER and Elevating Founders, will also draw top professionals from around the world to provide insight on progressive diversity and inclusion within the tech sector and the ever-challenging world of start-ups.

    accelerateHER is a global events series and network bringing together a highly curated group of exceptional entrepreneurs, CEOs and global thought leaders in an environment conducive to catalytic discussion and collaboration.

    accelerateHER comes to ConnecTechAsia for the very first time to deliver content-rich, high impact panel discussions and fire-side chats featuring the women leaders and technology pioneers building and driving Asia’s most awe-inspiring companies.

    Top speakers to grace the event include Ankiti Bose, co-founder & ceo, Zilingo; Huey Tyng Ooi, managing director, GrabPay; Natalie Black, HM trade commissioner for Asia Pacific, Department for International Trade.

    For those interested in the start-up scene, there is the Elevating Founders Asia which features keynotes with established start-ups and venture capitalists and pitchoffs by high potential Seed and Series A tech start-ups in healthTech, FinTech, PropTech, Smart Cities, EdTech, RetailTech and AgriTech.

     

    Ivan Ferrari

    Ivan Ferrari, event director, Tech, Media & Entertainment Events, Informa Markets, who spearheads ConnecTechAsia said going fully virtual this year has enabled us to bring together a stellar cast of speakers to share insights on how to leverage technology to navigate this pandemic and set up enterprises, cities and societies for a digitally-ready future.

    “Through these trying times, we seek to provide a platform where enterprises can find solutions and strategies to future proof and build resilient businesses for now and beyond,” he added.

    The post IoT World Asia goes virtual as part of ConnecTechAsia 2020 appeared first on FutureIoT.

    ]]>
    Cybersecurity risks loom over medical wearables and kitchen appliances https://futureiot.tech/cybersecurity-risks-loom-over-medical-wearables-and-kitchen-appliances/ Thu, 24 Sep 2020 02:00:11 +0000 https://futureiot.tech/?p=7781 More non-business devices are coming onto networks, with everything from connected teddy bears to medical devices to electric vehicles now needing to be secured alongside business IoT.

    The post Cybersecurity risks loom over medical wearables and kitchen appliances appeared first on FutureIoT.

    ]]>
    Internet of Things (IoT) is the soft underbelly of many businesses and an area they need to do more to protect, according to a recent report released this week by cybersecurity firm Palo Alto Networks.

    In a latest survey of 1,350 IT business decision makers across 14 countries in Asia, Europe the Middle East and North America, the respondents expect the cybersecurity challenges pose by  connected devices but are not prepared for them. Over 40%  of them admitted they need to make a lot of improvements to the way they approach IoT security, and 17% said that a complete overhaul is needed – amounting to more than half of those polled. The survey was conducted by technology research firm Vanson Bourne on behalf of Palo Alto Networks

    The results of the poll are revealed in the report entitled “The Connected Enterprise: IoT Security Report 2020”. Palo Alto Networks released the survey as part of its ongoing efforts to shed light on security threats posed by the surge in deployment of internet-connected devices.

    IoT device proliferation

    The explosive growth of IoT devices is a serious concern, with 89% if respondents seeing increased number of IoT devices on their networks in the past 12 months. Of these respondent, more than a third or 35% cited a significant increase.

    IoT device proliferation is a growing issue. Most IT decision-makers (89%) reported seeing increased numbers of IoT devices on their networks in the past 12 months, with more than a third (35%) reporting a significant increase.

    Furthermore, the report pointed out that more non-business devices are coming onto networks, with everything from connected teddy bears to medical devices to electric vehicles now needing to be secured alongside business IoT. Below the most common IoT connected devices being plugged onto home and corporate networks:

    Hong Kong context

    Overwhelmingly, 91% of Hong Kong respondents have seen a rise in the number of IoT devices connecting to their networks over the last year.

    One red flag emerged: 31% of respondents said they need to make a lot of improvements to the way they approach IoT security, and 37% said that a complete overhaul is needed, amounting to more than two thirds of those polled.

    “Devices that employees innocently bring onto an organisation's network are often not built with security in mind, and can be easy gateways to a company’s most important information and systems,” said Wickie Fung, managing director, Hong Kong and Macau at Palo Alto Networks. “To address that threat, security teams need to be able to spot new devices, assess their risk, determine their normal behaviours and quickly apply security policies.”

    Back to the report’s general findings, one in five (20%) of those surveyed reported that they have not segmented IoT devices onto separate networks – a fundamental practice for building safe, smart networks.  Only 21% reported following best practices of using micro-segmentation to contain IoT devices in their own tightly controlled security zones.

    “Traditional networks are ill-equipped to handle the surge in adoption of IoT devices,” said Tanner Johnson, senior cybersecurity analyst at Omdia. “Device behaviour baselines need to be established to allow for new recommended policies to help stop malicious activity. For instance, it would raise a flag if a connected thermostat started transmitting gigabytes of data to an unfamiliar site.”

    Indeed, IoT devices are the weak link in IT networks. An earlier research conducted by Unit 42, Palo Alto Networks threat intelligence research arm said 57% of IoT devices are vulnerable to attacks of medium to high severity. This posed  a big challenge as Business Insider Intelligence forecasts there will be more than 41 billion IoT devices by 2027, up from 8 billion last year.

    The post Cybersecurity risks loom over medical wearables and kitchen appliances appeared first on FutureIoT.

    ]]>
    Digital transformation paves way to recovery in a post-pandemic world https://futureiot.tech/digital-transformation-paves-way-to-recovery-in-a-post-pandemic-world/ Wed, 23 Sep 2020 01:00:32 +0000 https://futureiot.tech/?p=7777 With digitalisation on everybody’s lips, the question is, how can manufacturers best leverage technology, automation and IoT to rebound from the COVID-19 crisis as smoothly and as quickly as possible?

    The post Digital transformation paves way to recovery in a post-pandemic world appeared first on FutureIoT.

    ]]>
    The COVID-19 pandemic has presented new challenges for industries across the board, and manufacturing is no different.

    With digitalisation on everybody’s lips, the question is, how can manufacturers best leverage technology, automation and IoT to rebound from the COVID-19 crisis as smoothly and as quickly as possible?

    Challenges to the manufacturing sector

    One of the biggest challenges affecting the manufacturing industry, like many others, is the restrictions placed on workplace access.

    Employees are being encouraged to work offsite as much as possible due to the pandemic, resulting in lean engineering and service teams on the factory floor, enterprise risk and limited availability of assets and operations.

    Firstly, how can companies help to ensure an efficient workforce and operations while protecting employees’ health and safety and carry out training during these challenging times?

    Secondly, how do companies keep their business running efficiently and profitably, maintaining business continuity in the mid to long term in the face of logistics challenges? Thirdly, how can companies reduce downtime of assets and the need for maintenance while continuing to operate with lean on-site staff?

    To elevate the above challenges, there are three guiding principles that manufacturers should follow to keep their workforce safe while preparing for ongoing uncertainty and long-lasting changes to the work environment.

    Considerations

    1. Protect the workforce. Companies should standardise operating procedures and tools that keep staff safe, such as implementing regimented social distancing and protective garments on the factory floor, and building workforce confidence through effective, two-way communication that responds to employees’ concerns.
    2. Manage risks to help to ensure business continuity. Companies need to anticipate and be ready to respond to potential changes with speed and agility, as exemplified in the rapid spike in demand for PPEs and masks at the height of the coronavirus pandemic earlier this year.
      Coupled with export limitations from supplier countries, manufacturers had to quickly transition away from their regular portfolio and pivot into PPE manufacturing. A flexible factory floor and scenario planning well ahead of the fluctuations will enable manufacturers to keep operations running smoothly despite unforeseeable volatility.
    3. Drive productivity at a distance, even when employees are unable to be physically present. Companies should continue to effectively manage performance at their facilities through remote monitoring and support while physical distancing and remote working policies remain in place.

    The above can be achieved through digital transformation, and digitally transformed businesses are best positioned to be agile, enabling manufacturers to respond and adapt quickly to any challenges the business might face.

    Amongst our customer base, we are already gathering evidence that those who had begun their digital transformation journey pre-pandemic (pre-March 2020) were better prepared to tackle the above challenges.

    Adopting and optimising the use of IOT, AI and AR

    The majority of manufacturers are familiar with the Internet of Things (IOT) and Artificial Intelligence (AI), key features of digital transformation and Industry 4.0.

    IoT has many different applications for manufacturers, such as facilitating production flow and monitoring product development cycles, as well as in the management of warehouses and inventories through networked sensors and intelligent devices.

    IoT devices also collect data to drive artificial intelligence and predictive analytics and maintenance.

    AI, also known as ‘machine intelligence’, can be used in the manufacturing industry to oversee operations and alert teams to production anomalies. Employees can investigate or intervene as necessary, observe product quality and specify issue causes, and flag equipment issues before unplanned downtime or catastrophic failure.

    AI also allows a company to leverage the data they are generating to increase capacity, reduce energy consumption and improve the quality of their output.

    On top of IoT and AI, Augmented Reality (AR) is another tool that manufacturers can use to unlock opportunities across the value chain and build out resilient operations.

    In manufacturing, AR can be used to mock-up a finished product, identify unsafe working conditions and predict equipment and hardware servicing needs.

    These technologies often work in tandem, and by enabling IoT, AI and AR across various functions on the shop floor, companies can leverage these digital enhancements to address and overcome the challenges presented by the pandemic.

    For example, on the servicing and engineering front, virtual team collaboration is made possible through AR and VR. AR and IoT enable remote servicing and customer self-service, reducing the need for the costly dispatching of technicians or truck rolls.

    The technology also enables greater technician productivity as well as breakthrough digital product experiences.

    Not only are off-site employees able to access machines or systems remotely, but AR can be used to upskill other employees on how to use these systems, enabling collaboration to continue efficiently even if engineering teams are forced to work remotely.

    To support sales and product marketing efforts, product lifecycle management (PLM) and AR can be used to create 3D holograms for configured product demonstrations, and IoT and AR can be used to present differentiated product or brand experiences.

    This allows sales and marketing teams to continue to build a pipeline of leads, presenting their company’s capabilities, products and services effectively even when physical meetings are kept to a minimum.

    To maximise the benefits reaped from IoT, AI and AR, these technologies need to be embedded within an existing infrastructure that is secure and has both IT and OT systems in place. In turn, manufacturers also need to be able to protect and maintain this infrastructure.

    This can be achieved through the application of managed security services like threat detection, response and recovery, infrastructure administration and monitoring, even 24/7 remote support.

    Device integration to the cloud will also allow for round-the-clock remote monitoring of device health and collection of performance data, enabling manufacturers to make data-guided adjustments to optimise systems performance and undertake predictive maintenance of their assets, avoiding costly downtime.

    Flexible and agile manufacturing enabled by digital transformation is essential to maintaining business continuity, especially against the backdrop of an unpredictable and rapidly changing environment.

    With the COVID-19 pandemic likely to restrict the movement of employees for some time to come, manufacturers should be prepared for their workforce to be separated from the factory floor for the foreseeable future.

    Manufacturers should act now, investing in digital transformation capabilities which will equip their employees with remote tools to maintain efficient processes, maximising throughput, optimising asset utilisation and decreasing expenses. All while ensuring business continuity and protecting the health and safety of employees well into the post-pandemic future.

    The post Digital transformation paves way to recovery in a post-pandemic world appeared first on FutureIoT.

    ]]>
    Acronis to secure Airspeeder electric flying car race https://futureiot.tech/acronis-to-secure-airspeeder-electric-flying-car-race/ Wed, 09 Sep 2020 02:00:27 +0000 https://futureiot.tech/?p=7700 Acronis harnesses the power of data to drive performance in elite competition.

    The post Acronis to secure Airspeeder electric flying car race appeared first on FutureIoT.

    ]]>
    Airspeeder, the world’s first electric flying car racing series, has entered a landmark technical and strategic partnership with Singapore-based cybersecurity firm Acronis.

    The racing series, created by performance electric flying car manufacturer Alauda, will receive technical and commercial support from Acronis. The significance of this partnership will be reflected in the placement of the Acronis brand in a prominent position on Airspeeder’s MK4 racing craft.

    “We are creating an aerial motorsport driven by innovation. Backing from Acronis, a business with an extraordinary culture of technological success in Formula One and Formula E represents significant affirmation of our vision to accelerate the next great mobility revolution through sporting competition,” said Matt Pearson, Founder, Alauda and Airspeeder

    The first Airspeeder GPs planned for 2021. It is founded on the belief that technical development of the flying car mobility revolution will be accelerated in the heat of competition.  It will benefit the wider eVTOL (electrical vertical take-off and landing) sector, an industry backed by giants including Uber, Daimler, Toyota, Hyundai and Airbus.

    Widely dubbed as ‘flying electric taxis’ and considered the next great mobility revolution, eVTOL promises to liberate cities and cut journey times with a sustainable flying transport solution. The sector is predicted by Morgan Stanley to be worth US$1.5 trillion dollars by 2040.

    Ensuring data security during the Airspeeder race

    With the newly inked partnership, Acronis’ cyber protection solutions will ensure the data security for the revolutionary LiDAR and Machine Vision technology that will deliver close but safe racing through the creation of virtual force-fields around each racing craft, named ‘Speeders’. Part of this technology will be delivered by Teknov8, a global provider of cyber security solution that will support Acronis’ partnership with Airspeeder as an Official #CyberFit Delivery Partner.

    “Acronis’ place at the leading edge of innovation in data management perfectly aligns with Alauda and Airspeeder’s vision to accelerate a mobility revolution through close sporting competition,” said Jan-Jaap Jager, board advisor and senior vice president at Acronis.

    He added: “Our proven, integrated approach to providing easy, efficient, reliable and secure cyber protection for all data, applications and systems, will help Airspeeder to enhance their performance on the air track and in the back office. We look forward to delivering on the promise of a true next generation technical and sporting proposition.”

    Acronis’ secure data analysis solutions currently enhance the performance of some of the most celebrated sporting entities in the world including major names in F1 and English Premier League football. Acronis’ strategic and commercial support represents further affirmation of Airspeeder and Alauda’s vision to accelerate the next great mobility revolution through sporting competition. This significant partnership follows the confirmation of major institutional investment in the sport and follows existing support from logistics giant DHL and global money management firm Equals.

    Acronis and Teknov8’s commercial, technical and strategic support will therefore hasten the arrival of the eVTOL (electrical vertical take-off and landing) vehicle that promises to provide a long-term clean air solution to city congestion through a zero-emissions aerial transport solution.

    Airspeeder is described by global commentators as the ‘Formula One of the skies’, Acronis’ track record in motorsport makes them the perfect technical and strategic partner. The firm’s technical team will manage the streams of live data that will underpin a sport that promises to be the most exciting global sporting and broadcast entity on the planet.

    Building a new sports

    Alauda expects that elite pilots culled from the world of aviation, motorsports and eSports will participate in Airspeeder, navigating through navigate electrically governed courses above some of the most visually arresting locations in the world.

    Electric racing multicopters created by Alauda will fly at speeds of up to 130km/h. Airspeeder GP seasons will be contested by teams who will purchase the original craft and equipment from Alauda, but will be given freedom to set race strategy and recruit pilots from a pool of elite pilot academy graduates. This will create a technologically even playing field, encouraging greater control for teams to dictate strategy. This approach has been compared to the highly successful Formula E racing series.

    Success for teams competing in the Airspeeder series is defined by the skill of individual pilots and the teams’ ability to maximise performance from a truly revolutionary technical platform. Key to this will be the collection and interpretation of data. This will be underpinned by Acronis and its world-leading solutions which will ensure the secure and seamless management of data. Key indicators from battery peak performance to pilot biometrics will be available to teams as they plot strategy to gain competitive advantage.

    Acronis’ track record in motorsport makes the company  the ideal technical and strategic partner to an event described as “Formula One of the skies”. The firm’s technical team will manage the streams of live data that will underpin a sport that promises to be the most exciting global sporting and broadcast entity on the planet.

    Acronis’ data solutions currently ensure the security of the terabytes of data derived from running Formula One cars during testing and racing scenarios. This data is essential to sports like F1 and Airspeeder that require telemetry data to analyse performance and set strategy.

    Airspeeder’s team and pilots will benefit from real-time data including analysis of battery and key systems performance. From this information, engineers will be able to define strategy in real time to find competitive advantage in a sport where every team starts with the same technical platform. This will make for the close and equitable racing motorsports fans crave.

    Data-driven sporting event

    Airspeeder’s will globally stream races and interact with the sport’s fan community across multiple devices and channels. Central to this is equipping Airspeeder with the inherent flexibility to adapt to rapidly shifting requirements of audiences in the way they interact with brands. Acronis’ capability to securely manage global fan and partner data empowers Airspeeder to deliver a next generation multimedia experience.

    As a progressive, technologically led sport, Airspeeder is driven by the application of big data. Acronis and Teknov8 will ensure an Airspeeder race or flight will never be compromised and that the terabytes of data shared between Speeders and the technical teams supporting them will remain entirely secure.

    Airspeeder will be experienced through global multi-channel streaming. Spectators at live events will be limited to VIPs exclusively invited to experience and amplify the action from luxury pavilions. As they compete, Speeders will utilise cutting-edge LiDAR and Machine Vision technology to ensure close but safe racing, with defined and digitally governed no-fly areas surrounding spectators and officials.

    The post Acronis to secure Airspeeder electric flying car race appeared first on FutureIoT.

    ]]>
    Tokyo university investigates hardware trojans in IoT devices https://futureiot.tech/tokyo-university-investigates-hardware-trojans-in-iot-devices/ Wed, 02 Sep 2020 02:00:29 +0000 https://futureiot.tech/?p=7660 Researchers have selected Keysight Technologies’ CX3300 Device Current Waveform Analyzer with anomalous waveform analytics (AWA) software to delve deep into hardware trojan detection.

    The post Tokyo university investigates hardware trojans in IoT devices appeared first on FutureIoT.

    ]]>
    Waseda University Faculty of Science and Engineering in Tokyo is currently looking into IoT security by  investigating the characteristics of hardware Trojans and researching methods to avoid security risks.

    Noting the growth in the outsourcing of circuit design and manufacturing coupled expanding internet connectivity,  university researchers observe that cybersecurity threats from hardware trojans are also on the rise. Hardware trojans are circuits that behave maliciously in electronic devices.

    To do the study, the researchers have selected Keysight Technologies’ CX3300 Device Current Waveform Analyzer with anomalous waveform analytics (AWA) software to delve deep into hardware trojan detection.

    “Keysight's CX3300 solution is capable of recording high speed waveforms at sampling rates of up to 10 million times per second. In addition, the anomalous waveform analytics enables accurate circuit analysis in a short time, which has significantly accelerated our research," said Professor Nozomu Togawa from the Faculty of Science and Engineering department at Waseda University.

    Keysight’s CX3300A features wide dynamic range and bandwidth, low noise, unique voltage/current measurement sensitivity, and a long-time data logger function that can capture waveforms of up to 100 hours without time lag.

    In addition, the AWA function can detect differences in the waveforms of the device and classify them as waveform patterns. This allows quick characterization/verification, as well as debug/troubleshooting and optimization of IoT connected devices.

    “We are delighted that Waseda University in Tokyo used the CX3300 Device Current Waveform Analyzer to research and detect IoT security threats,” said Christopher Cain, vice president and general manager of Keysight Technologies Electronic Industrial Products.

    He added: “Keysight’s CX3300 offers wide measurement bandwidth, high resolution and low noise, which makes it ideally suited to provide design engineers deep insights into dynamic current and voltage waveforms. The recent addition of very long duration measurement recording and waveform analytics, enable design engineers to capture and explore rare events to realise their high-performance designs.”

     

    The post Tokyo university investigates hardware trojans in IoT devices appeared first on FutureIoT.

    ]]>
    Trend Micro warns home routers targeted for Iot botnet use https://futureiot.tech/trend-micro-warns-home-routers-targeted-for-iot-botnet-use/ Tue, 21 Jul 2020 03:00:47 +0000 https://futureiot.tech/?p=7452 Entitled  “Worm War: The Botnet Battle for IoT Territory”,  the report discovered recent spike in attacks targeting and leveraging routers, particularly around Q4 2019.

    The post Trend Micro warns home routers targeted for Iot botnet use appeared first on FutureIoT.

    ]]>
    Trend Micro last week released its latest research that warned of a major new wave of attacks attempting to compromise home routers for use in IoT botnets.

    With the dawn of the internet of things (IoT), botnet developers have found a new domain to conquer, but there they must compete with one another to grow their bot armies. This so-called worm war is being waged without the knowledge of users who stand to lose control of their devices no matter which cybercriminal ends up winning each battle.

    Entitled  “Worm War: The Botnet Battle for IoT Territory”,  the report discovered recent spike in attacks targeting and leveraging routers, particularly around Q4 2019. This indicates increased abuse of these devices will continue as attackers are able to easily monetize these infections in secondary attacks, Trend Micro cautioned.

    "With a large majority of the population currently reliant on home networks for their work and studies, what's happening to your router has never been more important," said Jon Clay, director of global threat communications for Trend Micro. "Cybercriminals know that a vast majority of home routers are insecure with default credentials and have ramped up attacks on a massive scale. For the home user, that's hijacking their bandwidth and slowing down their network. For the businesses being targeted by secondary attacks, these botnets can totally take down a website, as we've seen in past high-profile attacks."

    Tenfold increase

    From October last year, the research found an increase in in brute force log-in attempts against routers, as attackers use automated software to try common password combinations. The number of attempts increased nearly tenfold, from around 23 million in September to nearly 249 million attempts in December 2019. As recently as March 2020, Trend Micro recorded almost 194 million brute force logins.

    Another indicator that the scale of this threat has increased is devices attempting to open telnet sessions with other IoT devices. Because telnet is unencrypted, it is favoured by attackers -- or their botnets -- as a way to probe for user credentials. At its peak, in mid-March 2020, nearly 16,000 devices attempted to open telnet sessions with other IoT devices in a single week.

    The report said there's a thriving black market in botnet malware and botnets-for-hire. Although any IoT device could be compromised and leveraged in a botnet, routers are of particular interest because they are easily accessible and directly connected to the internet.

    IoT botnet turf war

    Trend Micro pointed out that this is concerning for several reasons. Cybercriminals are competing with each other to compromise as many routers as possible so they can be conscripted into botnets. These are then sold on underground sites either to launch Distributed Denial of Service (DDoS) attacks, or as a way to anonymise other attacks such as click fraud, data theft and account takeover.

    Competition is so fierce that criminals are known to uninstall any malware they find on targeted routers, booting off their rivals so they can claim complete control over the device.

    In a blogpost discussing its latest research, the company gave a preview of the main capabilities of botnet malware using the three bot source codebases that have paved the way for many botnet malware variants and formed the basis of the ongoing turf war:

    • Kaiten - Also known as Tsunami, Kaiten is the oldest of the three. Its communication with its command-and-control (C&C) servers is based on the IRC (Internet Relay Chat) protocol, whereby infected devices receive commands from an IRC channel. Kaiten’s script also allows it to work on multiple hardware architectures, making it a relatively versatile tool for cybercriminals. In addition, recent variants of Kaiten can kill competing malware, allowing it to fully monopolize a device.
    • Qbot- Also known as Bashlite, Gafgyt, Lizkebab, and Torlus, Qbot is also a relatively old malware family, but it remains significant for botnet developers. What is most notable about Qbot is that its source code is made up of only a few files. It is difficult to use for beginner botnet developers, as evidenced by many tutorials and guides for using the malware in cybercriminal forums. Like Kaiten’s, Qbot’s source code can support multiple architectures, but the malware’s communication with its C&C servers is based on TCP (Transmission Control Protocol) instead of IRC. Recent Qbot variants also have the capability of killing rival malware.
    • Mirai - Mirai is the most recent of the three, but it has become a popular botnet malware family, having spawned numerous variants. It was created with the goal of becoming a distributed denial-of-service (DDoS) tool for sale. After its source code was made public, Mirai became a game changer for IoT malware. When it first entered the arena of botnet malware, it quickly made a name for itself through the attack on Dyn, a Domain Name System (DNS) hosting provider, that resulted in the disruption of widely used websites and services.

    A summary of the three main IoT bot source codebases

    For the home user, a compromised router is likely to suffer performance issues. If attacks are subsequently launched from that device, their IP address may also be blacklisted -- possibly implicating them in criminal activity and potentially cutting them off from key parts of the internet, and even corporate networks.

    Defense against IoT botnets

    In the same blogpost, Trend Micro said botnets can be grown into powerful armies of devices as demonstrated by the infamous Mirai attacks in 2016 that took down major websites (including Netflix, Twitter, and Reddit) and the well-known security blog Krebs on Security.

    “On a smaller scale, for individual users, botnets monopolise IoT devices and resources that are meant to make their lives more convenient and their jobs easier. These devices have taken on more significance especially in a time where work-from-home arrangements have become the new norm for organisations,” the blogpost said.

    It added that best defense strategy against warring botnets is to narrow their battlefield and deny cybercriminals the resources that would make their botnets powerful. Users can do their part by ensuring their IoT devices are secure. They can begin by following these steps:

    • Manage vulnerabilities and apply patches as soon as possible. Vulnerabilities are the main way malware infects devices. Applying patches as soon as they are released can limit the chances for potential exploits.
    • Apply secure configuration. Users must ensure that they are using the most secure configuration for their devices to narrow openings for compromise.
    • Use strong, hard-to-guess passwords. Botnet malware takes advantage of weak and common passwords to take over devices. Users can circumvent this tactic by changing default passwords and using strong passwords.

    The post Trend Micro warns home routers targeted for Iot botnet use appeared first on FutureIoT.

    ]]>
    Palo Alto Networks beefs up IoT security with new NGFW https://futureiot.tech/palo-alto-networks-beefs-up-iot-security-with-new-ngfw/ Wed, 24 Jun 2020 01:00:49 +0000 https://futureiot.tech/?p=7342 Cybersecurity specialist Palo Alto Networks has unveiled what it claims to be the world’s first next-generation firewall (NGFW) embedded with machine learning (ML) capability specifically designed to proactively protect IoT devices in the network against potential threats.

    The post Palo Alto Networks beefs up IoT security with new NGFW appeared first on FutureIoT.

    ]]>
    Cybersecurity specialist Palo Alto Networks has unveiled what it claims to be the world’s first next-generation firewall (NGFW) embedded with machine learning (ML) capability specifically designed to proactively protect IoT devices in the network against potential threats.

    The company’s ML-powered NGFW with its proprietary PAN-OS 10.0 was introduced yesterday to over 1,000 customers and partners in Hong Kong via a virtual cybersummit hosted by Wickie Fung, managing director, Hong Kong & Macau at Palo Alto Networks,

    "Thirteen years ago, we completely changed network security when we created the Next-Generation Firewall," said Nir Zuk, founder and chief technology officer at Palo Alto Networks. "As enterprise networks are widening — with hybrid clouds, IoT devices and home offices — and attacks rapidly and automatically evolve, we again need a radical new approach to cybersecurity. PAN-OS version 10.0  is continuously learning and proactively improving security across multiple fronts, so security professionals don't just keep up but get ahead."

    Palo Alto Networks’ newest offering   is expected to be available in mid-July and will be available to all current customers with valid support contracts.

    The ML-Powered NGFW with PAN-OS 10.0 introduces multiple industry firsts, including:

    • ML-Based In-line Malware and Phishing Prevention

    As attackers use machines to automatically morph attacks, signatures become less valuable in preventing these attacks. Previously, network security products only used machine learning models for out-of-band detection, but the Palo Alto Networks ML-Powered NGFW now uses in-line machine learning models to help prevent previously unknown attacks.

    • Zero-Delay Signature Updates

    Already leading the industry in reducing the reaction time for threats from days to minutes, Palo Alto Networks is now introducing zero-delay protection, resulting in a 99.5% reduction in systems infected.

    • ML-Based Integrated IoT Security

    New IoT devices are proliferating rapidly, often joining the network unsecured and without InfoSec’s knowledge. The new Palo Alto Networks IoT Security is powered by ML to deliver complete device visibility, including never-before-seen devices; highlight anomalies and vulnerabilities; and recommend appropriate security policies — all without the need for additional sensors or infrastructure.

    • ML-Based Security Policy

    The ML-Powered NGFW uses machine learning to analyse vast amounts of telemetry data, and then recommend policies. With PAN-OS 10.0 and IoT Security, customers will be able to view and adopt the IoT Security policy recommendations for safe device behaviour. This will save time, reduce the chance of human error, and help secure IoT devices.

    By bringing these four industry firsts into a single system, Palo Alto Networks said the ML-Powered NGFW helps organisations protect against up to 95% of unknown file and web-based threats instantly.

    It  also automates policy recommendations to save time and reduce the chance of human error, as well as adapts and provides instantaneous real-time protection. Most importantly, it extends visibility and security to all devices, including unmanaged IoT devices —  without the need to deploy additional sensors.

    Furthermore, PAN-OS 10.0 introduces the CN-Series, a containerised form factor for the ML-Powered NGFW, and 70+ innovative new capabilities, including easier decryption, high availability clustering, a new high-performance hardware card, Threat Prevention and DNS Security enhancements.

     

    The post Palo Alto Networks beefs up IoT security with new NGFW appeared first on FutureIoT.

    ]]>
    Surge in obsolete network devices pose cybersecurity risk https://futureiot.tech/surge-in-obsolete-network-devices-pose-cybersecurity-risk/ Fri, 12 Jun 2020 00:10:09 +0000 https://futureiot.tech/?p=7304 Businesses will need the tools, knowledge and expertise to be able to re-architect the network for the short, mid and long-term evolution of the ‘new normal’ with people working remotely and from any device at any time.

    The post Surge in obsolete network devices pose cybersecurity risk appeared first on FutureIoT.

    ]]>
    As part of digital transformation strategies, leading organisations are already using networks to enable new business models such as the Internet of Things (IoT) or optimise existing operating models such as asset tracking.

    Alternatively, businesses may be investing in technologies such as robotic process automation (RPA), as part of their digital transformation initiatives in order to save cost and scale services in an agile manner. No matter what the reason; digital transformation is helping to improve the customer and employee experience, powered by the network.

    These initiatives will only be accelerated with the support of relevant, secure infrastructure in the ‘new normal’ especially with respect to businesses’ technology, operational and financial initiatives. The COVID-19 outbreak and consequent surge in bandwidth consumption is putting strain on the network, compounding existing challenges, and, ultimately, creating a perfect storm. With an increase in remote working, remote access and consumption of voice and video services, organisations’ network and security infrastructure are under incredible pressure.

    “The network is the platform for business digital transformation. It needs to be ubiquitous, flexible, robust and secure to adapt easily to business change, while increasing the maturity of the operational support environment,” said Ron Lopez, executive vice president, NTT Ltd. “Businesses that use a high-level of network automation and intelligence to optimise operations will gain a significant competitive advantage and realise the benefits of the cloud economy, securely.”

    Cloud outpaces on-premises infrastructure spend

    NTT released this week a new report entitled “2020 Global Network Insights Report” which found that as businesses move applications to multi-cloud environments, investment in the cloud is outpacing organisations’ on-premises infrastructure spend.

    This has caused refresh and upgrade patterns to slow down, with many businesses choosing to continue to sweat network assets and to slow investment in re-architecting their on-premises network and security infrastructure. As a result, there has been an increase in obsolete and unpatched network devices containing software vulnerabilities, introducing risk, and exposing the organisation to information security threats.

    Commenting on the report’s key findings, Lopez  noted that with companies coping with the new normal,  many businesses will need, if not be forced, to review their network and security architecture strategies, operating and support models to better manage operational risk.

    “We expect to see strategy shift from a focus on business continuity to preparation for the future as lockdown begins to ease. Network infrastructure needs to be appropriately architected and managed to deal with unplanned surges, which will require a relook at cloud and on-premises infrastructure to reduce the impact and frequency of business-critical outages.”

    Ageing and obsolete devices – a security risk in the future workplace

    The report, which is based on data from technology assessments conducted on more than 1,000 NTT clients covering over 800,000 network devices, found 47.9% of organisations’ network assets were ageing or obsolete, as a weighted average, representing a huge surge on 2017, when this figure was just 13.1%.

    Obsolete devices have, on average, twice as many vulnerabilities per device (42.2) when compared with ageing (26.8) and current ones (19.4), creating unnecessary risk. This risk is exacerbated further when businesses do not patch a device or revisit the operating system version for the duration of its lifetime. And although patching is relatively simple, and often free under a maintenance agreement or extended warranty, many businesses still don't patch their devices.

    According to NTT, companies facing the new normal have to reimagine the way they work – embedding resilience into the organisation’s operations will be key. The pandemic will introduce permanent changes to the way businesses operate, including implementing smart workspaces that accommodate social distancing within their physical offices, while many companies will continue to embrace remote working. Meanwhile, with the adoption of new wireless infrastructure on the rise – an increase of 13% year-on-year – and the rise of open office and co-working spaces, a novel approach to all network architecture will be needed.

    “Businesses will need the tools, knowledge and expertise to be able to re-architect the network for the short, mid and long-term evolution of the ‘new normal’ with people working remotely and from any device at any time,” Lopez said. “They will need to find strategic partners who can guide them with a view of what the future network looks like – not just in terms of supporting corporate space, but also public and retail areas where social distancing is typically difficult to attain. For example, as we move into the ‘new normal’, AI and machine learning may be applied to help monitor social distancing measures – the network will be the platform enabler.”

    The post Surge in obsolete network devices pose cybersecurity risk appeared first on FutureIoT.

    ]]>
    Securing OT – the things no one talks about https://futureiot.tech/securing-ot-the-things-no-one-talks-about/ Mon, 18 May 2020 01:00:01 +0000 https://futureiot.tech/?p=7181 Since OT networks relate to physical processes at a macro scale, security issues for OT are possibly more tangible than that for IT

    The post Securing OT – the things no one talks about appeared first on FutureIoT.

    ]]>
    Since OT networks relate to physical processes at a macro scale, security issues for OT are possibly more tangible than that for IT

    Accessing FutureIoT Premium Content

    Welcome! To access Premium content and more, please login below.

    Not a Premium member yet? Register now for a free account!

    Forgot Password

    Alternatively,

    The post Securing OT – the things no one talks about appeared first on FutureIoT.

    ]]>
    Securing the software-defined vehicle https://futureiot.tech/securing-the-software-defined-vehicle/ Fri, 15 May 2020 01:00:39 +0000 https://futureiot.tech/?p=7173 [...] Accessing FutureIoT Premium Content Welcome! To access Premium content and more, please login below. Not a Premium member yet? Register now for a free account! Username or Email Password  Remember Me Forgot Password Alternatively,

    The post Securing the software-defined vehicle appeared first on FutureIoT.

    ]]>
    [...]

    Accessing FutureIoT Premium Content

    Welcome! To access Premium content and more, please login below.

    Not a Premium member yet? Register now for a free account!

    Forgot Password

    Alternatively,

    The post Securing the software-defined vehicle appeared first on FutureIoT.

    ]]>
    3 ways SD-WAN helps you win in the 5G age of IoT https://futureiot.tech/3-ways-sd-wan-helps-you-win-in-the-5g-age-of-iot/ Wed, 22 Apr 2020 02:00:48 +0000 https://futureiot.tech/?p=7038 One of the foundational components of SD-WAN is its centralised management platform capable of simplifying the control of networks supporting IoT.

    The post 3 ways SD-WAN helps you win in the 5G age of IoT appeared first on FutureIoT.

    ]]>
    The Internet of Things (IoT) has been around for a while, but this technology continues to drive transformation in the digital sphere. In fact, GlobalData predicts that the marketplace for IoT will grow at a compound annual growth rate (CAGR) of 22.4% to reach a total of US$96 billion in the APAC region by 2023. The fifth generation of cellular mobile communications is set to form the dynamic ecosystem in which IoT will operate. By providing faster and more reliable connectivity, 5G networks will bring IoT’s capabilities to the next level.

    Though APAC is set to lead 5G technology adoption globally, the integration of 5G-enabled IoT technology might not be smooth sailing for enterprises. To cope with the rapidly evolving needs of their traffic networks and unlock the power of IoT, businesses are increasingly leveraging software-defined wide area network, or SD-WAN, for a pragmatic approach. SD-WAN is an evolution of wide area networking that supports applications hosted in multiple locations, over any type of network and through any type of service provider connection. Here are three ways SD-WAN will play a critical role in helping enterprises build their IoT infrastructure in a 5G society:

    Heightened security

    Data security issues are certainly top of mind for businesses as security breaches become increasingly costly. A study by Ovum emphasised the need for APAC services providers to beef up security infrastructure to meet demands of IoT and 5G, which involves securing IoT traffic end-to-end for data to be protected from threats.

    With 5G enabling applications to operate within different virtualised environments, SD-WAN prevents unauthorised access of sensitive information in two ways: path isolation and security controls. Path isolation allows enterprises to corral traffic while security controls permit or deny traffic based on specific criteria. Combined, these methods of separation and enforcement result in an effective enterprise segmentation technique that reduces the risk of the IoT device traffic being exposed to security breaches.

    Simplified management

    One of the foundational components of SD-WAN is its centralised management platform capable of simplifying the control of networks supporting IoT. Traditionally, setting up new devices would entail manual configuration of the devices at each location.

    Through the deployment of automation, SD-WAN allows new IoT devices to be added to the network without the need for reprogramming software and cuts down operational requirements. By using a pre-configured template, businesses can quickly make changes to network traffic regardless of the number of edge locations—all through a single management dashboard. This will be key for organisations in keeping up with a consumer landscape that’s going to change at an even quicker rate with the arrival of 5G.

    Scalability and reliability

    IoT devices are a means of collecting and transmitting raw data that organisations rely on to better understand their customers. While it’s early days, it was reported that the average customer data usage in South Korea on 5G was 24GB in June 2019, 2.6 times higher than the average 4G usage in the same period—a trend that’s likely to repeat across the region. This incoming surge in data will pose a challenge for businesses with major strains being applied on traditional network infrastructure and in turn affect application performance and user experience.

    Modern SD-WAN solutions circumvent this issue as they provide a network topology that can be scaled up or down based on the unique level of application needs. On top of its flexibility, SD-WAN frameworks provide low-latency and reliable connectivity to multiple cloud service providers. In other words, SD-WAN can meet expanded enterprise-scale requirements without compromising quality of connection despite the increase in number of connected devices and data sources.

    The inevitable arrival of 5G will cause a massive increase in new connected devices, and the enterprise network will be distributed across an even greater area. To adapt to these new requirements, SD-WAN will play a larger role and become the standard technology for networking in time to come.

    For organisations to stay ahead of the curve in an extremely competitive region, the only way forward is to begin exploring SD-WAN options and working with the right experts to design a custom architecture that helps them achieve their business objectives. With 2020 expected to be the year 5G goes mainstream, the best organisations have already assessed the essential items for their IoT transformation story and selected suitable SD-WAN solutions to ensure they don’t lose their competitive edge.

    The post 3 ways SD-WAN helps you win in the 5G age of IoT appeared first on FutureIoT.

    ]]>
    IMDA issued new IoT Cyber Security Guide in Singapore https://futureiot.tech/imda-issued-new-iot-cyber-security-guide-in-singapore/ Tue, 24 Mar 2020 05:00:54 +0000 https://futureiot.tech/?p=6895 The guide introduces  foundational concepts and provides a set of baseline recommendations and a checklist for users and vendors.

    The post IMDA issued new IoT Cyber Security Guide in Singapore appeared first on FutureIoT.

    ]]>
    The Infocomm Media Development Authority (IMDA) of Singapore has launched a new IoT Cyber Security Guide to offer enterprise users and their vendors better guidance on deploying IoT technology.

    Developed in consultation with city state’s Cyber Security Agency amid the growing adoption of IoT devices, the document provides practical  tips to help companies address the cyber security aspects of IoT systems in the acquisition, development, operation and maintenance of these systems.

    The guide introduces  foundational concepts and provides a set of baseline recommendations and a checklist for users and vendors.

    “As companies deploy more IoT systems and devices to improve business efficiency and productivity, it also exposes them to more cyber security threats and vulnerabilities. I encourage companies and vendors to adopt the new IoT Cyber Security Guide and take cyber security into consideration early at the point of designing and developing their IoT systems to better protect their businesses from cyber security threats and the damage they bring,” said IMDA deputy chief executive Aileen Chia.

    The document provides a holistic approach to identifying and mitigating the threats and vulnerabilities posed by IoT systems. It covers a wide range of practical issues faced by IoT vendors and their users such as:

    • Fundamental IoT security design principles
    • Security Impact categories for identification of assets of interests
    • Threat categories for the enumeration of threats, from both cyber and physical perspectives
    • Attack surface categories that are common to IoT devices.
    • System and device life cycles with different threat considerations for each cycle
    • Assessment of threats

    Enterprise users welcomed the release of the new document.

    “Many businesses are embracing the use of transformative technologies using IoT and while IoT promises a wealth of opportunities, it ushers in new threats and vulnerabilities. The IoT guide initiative by IMDA is a commendable effort that helps organisations navigate the design and use of IoT in a more secured way. It paves the way for organisations to provide feedback and share them with the larger IoT community on what can and should not be done,” said P Ramakrishnan, CEO of CIO Academy.

    The post IMDA issued new IoT Cyber Security Guide in Singapore appeared first on FutureIoT.

    ]]>
    Everbridge adds IoT module to its CEM platform https://futureiot.tech/everbridge-adds-iot-module-to-its-cem-platform/ Mon, 23 Mar 2020 02:00:12 +0000 https://futureiot.tech/?p=6883 New IoT capabilities automate process of mitigating a wide variety of critical events such as coronavirus (COVID-19) to protect people, operations and supply chain.

    The post Everbridge adds IoT module to its CEM platform appeared first on FutureIoT.

    ]]>
    Everbridge, a leading provider of  critical event management (CEM) systems, has unveiled new CEM capabilities across the Internet of Things (IoT) for corporate, government and healthcare organisations to protect their people, assets, operations, supply chain and brand from critical events such as coronavirus (COVID-19).

    The IoT extension module that will also leverage the intellectual property from recent technology acquisitions of Connexient and CNL Software. As a result, organisations will be able to gather a broader range of situational intelligence and automate targeted responses throughout their entire safety, security, and operational continuum – from across a global footprint to within campuses and facilities.

    With the number of IoT devices expected to approach 75 billion by 2025, the Everbridge CEM platform enables organisations to use vast amounts of electronic data, including IoT sensors, to digitally transform how they manage the safety and security of their employees, customers, patients, first responders, residents, and visitors, as well as the resiliency of their operations and supply chain. CEM for IoT extends the number of use cases for the Everbridge platform within the broader critical event management market, complementing the company’s existing offerings for supply chain and wearable devices.

    Helping people cope with COVID 19 pandemic

    Companies, governments and healthcare organisations use CEM to mitigate risks from coronavirus with several million COVID-19 related communications deployed by Everbridge in recent weeks. The expansion of CEM for IoT enhances coronavirus-related use cases to better protect people, operations, supply chain and brand. For example, the Everbridge ecosystem supports over 1,500 healthcare entities including the top pharmaceutical, biomedical and medical device and manufacturing companies, as well as the largest healthcare systems (overseeing more than 25 percent of all hospital beds in the U.S.), managed care organisations, pharmacies, and statewide health alert networks (HANs), including the Centers for Disease Control and Prevention (CDC) and the National Institutes of Health (NIH). CEM for IoT improves the ability to coordinate first responders and other critical healthcare resources such as intensive care unit (ICU) beds, respirators, expert medical staff, etc., based on real-time data on the broader impact of COVID-19.

    Everbridge’s IoT initiative employs the same CEM framework currently being used by industry leaders from aircraft manufacturing, financial services, entertainment & media, high tech, healthcare, hospitality, retail, pharmaceuticals, the federal government, and other sectors. The Everbridge CEM framework includes aggregating tens of thousands of data sources to identify threats; determining the relevance of a threat to an organisation’s people, facilities, assets, supply chain and reputation based on their dynamic locations; automatically initiating and orchestrating an enterprise-wide response plan using the organization’s policies and procedures and monitoring execution of that plan; while analysing cycle times and results to identify bottlenecks and improve future performance.

    New acquisitions rounds out IoT capabilities

    The acquisitions of Connexient and CNL Software augment the IoT capabilities of the Everbridge CEM Platform bringing the total number of out-of-the-box integrations to over 225. Integrations include numerous healthcare systems, indoor positioning, digital wayfinding, building management, access control, intruder detection, video management, and many more. Everbridge solutions secure major events, cities, states, military installations, government buildings, universities, airports, corporate campuses, and healthcare facilities, providing instrumental functionality to Safe City and Smart Building use cases across multiple critical events including coronavirus.

    “The CEM platform monitors threat data streams continuously, alerts stakeholders when there is a relevant issue, and automatically orchestrates a coordinated response—it is always on,” said Imad Mouline CTO of Everbridge.

    Everbridge has experience with early implementations of Safe City and Smart Building programs in both the public safety and corporate space. According to IHS Markit, the global Safe City market will reach US$35.8 billion in 2024. Brand Essence Market Research forecasts the overall Smart Building market will grow to US$59 billion in 2025. The utilisation of a network of connected devices, or IoT, will make up a portion of both markets.

    The post Everbridge adds IoT module to its CEM platform appeared first on FutureIoT.

    ]]>
    FutureIoT QuickTakes: Integrating IoT security into the enterprise https://futureiot.tech/futureiot-quicktakes-integrating-iot-security-into-the-enterprise/ Fri, 20 Mar 2020 02:09:26 +0000 https://futureiot.tech/?p=6871 Check Point's Itzik Feiglevitch believes for organisations that already have pre-existing IoT elements into the operation – particularly old systems – upgrading these to the current level of innovation and making these secure is not difficult.

    The post FutureIoT QuickTakes: Integrating IoT security into the enterprise appeared first on FutureIoT.

    ]]>
    Check Point's Itzik Feiglevitch believes for organisations that already have pre-existing IoT elements into the operation – particularly old systems – upgrading these to the current level of innovation and making these secure is not difficult.

    Accessing FutureIoT Premium Content

    Welcome! To access Premium content and more, please login below.

    Not a Premium member yet? Register now for a free account!

    Forgot Password

    Alternatively,

    The post FutureIoT QuickTakes: Integrating IoT security into the enterprise appeared first on FutureIoT.

    ]]>
    Survey: Less than 40% of companies are deploying IoT https://futureiot.tech/survey-less-than-40-of-companies-are-deploying-iot/ Fri, 13 Mar 2020 01:30:42 +0000 https://futureiot.tech/?p=6789 Companies are hesitant to heavily invest in IoT before seeing a return on investment, with 30% of survey respondents planning to spend under US$100,000 next year.

    The post Survey: Less than 40% of companies are deploying IoT appeared first on FutureIoT.

    ]]>
    The commercial adoption of Internet of Things (IoT) is real and growing, though not as fast as the hype might suggest, according to the new survey issued this week by Eclipse Foundation, an open source organisation focusing on IoT.

    Entitled “IoT Commercial Adoption Survey”,  the results showed less than 40% of those polled online are deploying IoT solutions today and another 22% plan to start deploying IoT within the next 2 years.

    The nearly two-month survey between October 7 and December 2 last year involved 366 people worldwide from a range of industries, 31% of whom are from Asia-Pacific.

    The objective of survey was to gain a better understanding of the IoT industry landscape by identifying the requirements, priorities, and challenges faced by organizations that are deploying and using commercial IoT solutions

    “IoT is clearly one of the major technology trends today and a ubiquitous buzzword,” said Mike Milinkovich, executive director, Eclipse Foundation. “This survey, which we hope will be the first of an annual tradition, seeks to provide real insights into what organisations are doing with the IoT right now and their plans for production deployments.”

    Cautious approach

    Companies are hesitant to heavily invest in IoT before seeing a return on investment, with 30% of survey respondents planning to spend under US$100,000 next year. However, if the 7% of companies planning to spend $1M-$10M are an indication, the money will follow.

    Indeed, the survey already showed that IoT investment is growing as 40% of organisations plan to increase their spending on the technology in the next fiscal year. Many of these companies keen on increased IoT deployments come from “heavy” industries such as  energy management, building automation and smart cities.

    Clearly, IoT is a powerful ally in the fight against climate change, since these industries can contribute to significant reductions in greenhouse gas emissions.

    Open source rules IoT

    Another key takeaway from the survey is the important role open source is set to play in the IoT market, with  60% of companies factoring open source into their IoT deployment plans. According to Eclipse Foundation, this means clearly means the dominant IoT platforms in the market will either be open source or based on an open source core.

    IoT and open source practitioners echoed this major insight from the survey.

    “This new survey aligns with our own insights into the IoT industry and how organizations are embracing open IoT platforms and commercial offerings based on open source,” said Anita Bunk, Bosch.IO’s open source advocate and head of Marketing, Associate and Technical Communications.

    She added: “We are seeing growing interest in our Bosch IoT Suite offering that is built upon Eclipse IoT open source. Our customers benefit from the open and transparent development that accelerates their ability to deliver real business outcomes.”

    Deborah Bryant, senior director, Open Source Program Office at Red Hat, said: This survey is one of the first to truly tap into what industry leaders are actually doing about IoT right now. The results highlight the important role of open source software in helping companies achieve their goals. This should be a wake-up call for any organization that has yet to evaluate solutions based on open standards and open source technologies as part of their IoT plans.”

    Meanwhile, other key takeaways from the survey include:

    • Hybrid IoT cloud strategies dominate (i.e. composed of two or more distinct cloud infrastructures such as private and public) at 26%. Private/on-premises cloud infrastructure ranks a close second at 22%, with public cloud at 20%. Multi-cloud comes in at just under 10%.
    • Overall, AWS, Azure, and GCP are the leading IoT cloud platforms for IoT implementations.
    • Per device (21%), hybrid (17%), and per CPU/node (8%) are the top 3 preferred pricing models for consuming IoT platform services.
    • The fact that less than 40% of respondents identified artificial intelligence (AI) and machine learning (ML) as concerns of high importance to them shows that it is still early days for that segment of the market. It is possible that most organisations do not have the right skill sets to leverage AI/ML internally.
    • Data security (26%), performance (19%), data collection and analytics (17%) are the top 3 concerns for deploying IoT solutions.

    The post Survey: Less than 40% of companies are deploying IoT appeared first on FutureIoT.

    ]]>
    Cybersecurity should underpin Asia’s smart cities https://futureiot.tech/cybersecurity-should-underpin-asias-smart-cities/ Mon, 09 Mar 2020 00:55:09 +0000 https://futureiot.tech/?p=6747 While IoT could transform how cities are managed, these advantages can be wiped out by a single cyberattack.

    The post Cybersecurity should underpin Asia’s smart cities appeared first on FutureIoT.

    ]]>
    Civic leaders around the world are looking to automate the infrastructures that make their cities run in a drive to reduce costs and cope with rising populations. From transit networks and utilities, through to refuse collection and streetlighting, making services “smart” by connecting devices to the Internet is appealing to those managing cities and large towns. In fact, UBS predicts that Asia’s smart city market could reach US$800b in 2025. The UN projects that 66% of the population in Southeast Asia will be living in urban areas by 2050, and many of its cities are looking to smart solutions to address their challenges.

    However, in their rush to automate their cities, civic managers need to ensure that they also build in cybersecurity to protect them from threats.

    The severity of the threat

    The benefits of generating data-based insights from IoT-powered smart cities, as well as the convenience of remote operations, hinge on the convergence of IT and OT (operational technology) for maximum connectivity.

    However, IoT devices often run on operating systems that have vulnerabilities that are challenging to patch, or simply no longer supported. For instance, IPnet is still an integral part of the operating systems of smart devices used in connected cities, despite being unsupported since 2006. Combined with the reality that there are likely to be hundreds of thousands of these devices connecting to an OT network, that presents a huge, exposed attack surface for attackers to exploit.

    Already, 88% of organisations in Asia Pacific have experienced at least one IoT-related security breach, the highest rate in the world. This is likely to be exacerbated by the rollout of 5G networks, which provides a better way for not only devices to connect to OT networks, but also cybercriminals.

    What might be attacked?

    Public services can be made more time- and cost-efficient through automation and connectivity. However, with each service that is brought online, smart cities are exposing themselves and their citizens to the risk of large-scale threats.

    Take streetlighting for example. By 2026, Asia Pacific is set to be home to a third of all smart streetlight installations worldwide, the bulk of which include central management systems. In Jakarta, remote monitoring and control of streetlights has allowed the city to save energy during off-peak hours, and to deploy repair crews only when necessary.

    Streetlighting is vital for towns and cities as it helps enhance quality of life, improve public safety, and reduce traffic accidents. Conversely, a cyberattack knocking out an entire streetlighting system could endanger commuters.

    There is also the reality that alongside the potential to cause widespread chaos, cybercriminals are likely to want to break into these systems to steal the data, including personally identifiable information, on which they run.

    Reducing risks

    While IoT could transform how cities are managed, these advantages can be wiped out by a single cyberattack. As such, cybersecurity must be a priority when making any infrastructure “smart”.

    However, public servants often lack cybersecurity expertise. In 2018, Singapore faced what authorities dubbed its "most serious personal data breach" when the personal information of 1.5 million patients was leaked in a cyberattack, which has been attributed to system vulnerabilities and weak passwords. This should be of concern to smart city managers, as it doesn’t take long once a threat actor is in an IT network to move laterally into the OT that a smart city runs on if there is not proper segmentation between the two.

    Local authorities must also ensure existing staff are trained to be “cyber aware”, so that their actions don’t compromise their networks’ security. They must also recruit or train a cybersecurity team that understands the difference between managing and protecting IT and OT networks.

    The other piece of the puzzle is to invest in technology that provides detailed oversight into everything on a city’s IT and OT networks. Knowing granular details such as a device’s make, model, OS and IP address through to risk level and update schedule, the IT security team will be able to identify and mitigate any vulnerabilities on their networks. As IoT and OT environments use unique communication protocols, this requires specialised solutions that can recognise them.

    Once they know what is running on the network, security professionals also need to know how assets should be running, so that they can detect any anomalies. This requires continuous automated monitoring that can present contextualised alerts ranked by level of severity, providing security teams with all the information they need to tackle potential risks in priority order. Such solutions also help reduce time wasted dealing with false positives and low risk alerts.

    When building physical infrastructures, a key consideration for civic managers and leaders has always been safety and security. The same now has to be true when building OT infrastructures in the age of IoT.

    The post Cybersecurity should underpin Asia’s smart cities appeared first on FutureIoT.

    ]]>
    ExtraHop secures IoT in enterprise deployments https://futureiot.tech/extrahop-secures-iot-in-enterprise-deployments/ Wed, 26 Feb 2020 03:00:35 +0000 https://futureiot.tech/?p=6640 With newest IoT security capabilities to its flagship product ExtraHop Reveal, the company now provides advanced discovery, classification and behaviour profiling for enterprise IoT devices, providing visibility across device and service layers.

    The post ExtraHop secures IoT in enterprise deployments appeared first on FutureIoT.

    ]]>
    Cloud-native network detection and response provider ExtraHop has introduced new features that enables secure adoption and implementation of IoT in the enterprise.

    IoT reduces operational friction, making businesses more efficient and employees more productive. But this comes at a cost. IoT moves computing power to the edge, vastly expanding the enterprise attack surface, and without visibility into what devices are connecting to the network and what resources they are accessing, it leaves organisations vulnerable to threats.

    With newest IoT security capabilities to its flagship product ExtraHop Reveal, the company now provides advanced discovery, classification and behaviour profiling for enterprise IoT devices, providing visibility across device and service layers.

    ExtraHop said its new features provides complete visibility, detection, and response across the attack surface without the need to implement narrow point solutions.

    Fernando Montenegro, principal analyst for information security at 451 Research, said IoT security is an imperative in the light of expanding IoT deployments in enterprise environments.

    “Our research points to consistent growth in enterprise IoT usage which, along with other enterprise initiatives, has led to a growing attack surface,” he said. “This leads to increased demands from enterprise security teams for visibility into network traffic, analysis for detection of threats, followed by remediation as needed.”

    Putting security ahead of IoT deployments

    ExtraHop specialises in cloud-native network detection and response to secure the hybrid enterprise, using an approach that applies advanced machine learning to cloud and network traffic. Among its well-known customers include The Home Depot, Credit Suisse,  Liberty Global, and Caesars Entertainment.

    Its new enterprise IoT security features are now globally available with ExtraHop Reveal(x) platform.

    “We believe that enterprise IoT is a strong fit for ExtraHop's network detection and response solution. Not only do we discover the presence of IoT devices, identifying make and model, but we also automatically segment into peer groups to detect suspicious behaviours and potential threats.” said Jesse Rothstein, CTO and co-founder at ExtraHop. “Reveal(x) enables organisations to truly understand the level of risk a device poses and provides situational awareness of the environment.”

    Some of the new IoT security features in ExtraHop Reveal include:

    • Continuous Device Discovery and Classification discovers, identifies, and profiles all IoT devices and services to deliver complete visibility without friction to IT and Security Operations teams.
    • Device Behaviour Profiling extracts rich L2-L7 data from network and cloud traffic, enabling deeper analysis across devices at the service level. When paired with cloud-scale machine learning from ExtraHop, this data is correlated with other network events to rapidly and accurately detect threat patterns for immediate response. This provides organisations with continuous behavioural monitoring and detection for IoT devices such as VoIP phones, printers, IP cameras, wearables, and smartboards.
    • Guided Investigation automatically gathers contextual information, related detections, and packet level details into a single workflow to streamline and accelerate response actions, enabling security analysts and threat hunters to quickly determine the impact and scope of an IoT event and easily drill into forensic level details.
    • IoT Security Hygiene helps security and IT operations teams address issues such as IoT devices and services using unencrypted communications, and when discovered, can automate response actions with other systems like creating a ticket or isolating devices on the network.

    The post ExtraHop secures IoT in enterprise deployments appeared first on FutureIoT.

    ]]>
    New partnership reduces field testing of IoT modules https://futureiot.tech/new-partnership-reduces-field-testing-of-iot-modules/ Mon, 24 Feb 2020 03:00:05 +0000 https://futureiot.tech/?p=6627 Gemalto, a Thales company, is using test equipment from T&M specialist Rohde & Schwarz to ensure that Cinterion IoT modules operate synchronously across all networks and conditions. This reduces extensive real network drive tests in different countries for manufacturers of IoT (Cat‑M and NB‑IoT) solutions, resulting in faster time-to-market.

    The post New partnership reduces field testing of IoT modules appeared first on FutureIoT.

    ]]>
    IoT protocol stack features have been specified by 3GPP, an engineering organisation that brings national Standards Development Organisations (SDOs) from around the globe to develop technical specifications for the 3rd generation of mobile, cellular telecommunications, UMTS.

    IoT devices have to interact with different network configurations worldwide. It is therefore important to ensure that these features are working well in all sorts of configurations, configured by different network operators.

    To address this challenge, digital identity and security provider Gemalto (a Thales company) and Rohde & Schwarz  have teamed up to significantly reducing expensive and time-consuming drive tests of IoT devices.

    Rohde & Schwarz (R&S)  is a leading supplier of solutions in the fields of test and measurement, broadcast and media, aerospace (defense) security and networks and cybersecurity. The company is headquartered in Munich, Germany, and has subsidiaries in more than 70 countries, with regional hubs in Asia and America.

    With their new collaboration, Gemalto is using test equipment from R&S to ensure that its Cinterion IoT modules operate synchronously across all networks and conditions. This reduces extensive real network drive tests in different countries for manufacturers of IoT (Cat‑M and NB‑IoT) solutions, resulting in faster time-to-mark

    Specifically, manufacturers of IoT solutions can use virtual drive tests during the development phase of CAT‑M1 and NB‑IoT modules to find and fix problems at an earlier stage. This also enables seamless cellular coverage and reliable connectivity before the integration process continues and further field tests are performed. Network-specific integration tests and field tests include analysis of unique network configurations in different countries, challenging RF Power level conditions and verification of signalling under compelling RF environments.

    R&S Field-to-Lab now supports LTE-M and NB-IoT technologies. (Photo from Rodhe & Schwarz)

    The setup consists of R&S Field‑to‑Lab wireless communication test system, R&S CMWcards smart network emulator, R&S CMW500/CMW290 wideband radio communication tester from Rohde & Schwarz. The successful LTE based R&S Field-to-Lab solution by Rohde & Schwarz has now been extended to support LTE-M and NB-IoT technologies.

    With the same user interface, customers can seamlessly move between LTE and IoT testing. The simple process of loading the field logs, extracting the required information from the field log and generating R&S CMWcards test script helps to replicate the real network environment in a lab with just a few mouse clicks.

    The R&S Field-to-Lab supports 3GPP IoT features. Unlike other simulated drive test solutions, it is also the first virtual drive test solution for IoT offering replication of signalling and RF conditions in an easy-to-operate GUI on the R&S CMW500 and R&S CMW290 mobile radio testers.

    Consequently, this new IoT approach enables for Thales an increasingly efficient and rapid IoT testing procedure.

    For Rohde & Schwarz it is an opportunity to make its IoT testing and measurement domain even stronger. Collaboration between Gemalto, a Thales company, and Rohde & Schwarz on the topic of field-to-lab continues actively, enabling both companies to help each other in verification of software builds and releases.

    The post New partnership reduces field testing of IoT modules appeared first on FutureIoT.

    ]]>
    Partnership to defend against cyber threats targeting smart homes https://futureiot.tech/partnersip-to-defend-against-cyber-threats-targeting-smart-homes/ Thu, 13 Feb 2020 01:00:03 +0000 https://futureiot.tech/?p=6574 As households adopt more smart home devices, owners rely more and more on a router/gateway with strong security software to prevent unauthorized access and protect their privacy.

    The post Partnership to defend against cyber threats targeting smart homes appeared first on FutureIoT.

    ]]>
    The smart home market continues to gain momentum with Statista forecasting a global market value of US$35,756 million in 2020, growing at a compound annual growth rate of 15.9% and nearly doubling to US$64,452 million by 2024.

    Statista noted that penetration is at a low 8.0% in 2020, hitting 18.8% by 2024, with the US accounting for 77.3% of the global market in 2020.

    A common fixture in upcoming smart home deployments is a home security system – a set of integrated systems connecting the home Wi-Fi network to the internet allowing the homeowner to monitor and control security devices using a smartphone and an app.

    It is this connection to the internet that presents both an opportunity as well as threat. Consider that a typical entry-level smart home would include door and window sensors, surveillance camera with motion detector, and a hub that communicates with these devices using one or more wireless protocols such as Wi-Fi, Z-Wave, ZigBee, or a proprietary mesh network.

    MarketWatch says the Asia-Pacific home security systems market will grow at a CAGR of 13.36% during the forecast period of 2018-2025. It attributes this growth to the fast-growing adoption of all types of home security and safety systems across the region.

    SAM Seamless Network is partnering with BitDefender to target ISPs to offer complete enterprise-grade security on all devices both in and out of the home, against all attacks such as phishing, and malware, and across all smart devices connected to the network.

    One of the first use cases of this partnership with Telenet, a European ISP offering IoT security to its customers. The solution combines SAM’s network, IoT, device security fingerprinting and PC security protection together with BitDefender’s end-point protection.

    “We have seen a rapid increase in attacks on home devices this last year and with 5G on the near horizon, we expect them to rise even more in 2020,” said Sivan Rauscher, CEO and co-founder of SAM Seamless Network.

    She noted that the introduction of IoTs to the home network potentially introduces a new revenue stream for ISPs. “For example, selling smart IoT devices direct to consumers, offering services such as IoT security and privacy and branching more into physical security with suites of security services grouped together,” she opined.

    Rauscher noted that the opportunity can go further spilling into smart cars, as well as the use of smart wearable devices.

    Liberty Global, which own brands like Virgin Media, Telenet and UPC, plans to integrate SAM’s solution in its routers to secure every connection point even outside the home. The service will be available to all Liberty Global’s customers by 2021.

    Market research firm Parks Associates 71% of US broadband households that own smart devices are concerned about cybersecurity. It further estimates that 25% of those who do not own smart home devices are also concerned about privacy and security, which prevents them from buying smart devices.

    “As households adopt more smart home devices, owners rely more and more on a router/gateway with strong security software to prevent unauthorized access and protect their privacy. One-third of households with 1-4 smart home devices have adopted this method, increasing to 50% of households once they adopt 10 or more devices,” said Lindsay Gafford, Research Analyst, Parks Associates.

    The post Partnership to defend against cyber threats targeting smart homes appeared first on FutureIoT.

    ]]>
    Smart vision: Opening eyes to new sustainable practices in Singapore https://futureiot.tech/smart-vision-opening-eyes-to-new-sustainable-practices-in-singapore/ Tue, 11 Feb 2020 02:30:35 +0000 https://futureiot.tech/?p=6561 With a plethora of smart building management solutions in the market, video stands out as a multi-faceted tool that goes beyond security to provide smart metrics for intelligent workplace management.

    The post Smart vision: Opening eyes to new sustainable practices in Singapore appeared first on FutureIoT.

    ]]>
    Video technologies are often associated with the idea of security, leaving little to the imagination of what can be done beyond that space. In fact, one might never think it could have a part to play in sustainable strategies. However, that is set to change — with the advent of data analytics, AI and IoT — you would be surprised how much value video can add to ongoing conversations surrounding sustainability and the environment. A common misconception is that sustainability initiatives require dramatic overhauls of existing solutions and adopting costly, cutting-edge alternatives instead. In fact, smart video technologies can provide sweet reprieve — proving both easy and affordable to implement, while providing effective results.

    Environmental conservation

    Firstly, video technology can be effectively utilised to impact environmental conservation efforts. Beyond enabling the forecasting of weather, observation of coastal patterns and pollution tracking, video networking solutions have proven particularly useful in observing surroundings too delicate or dangerous for humans to monitor. Halfway around the world, this can already be seen with video technology used to track polar bear movements in Canada, which helps them maintain a safe distance from nearby cities.

    Closer to home, an Australian rainforest observatory had sought to study an osprey’s nest, which was perched atop the forest canopy. To enable researchers to observe the birds and happenings surrounding the nest, researchers mounted cameras in precarious positions, which then provided remote and round-the-clock tracking on a consolidated video management platform. With these intuitive video management systems, researchers were also able to quickly download and monitor the osprey camera output from various remote research facilities.

    In Singapore, this could be applied in a similar capacity, aiding the research and conservation of endangered local wildlife, or even the inspection of trees. And it’s not just stationary camera systems that provide this support; video drones also present an exciting option in enabling real-time visibility over wide expanses of land or water. Singapore’s NParks, for instance, is currently exploring drone use as part of its smart roadmap to improve efficiency in its environmental conservation and management efforts. The Forest Fire Detection and Monitoring Systems prototype will see an installation of cameras in forested areas to enable continuous, real-time monitoring and the early detection (and prevention) of forest fires.

    Corporate sustainability

    Beyond equipping organisations in their efforts to save the environment, video technologies, such as video analytics, can play a crucial role in sustainability strategies today – these include monitoring energy consumption and wastage and even suggesting ways in which energy-saving technologies may be applied. Such reduced energy emissions can directly correspond with significant savings in energy spend.

    Video can empower everyday businesses to adopt sustainable business practices. Research continues to prove that doing one’s part for the environment and prioritizing profitability do not have to be mutually exclusive — Singapore’s Deputy Prime Minister Heng Swee Keat had recently advocated on embracing sustainability in corporate mandates, as they actually do make ‘good business sense’. Furthermore, as Singapore realises its Smart Nation ideals, smart building solutions become increasingly pertinent considerations for business leaders. With a plethora of smart building management solutions in the market, video stands out as a multi-faceted tool that goes beyond security to provide smart metrics for intelligent workplace management.

    For starters, having an AI-powered camera network within offices provides operations managers with data on key areas of traffic and footfall. This then translates to actionable insight on how office spaces and resources can be used to maximise work productivity. With IoT-backed capabilities, organisations will be able to monitor and act on common areas that are at capacity or when shared resources need to be replenished. Furthermore, these solutions can automate the adjustment of air conditioning and ventilation systems based on how populated spaces are, as well as adjust lighting requirements based on how much natural light enters the office.

    Think about that for a second — simply consider the office lights, air-conditioning and digital appliances left on and charging throughout the night. This can account for a hefty percentage of your average business’ energy bills; money that could then be rechanneled into the business.

    Although Singapore firms are well ahead of other countries in their smart building implementations, a simple way to effectively boost corporate sustainability efforts may lie in greater adoption of intelligent energy solutions such as these. In short, it remains a win-win situation.

    Adopting video technology solutions empowers organisations to better identify opportunities to embrace sustainable business efforts, circumvent existing problem areas in wastage management and save operational costs in the long run; exemplifying how businesses can do their part for the environment, while ensuring profitability.

    In a time where the technology space is saturated and existing solutions are constantly drowned out by emerging ones each day, it remains evident that there continues to be plenty of applications of video technology in enhancing our lives and environment.

    There remains much more that Singapore can do for sustainability and leveraging video solutions can serve to further propel those efforts. So perhaps what sustainability requires isn’t necessarily a redo, as much as it is a rethinking and resolve in our approach. Innovation gives us a leg up in tackling today’s increasingly complex challenges, but a simple solution can already be found in video technologies.

     

     

    The post Smart vision: Opening eyes to new sustainable practices in Singapore appeared first on FutureIoT.

    ]]>
    Millions of enterprise-grade Cisco devices floating in zero-day vulnerability https://futureiot.tech/millions-of-enterprise-grade-cisco-devices-floating-in-zero-day-vulnerability/ Tue, 11 Feb 2020 01:00:19 +0000 https://futureiot.tech/?p=6550 5 zero-day vulnerabilities leave Cisco Nexus switches, IOS XR routers, Cisco 7800 and 8800 IP phones and Cisco IP cameras vulnerable to hacking.

    The post Millions of enterprise-grade Cisco devices floating in zero-day vulnerability appeared first on FutureIoT.

    ]]>
    5 zero-day vulnerabilities leave Cisco Nexus switches, IOS XR routers, Cisco 7800 and 8800 IP phones and Cisco IP cameras vulnerable to hacking.

    Accessing FutureIoT Premium Content

    Welcome! To access Premium content and more, please login below.

    Not a Premium member yet? Register now for a free account!

    Forgot Password

    Alternatively,

    The post Millions of enterprise-grade Cisco devices floating in zero-day vulnerability appeared first on FutureIoT.

    ]]>
    Smart lightbulbs could be a launchpad for cyberattacks https://futureiot.tech/smart-lightbulbs-could-be-a-launchpad-for-cyberattacks/ Mon, 10 Feb 2020 04:30:40 +0000 https://futureiot.tech/?p=6545 Hackers could exploit vulnerabilities in the popular ZigBee protocol to deliver ransomware or spyware to networks by compromising smart lightbulbs and their controllers.

    The post Smart lightbulbs could be a launchpad for cyberattacks appeared first on FutureIoT.

    ]]>
    Check Point Research last Friday revealed that smart lightbulbs and their control bridge could be used to exploit an IoT network to launch attacks on conventional computer networks in homes, businesses or even smart cities.

    Researchers focused on the popular Philips Hue smart bulbs and bridge and identified the CVE-2020-6007 vulnerability that enabled it to infiltrate networks using a remote exploit in the Zigbee low-power protocol, which is used to control a wide range of IoT devices. The communication protocol is used for giving commands to the Philips Hue bulbs and receiving information from them.

    “Many of us are aware that IoT devices can pose a security risk, but this research shows how even the most mundane, seemingly ‘dumb’ devices such as lightbulbs can be exploited by hackers and used to take over networks, or plant malware,” said Yaniv Balmas, head of Cyber Research, Check Point Research, the threat intelligence arm of Check Point Software Technologies.

    The attack scenario is as follows:

    1. The hacker controls the bulb’s colour or brightness to trick users into thinking the bulb has a glitch. The bulb appears as ‘Unreachable’ in the user’s control app, so they will try to ‘reset’ it.
    2. The only way to reset the bulb is to delete it from the app, and then instruct the control bridge to re-discover the bulb.
    3. The bridge discovers the compromised bulb, and the user adds it back onto their network.
    4. The hacker-controlled bulb with updated firmware then uses the ZigBee protocol vulnerabilities to trigger a heap-based buffer overflow on the control bridge, by sending a large amount of data to it. This data also enables the hacker to install malware on the bridge – which is in turn connected to the target business or home network.
    5. The malware connects back to the hacker and using a known exploit (such as EternalBlue), they can infiltrate the target IP network from the bridge to spread ransomware or spyware.

    The research was done with the help of the Check Point Institute for Information Security (CPIIS) in Tel Aviv University,

    “It’s critical that organisations and individuals protect themselves against these possible attacks by updating their devices with the latest patches and separating them from other machines on their networks, to limit the possible spread of malware,” Balmas said.

    Taking action

    This is not the first time an analysis of the security of ZigBee-controlled smart lightbulbs has been conducted.  In 2017, researchers revealed that they were able to take control of a Hue lightbulb on a network, install malicious firmware on it and propagate to other adjacent lightbulb networks.

    Check Point Research took this prior work one step further and used the Hue lightbulb as a platform to take over the bulbs’ control bridge and ultimately, attacking the target's computer network.

    It should be noted that more recent hardware generations of Hue lightbulbs do not have the exploited vulnerability.

    When Check Point Research disclosed its latest finding to Philips and Signify (owner of the Philips Hue brand) in November 2019. Signify confirmed the existence of the vulnerability in their product, and issued a patched firmware version, which is now  via an automatic update.

    George Yianni, head of technology at Philips Hue, said: ““We are committed to protecting our users’ privacy and do everything to make our products safe. We are thankful for responsible disclosure and collaboration from Checkpoint, it has allowed us to develop and deploy the necessary patches to avoid any consumers being put at risk”

    Boris Cipot, senior security engineer at Synopsys Software Integrity Group, commented: “The good news is that the vulnerability has already patched by Philips and was released on the 13th of January. Users that have automatic updates enabled on their bridges have already got the patch applied.”

    He pointed out that It is highly advisable to turn the automatic updates on, so you do not miss any security improvements now or in the future.

    “Furthermore, there are other perks to having automatic updates switched on. This includes ensuring you do not miss out on quality, security or performance improvements, as well as guaranteeing that your Hue System stays compatible with new Hue products.”

    The post Smart lightbulbs could be a launchpad for cyberattacks appeared first on FutureIoT.

    ]]>
    Thailand fortifies border control with biometric system https://futureiot.tech/thailand-fortifies-border-control-with-biometric-system/ Thu, 06 Feb 2020 02:30:42 +0000 https://futureiot.tech/?p=6534 To date, the new system has verified 49 million travellers at all ports of entry across Thailand since May 2019.

    The post Thailand fortifies border control with biometric system appeared first on FutureIoT.

    ]]>
    Thailand Immigration Bureau has deployed a new biometric control system at 65 border crossings across the country, which include 16 international airports and 49 land borders and seaports.

    The Automated Biometric Identification System (ABIS), provided by DERMALOG, has been in operation since May 2019.

    “Our new system has increased the rate of catching criminals at our borders tremendously," says Immigration Bureau chief Sompong Chingduang.

    The core of the ABIS solution for the Thailand Immigration Bureau is composed of fingerprint and facial recognition scanners that validates a traveller’s identification by their biometric data. The new system in Thailand takes only 0.1 seconds to identify a person through the entire database by fingerprint and face. It claims to be the world's fastest multi-biometric systems for so-called one-to-many matching.

    To date, the ABIS has already checked about 49 million travellers,  and the Thai Immigration Bureau identified more than 4,300 blacklisted persons and about 127,000 people who had violated visa regulations. In addition, 3,166 persons had been arrested for fraud attempts, detected by the biometric system.

    According to DERMALOG, its  innovative biometric systems have improved border security in 16 countries globally. In total, more than 240 government agencies in 90 countries are using this latest biometric technology from Germany.

     

    The post Thailand fortifies border control with biometric system appeared first on FutureIoT.

    ]]>
    CIO’s guide to securing IoT https://futureiot.tech/cios-guide-to-securing-iot/ Wed, 05 Feb 2020 01:00:12 +0000 https://futureiot.tech/?p=6525 [...] Accessing FutureIoT Premium Content Welcome! To access Premium content and more, please login below. Not a Premium member yet? Register now for a free account! Username or Email Password  Remember Me Forgot Password Alternatively,

    The post CIO’s guide to securing IoT appeared first on FutureIoT.

    ]]>
    [...]

    Accessing FutureIoT Premium Content

    Welcome! To access Premium content and more, please login below.

    Not a Premium member yet? Register now for a free account!

    Forgot Password

    Alternatively,

    The post CIO’s guide to securing IoT appeared first on FutureIoT.

    ]]>
    Trend Micro: Honeypot reveals threats to smart factories https://futureiot.tech/trend-micro-honeypot-reveals-threats-to-smart-factories/ Thu, 23 Jan 2020 03:30:19 +0000 https://futureiot.tech/?p=6426 The six-month investigation showed that they attracted fraud and financially motivated exploits, primarily falling victims to common threats.

    The post Trend Micro: Honeypot reveals threats to smart factories appeared first on FutureIoT.

    ]]>
    Cybersecurity firm Trend Micro revealed that it had created a honeypot imitating an industrial factory to determine threats facing unsecured OT (operational technology) environments.

    The six-month investigation showed that they attracted fraud and financially motivated exploits, primarily falling victims to common threats.

    The honeypot was compromised for cryptocurrency mining, targeted by two separate ransomware attacks, and used for consumer fraud.

    "Too often, discussion of cyber threats to industrial control systems (ICS) has been confined to highly sophisticated, nation-state level attacks designed to sabotage key processes. While these do present a risk to Industry 4.0, our research proves that more commonplace threats are more likely," said Greg Young, vice president of cybersecurity for Trend Micro.

    To better understand the attacks targeting ICS environments, Trend Micro Research created a highly realistic, industrial prototyping company.

    The honeypot consisted of real ICS hardware and a mix of physical hosts and virtual machines to run the factory, which included several programmable logic controllers (PLCs), human machine interfaces (HMIs), separate robotic and engineering workstations and a file server.

    "Owners of smaller factories and industrial plants should therefore not assume that criminals will leave them alone. A lack of basic protections can open the door to a relatively straightforward ransomware or cryptojacking attack that could have serious consequences for the bottom line,” Young said.

    Trend Micro urged smart factory owners to minimise the number of ports they leave open and to tighten access control policies, among other cybersecurity best practices. In addition, implementing cybersecurity solutions designed for factories, like those offered by Trend Micro, can help further mitigate the risk of attack.

    The post Trend Micro: Honeypot reveals threats to smart factories appeared first on FutureIoT.

    ]]>
    Connectivity predictions for 2020 https://futureiot.tech/connectivity-predictions-for-2020/ Wed, 15 Jan 2020 01:00:41 +0000 https://futureiot.tech/?p=6365 The connecting of assets, processes and personnel enables the capture of data and events from which a company can learn behaviour and usage, react with preventive action, or augment or transform business processes. The IoT is a foundational capability for the creation of digital business.

    The post Connectivity predictions for 2020 appeared first on FutureIoT.

    ]]>
    The connecting of assets, processes and personnel enables the capture of data and events from which a company can learn behaviour and usage, react with preventive action, or augment or transform business processes. The IoT is a foundational capability for the creation of digital business.

    Accessing FutureIoT Premium Content

    Welcome! To access Premium content and more, please login below.

    Not a Premium member yet? Register now for a free account!

    Forgot Password

    Alternatively,

    The post Connectivity predictions for 2020 appeared first on FutureIoT.

    ]]>
    RELX deploys facial recognition cameras in Shanghai store https://futureiot.tech/relx-deploys-facial-recognition-cameras-in-shanghai-store/ Mon, 13 Jan 2020 02:00:54 +0000 https://futureiot.tech/?p=6345 The deployment of these cameras is part of the company’s Project Sunflower scheme, which prevents underage access and use of e-cigarettes by minors.

    The post RELX deploys facial recognition cameras in Shanghai store appeared first on FutureIoT.

    ]]>
    Leading e-cigarette manufacturer RELX opened its first flagship store in China this month equipped with facial recognition cameras that would alert staff when a suspected underaged person enters the store.

    The deployment of these cameras is part of the company’s Project Sunflower scheme, which prevents underage access and use of e-cigarettes by minors. Under the scheme, customers undergo another layer of automated verification to ensure a match between them and the ID presented when making a purchase.

    Project Sunflower is already being implemented nationwide, with RELX aiming to install the system in 100 stores within the next three months and across all RELX stores within seven months. Under an unwavering penalty system, any retailers caught selling products to minors are set to be fined RMB 200,000 for first-strike offences, with the possibility of total suspension of business in the event of future strikes.

    “The flagship store demonstrates Project Sunflower’s central role in RELX’s retail division,” said Jiang Long, co-founder and head of sales. “As a visionary company, RELX is prepared to shoulder the responsibility of blazing the trail in tech-enabled social responsibility.”

    Founded in January 2018, RELX is Asia's leading e-cigarette company geared towards empowering adult smokers through technology and design, ethically. RELX develops its cutting-edge e-cigarette products at its R&D centre in Shenzhen, China.

    Immersive shopping experience

    The newly opened flagship store occupies 140 sqm space in Shanghai’s bustling central business district. It features a brand experience area, a consumer education area, an interactive zone, and device engraving services.

    “Consumers nowadays prefer immersive shopping experiences, and we want to make this flagship a place where we can not only better communicate with them about our product and values but also better understand their needs. We’re always on the lookout for ways to better serve our consumers,” said Wang Tao, head of RELX’s new retail business. “

    He added that RELX will launch stores in areas of interest in various cities, such as Beijing’s 798 art hub and Shenzhen’s Haigangcheng, to provide avant-garde experiences to consumers.

    RELX only ventured into the retail business in January last year and now operates over 1,400 RELX stores across 300 cities in China.

    With the opening of its new flagship store in  Shanghai, the company also announced its intention to invest RMB 500 million in establishing 10,000 stores globally over the next three years.

    As China’s biggest e-cigarette brand holding a market share above 60%, the company is poised to strengthen its lead by accelerating its retail business.

    “RELX is investing heavily in breakthrough technologies to enhance franchisees’ profit margins and increase consumer loyalty during the course of its brick-and-mortar expansion,” Long said. “As always, our focus will remain on preventing minors from using e-cigarette products and leading the path of innovation for the entire industry by developing advanced retail technology.”

    The post RELX deploys facial recognition cameras in Shanghai store appeared first on FutureIoT.

    ]]>
    Security isn’t ‘front of mind’ in the IoT https://futureiot.tech/security-isnt-front-of-mind-in-the-iot/ Thu, 09 Jan 2020 01:00:40 +0000 https://futureiot.tech/?p=6311 The complexity and speed of development. Effectively what we have today is the moral equivalent of a land grab going on, where no matter what a device could potentially do, there’s at least a half dozen or maybe a dozen vendors who are actively pursuing it.

    The post Security isn’t ‘front of mind’ in the IoT appeared first on FutureIoT.

    ]]>
    The complexity and speed of development. Effectively what we have today is the moral equivalent of a land grab going on, where no matter what a device could potentially do, there’s at least a half dozen or maybe a dozen vendors who are actively pursuing it.

    Accessing FutureIoT Premium Content

    Welcome! To access Premium content and more, please login below.

    Not a Premium member yet? Register now for a free account!

    Forgot Password

    Alternatively,

    The post Security isn’t ‘front of mind’ in the IoT appeared first on FutureIoT.

    ]]>
    Leading IoT organisations TioTA and IIC join forces https://futureiot.tech/leading-iot-organisations-tiota-and-iic-join-forces/ Tue, 07 Jan 2020 00:40:03 +0000 https://futureiot.tech/?p=6305 The first formal meeting of the combined organisation will be held in Athens, Greece, March 9-12, 2020.

    The post Leading IoT organisations TioTA and IIC join forces appeared first on FutureIoT.

    ]]>
    The Trusted IoT Alliance (TIoTA) is merging with the Industrial Internet Consortium (IIC) effective immediately, working together under the IIC umbrella to drive industry collaboration and research, foster open systems development and promote best practices for trusted IoT systems such as blockchain and related distributed ledger technologies (DLT).

    The first formal meeting of the combined organisation will be held in Athens, Greece, March 9-12, 2020.

    “Over its two-year lifespan, TIoTA has impacted the intersection of DLT and IoT, while in its five years, the IIC has established major influence in IoT across industries,” said Csilla Zsigri, senior analyst, Blockchain & DLT, 451 Research.  “This consolidation will strengthen the ability of the IIC to provide guidance and advance best practices on the uses of distributed ledger technology across industries, and boost the commercialization of these products and services.”

    The IIC delivers a trustworthy IIoT in which the world’s systems and devices are securely connected and controlled to deliver transformational outcomes, while TIoTA seeks to enable trust in the data produced by such IoT systems in a distributed ledger/blockchain agnostic fashion.

    According to IIC executive director Richard Soley, the combined organisation will offer a single stop for IoT industry guidance and a larger ecosystem for end-users looking to improve their bottom line with IoT and DLT.

    ““Since IIC began in 2014, the use cases for distributed ledger technology have grown exponentially,” Soley said. “This merger will enable the consortium to become the centre of gravity for the future of industrial IoT systems across industry verticals.”

    As an IIC liaison, TIoTA has previously partnered with IIC on some of  its Trusted IoT Global Design Challenges, Trusted IoT Reference Architecture working group, and other initiatives.

    “We are looking forward to bringing these into the IIC portfolio to further develop practices around multi-stakeholder innovation strategies,” said Anoop Nannra, founder and chairman of TIoTA.  “Our membership is excited to help drive and shape the advancement of trusted systems in a broad range of IoT applications with the wider community.”

    He added that TIoTA is  excited “to take this step toward integrating with IIC and continuing to accelerate our momentum together.”

    TIoTA members welcomed the move to bring the two organisations together under one roof.

    “TIoTA has built a community of technology leaders focused on bringing blockchain/DLT solutions to market,” said John Calian, head of Telekom Innovation Laboratories (T-Labs), an enterprise member of TIoTA. “This community is focused on leveraging the power of blockchain/DLT and the concept of decentralized trust to achieve greater security, scalability, and interoperability within existing and future IoT ecosystems. This direction will help the IIC continue its market momentum.”

    The post Leading IoT organisations TioTA and IIC join forces appeared first on FutureIoT.

    ]]>
    IoT will expand security imperative towards network edge https://futureiot.tech/iot-will-expand-security-imperative-towards-network-edge/ Fri, 27 Dec 2019 02:00:22 +0000 https://futureiot.tech/?p=6243 Dave Russel, vice president of enterprise strategy at Veeam, said growth of IoT and the shift towards edge computing exacerbates an enterprise’s data management issues.

    The post IoT will expand security imperative towards network edge appeared first on FutureIoT.

    ]]>
    Traditional data centres are not equipped to handle the requirements of companies who increasingly find that they need to connect to IoT devices, where volumes of data are being generated.

    With this major technology shift, companies need to put the physical computing resources at the edge of the network where IoT endpoints are located because the inherent latency of the cloud is no longer enough when it comes to deploying machine intelligence and getting real-time results.

    Industry insiders believe that edge computing is needed for IoT deployments to work effectively, with International Data Corporation (IDC) predicting that 45% of all data created by IoT devices will be stored, processed, analysed and acted upon close to or at the edge of a network by 2020.

    Indeed, according to the research firm’s 2020 predictions,  more than 50% of new enterprise infrastructure deployed will be at the edge rather than corporate data centres by 2023, up from less than 10% today. And by 2024, the number of apps at the edge will go up by 800%.

    Dave Russell, vice president of enterprise strategy, Veeam

    Speaking with FutureIoT, Dave Russel, vice president of enterprise strategy at Veeam, said that in five years, a typical organisation could see “80% on-prem, 19% public cloud, and 1% edge to a mix that could look like 30-35% on-prem, 35-40% public cloud, and 25-30% edge”.

    Regardless of specific percentages, he added, it is clear that in just a few years more half or more of enterprise-generated data will be created and processed outside of the data centre or cloud.

    Putting security at the edge of the network

    Russell pointed out that the increasingly disaggregated nature of IoT, and all of the intelligent edge, exacerbates many data management challenges.

    “This is not too dissimilar from small remote offices with low-to-no IT skill.  The ability to directly manage data and infrastructure will give way to remote management, which simultaneously will bring a new range of security, privacy, and data availability challenges,” he said.

    With the shift towards edge computing, companies are well-advised to the security of the data – especially from a data leakage perspective.

    “There is a class of IoT that has a very short half-life associated with it, but even much of that data should never make it in to the clear and be viewable,” Russell said. “Much like with big data, there are some cases with the many components that make up IoT data need to be preserved, and other cases where it is just the result of an operation that is of interest.”

    He stressed that organizations should strive to understand what the retention requirements are for their various classed of IoT data, which then can lead to an impact assessment of how highly available that data must be.

    This raises an issue of data gravity, and especially of networking, to be able to copy or move that data.

    “Combining other corporate initiatives, such as digital transformation (DX), which is also about customer intimacy, and the desire to apply intelligence and analytics against many workloads, likely means that IoT and intelligent edge data in general will increasingly fall under the purview of corporate IT,” Russell said.

    He added: “This means that the time to begin planning for this is sooner, rather than later, and is another example of on-prem operations management and infrastructure teams needing to become more business-oriented in their practices.”

    The post IoT will expand security imperative towards network edge appeared first on FutureIoT.

    ]]>
    IoT security begins with connectivity https://futureiot.tech/iot-security-begins-with-connectivity/ Tue, 24 Dec 2019 04:52:24 +0000 https://futureiot.tech/?p=6238 As the number of deployments soars, IoT security has never been more critical.

    The post IoT security begins with connectivity appeared first on FutureIoT.

    ]]>
    As the number of deployments soars, IoT security has never been more critical.

    Accessing FutureIoT Premium Content

    Welcome! To access Premium content and more, please login below.

    Not a Premium member yet? Register now for a free account!

    Forgot Password

    Alternatively,

    The post IoT security begins with connectivity appeared first on FutureIoT.

    ]]>
    PKI is the linchpin that secures the IoT ecosystem https://futureiot.tech/pki-is-the-linchpin-that-secures-the-iot-ecosystem/ Wed, 18 Dec 2019 00:00:10 +0000 https://futureiot.tech/?p=6211 For many organisations, PKI is a strategic part of their IT backbone, enabling them to embrace new digital initiatives, such as cloud, widespread mobile device usage and IoT.

    The post PKI is the linchpin that secures the IoT ecosystem appeared first on FutureIoT.

    ]]>
    For many organisations, PKI is a strategic part of their IT backbone, enabling them to embrace new digital initiatives, such as cloud, widespread mobile device usage and IoT.

    Accessing FutureIoT Premium Content

    Welcome! To access Premium content and more, please login below.

    Not a Premium member yet? Register now for a free account!

    Forgot Password

    Alternatively,

    The post PKI is the linchpin that secures the IoT ecosystem appeared first on FutureIoT.

    ]]>
    Committee says HK smart lampposts should be camera-free https://futureiot.tech/committee-says-hk-smart-lampposts-should-be-camera-free/ Fri, 13 Dec 2019 01:30:50 +0000 https://futureiot.tech/?p=6189 The committee is proposing other technology solutions to replace cameras over privacy concerns.

    The post Committee says HK smart lampposts should be camera-free appeared first on FutureIoT.

    ]]>
    Hong Kong will be looking for  other technology solutions to replace cameras on smart lampposts, citing privacy concerns aired by the public. The consensus was reached this week during the fifth meeting of The Multi-functional Smart Lampposts Technical Advisory Ad Hoc Committee.

    Government Chief Information Officer Victor Lam, who is also the convenor of the committee, said, they have been doing a detailed review of the functions and technologies deployed in the smart lampposts in the past few months.

    “We have  unanimously agreed that replacement technology solutions for cameras, such as LIDAR and thermal detectors, should be adopted to enlist wider community support for smart lampposts as well as smart city development,” Lam said.

    Members of the committee received briefings from officers of the Environmental Protection Department, the Lands Department and the Transport Department on replacement technology solutions to individual applications on smart lampposts, together with their related privacy protection measures.

    The Hong Kong Government started installing the smart lampposts across the city this year, totally about 50 by the end of June. However, many of these newly-installed lampposts have sustained heavy damages, after being targeted for fear of surveillance amidst the protests that rocked Hong Kong for six months now.

    Nevertheless, the committee agreed that the government should continue with the smart lamppost project after taking out the cameras, particularly given the rollout of 5G mobile service in the near future.

    "To avoid lagging behind, Hong Kong must catch up at full steam in smart city development. We will also continue to open up city data collected by smart lampposts to drive smart city development," Lam said.

    The original design of smart lampposts included panoramic cameras which aim to collect real-time traffic data and traffic snapshot images, and surveillance cameras which aim to monitor traffic conditions and tackle illegal dumping of construction waste.

    The committee proposed that each and every new smart device to be installed on smart lampposts in future should go through a third-party review and assessment to ensure compliance with international privacy and security standards (ISO 27000 series).

    It also advised the government should enhance public education and promotion on smart lampposts. It added that the government will only commence installation of new devices after consulting relevant stakeholders, including the Legislative Council and concerned District Councils.

    The Multi-functional Smart Lampposts pilot scheme is a three-year programme in which some 400 smart lampposts will be installed in phases in four districts with higher pedestrian and traffic flow, namely Central/Admiralty, Causeway Bay/Wan Chai, Tsim Sha Tsui and Kwun Tong/Kai Tak Development Area, with a view to promoting smart city development in Hong Kong and supporting 5G mobile network implementation.

    The post Committee says HK smart lampposts should be camera-free appeared first on FutureIoT.

    ]]>
    Pet-sitting robot gets a thumbs up in Seoul https://futureiot.tech/pet-sitting-robot-gets-a-thumbs-up-in-seoul/ Tue, 10 Dec 2019 02:00:38 +0000 https://futureiot.tech/?p=6175 Beyond taking care of pets, the robot also serves as a security device – alerting pet owners of unusual situations at home, such as a burglary and fire.

    The post Pet-sitting robot gets a thumbs up in Seoul appeared first on FutureIoT.

    ]]>
    Seoul-based Guru IoT has launched a pet-sitter robot that takes care of companion pets. Called PEDDY, the robot is gaining popularity among Petfams, a colloquial term used to refer to people who regard pets as family members.

    Powered by a smartphone installed within, PEDDY enables  pet owners to take care of their pets anywhere by communicating with them in real time through an application.

    “As one-person households are rapidly increasing, caring for companion pets who are often left alone at home during the day has become an issue,” said a Guru IoT spokesperson. “In order to live happily with companion pets for a long time, it is important to manage both their health and emotional aspect, such as loneliness. PEDDY is a pet-caring robot designed to help companion pets spend time alone in safety and comfort.”

    PEDDY’s features include interactive video communication, which lets an owner to identify faces and voices of pets. The robot can also be programmed to conduct automatic feeding to pets at scheduled times and in exact pre-set volume. Also, the robot has a variety of entertainment functions that can mitigate loneliness of pets.

    Beyond taking care of pets, the robot also serves as a security device. It can sense abnormal situations at home, such as a burglary or fire. Equipped with sensors that can measure temperature, humidity, and noise, the robot also features functions, such as sensing a rapid change in temperature or the sound of continued barking or howling by pets – these changes can trigger the robot to send an alert to pet owners who are not at home. When any abnormal situation occurs, PEDDY can take pictures of surrounding conditions by turning 360 degrees and send them to the user.

     

    The post Pet-sitting robot gets a thumbs up in Seoul appeared first on FutureIoT.

    ]]>
    Five essential requirements for IoT2.0 success https://futureiot.tech/five-essential-requirements-for-iot2-0-success/ Mon, 09 Dec 2019 04:00:48 +0000 https://futureiot.tech/?p=6170 Enterprises face many challenges, including integration of the IoT infrastructure with existing systems, understanding unfamiliar data formats, and communication protocols as well as implementing new technologies across the IoT continuum.

    The post Five essential requirements for IoT2.0 success appeared first on FutureIoT.

    ]]>
    Smart devices, powered by the hyper-connected Internet of Things (IoT), are becoming ever more prevalent and pervasive in our lives, and the trend will only continue. Every industry is seeking ways to use device-enabled insights to improve the lives of their customers, and the health of machines. With a growing number of devices, the opportunities to use IoT to reshape industries and societies are also increasing.

    Yet many organisations are facing challenges in their IoT journey. A Cisco survey reveals that only 26% of the surveyed companies consider their IoT initiatives a success, with a majority saying they were more complicated or took longer than expected. Sixty percent of the top IT executives polled by Cognizant’s Centre for the Future of Work said IoT will add tremendous complexity to their IT infrastructure in areas such as networking, integration and data analysis.

    In reaping the benefits of IoT, enterprises face many challenges, including integration of the IoT infrastructure with existing systems, understanding unfamiliar data formats, and communication protocols as well as implementing new technologies across the IoT continuum. Navigating these challenges requires careful planning, domain knowledge, and rigorous implementation. In order to make the IoT initiatives a success, there are five essential requirements for processes and practices that organisations should consider:

    1. Edge computing/analytics

    Edge computing, a technology that is expected to grow at a high 40% rate in Asia Pacific by 2023, captures and analyses data on distributed devices positioned at the edge of a network. It involves both local sensors that gather data and edge gateways that process it. Edge computing enables data analysis close to where it is captured, resulting in faster response to changing conditions. In fact, an edge-processing system can respond in a few milliseconds, compared with a cloud system, which could take more than 100 milliseconds.

    Before considering edge computing, organisations should, firstly, fully assess lifetime device costs at the planning stage, factoring in the operational overhead expenses, such as monitoring, upgrades, and power requirement. Secondly, they need to create policies to secure devices with appropriate firewalls and hardened operating systems, and encrypt data at rest and in transit. Lastly, organisations should assess which analyses are most time-critical for their business and perform them at the edge to allow immediate action.

    1. Data ingestion and stream processing

    Six out of 10 IT executives say collecting, storing, integrating  and analysing real-time data from endpoint devices is a key  barrier to a successful IoT implementation. Organisations should put processes in place to gather data from multiple devices and sensors, and transform it for use by cloud-based analytic platforms. Data ingestion refers to device telemetry data being imported and converted into a format usable by cloud-based IoT services. It helps to normalise the data into a common data model that is easier to analyse by business applications and users. Data ingestion also comes handy when organisations have to ensure that ingested data is stored in compliance with government or industry regulations, such as European Union’s General Data Protection Regulation or Personal Data Protection Act in Singapore.

    1. Security and device management

    With rapid proliferation of IoT sensors, and growing complexity and volume of data exchanges, it is imperative for organisations to strengthen their adoption and enforcement of highly evolved security practices and procedures. The scale of investments, talent as well as thought leadership around security would need to dramatically increase as IoT implementations grow in scale and start becoming the backbone of day-to-day operations in organisations.

    Businesses need to ensure their IoT devices are provisioned securely, communicate efficiently, and can be updated with accelerated and agile approaches. Device management covers the hardware, software, and the processes that ensure devices are properly registered, managed, secured, and upgraded.

    Required functions include device configuration, security, command dispatching, operational control, remote monitoring, and troubleshooting. The organisation will need to account for these functions, even if the cloud provider doesn’t offer the required device management components. Comprehensive device management enables connected devices to easily and securely communicate with other devices and cloud platforms, while helping the enterprise reliably scale to billions of connected devices and trillions of messages.

    1. Cold path and advanced analytics

    Currently, large-scale processing can include loads greater than 100,000 events per second. With the adoption of cold path processing, large amounts of data are analysed by advanced algorithms after the data is stored on the cloud platform.

    Such analysis can uncover trends or corrective actions needed to improve the business or customer experience. Unlike streaming analytics (hot path) that apply relatively simple rules to data in real time for short-term actions (detecting fraud, security breaches, or critical component failures), cold path processing involves more sophisticated big data analytics, such as machine learning and AI, being applied to provide deeper insights.

    To drive the most insights from data, organisations should consider using a complex event processing framework that combines data from multiple sources, such as enterprise applications and IoT devices, to dynamically define and process analytical rules by inferring meaning from complex situations. It is also important to aggregate data before than during analysis to improve processing speed. Usage of data lakes, which store data in their native format, can also help consolidate data and allow easier access. Organisations should also consider creating dedicated data services to make it easier for users to access data on demand.

    1. Enterprise integration with business systems

    IoT insights need to be delivered to enterprise systems and receive reference metadata in order to interpret device data. Integration with business applications and enterprise systems enables the sharing of raw and processed data, as well as analysis-driven insights.

    With deep enterprise integration, the IoT architecture can deliver benefits such as improved efficiencies, reduced costs, increased sales, heightened customer satisfaction, and the ability to create and lead new markets. To share data and insights, businesses need mechanisms such as application programming interface (API) gateways, service buses and custom connectors.

    Every IoT implementation will be distinct, depending on each business’s requirements, expected outcomes, levels of IoT and data skills, and technology infrastructure maturity. In all cases, however, these five requirements are essential to ensuring a successful IoT implementation, with minimal cost and delay. Each enterprise must conduct a rigorous needs assessment, and carefully plan its roadmap to deliver a flexible, secure, and scalable IoT solution. To help guide the implementation, organisations should also consider using pre-built solutions, reference architectures, and blueprints from experienced technology service providers.

    The post Five essential requirements for IoT2.0 success appeared first on FutureIoT.

    ]]>
    Navigating IoT will become a minefield for everyone in 2020 https://futureiot.tech/navigating-iot-will-become-a-minefield-for-everyone-in-2020/ Mon, 09 Dec 2019 03:00:11 +0000 https://futureiot.tech/?p=6165 Asia Pacific is projected to be the global IoT-spending leader in 2019, accounting for approximately 36.9% of worldwide spending.

    The post Navigating IoT will become a minefield for everyone in 2020 appeared first on FutureIoT.

    ]]>
    Asia Pacific is projected to be the global IoT-spending leader in 2019, accounting for approximately 36.9% of worldwide spending.

    Accessing FutureIoT Premium Content

    Welcome! To access Premium content and more, please login below.

    Not a Premium member yet? Register now for a free account!

    Forgot Password

    Alternatively,

    The post Navigating IoT will become a minefield for everyone in 2020 appeared first on FutureIoT.

    ]]>
    Sigfox and Amadeus develop asset-tracking solution https://futureiot.tech/sigfox-and-amadeus-develop-asset-tracking-solution/ Thu, 28 Nov 2019 02:30:28 +0000 https://futureiot.tech/?p=6119 Through reusable tags placed on luggage, proximity sensors installed across airports and Sigfox global coverage, airlines will be able to monitor luggage, accurately tracking its location and detecting anomalies.

    The post Sigfox and Amadeus develop asset-tracking solution appeared first on FutureIoT.

    ]]>
    IoT service provider Sigfox and travel platform provider Amadeus have entered into a strategic partnership that aims to help efficient asset-tracking at airports and airline facilities.

    After a year-long collaboration investigating business opportunities within the travel industry, both companies came out with the jointly developed PinPoint, an asset-tracking solution, which will be made available next year.

    The announcement was made at Sigfox Connect 2019 in Singapore last week.

    “Sigfox technology is unique in its ability to track objects seamlessly across the globe, and at such a low cost. Combining Amadeus expertise and partners’ network in travel with Sigfox technology, we can enable luggage tracking at a price which is within what consumers are ready to pay for, and thus bring peace of mind to billions of travellers.” Marion Mesnage, head of research for innovation and ecosystems at Amadeus.

    The solution will be initially targeted for airports and airlines with trackers optimally designed - connected and communicating through the Sigfox 0G global network and managed through the PinPoint platform.

    It leverages Sigfox IoT expertise and unique 0G network while harnessing Amadeus trusted relationships within the travel industry to reduce costs for airlines and airports, deliver higher operational efficiency, generate ancillary revenues, and increase customer satisfaction.

    Reducing the cost of asset tracking

    Every year, airports and airlines handle billions of pieces of luggage and high-value assets which are often lost, damaged or delayed leading to high financial losses for the whole value chain, a lack of operational efficiency, and increasing dissatisfaction for travellers.

    Meanwhile, existing tracking technologies require expensive infrastructure updates, such as gates and readers and provide limited interoperability and geolocation capabilities. In parallel, regulation is increasingly demanding, especially the new IATA Resolution 753 on luggage tracking which imposes stricter tracking and increased visibility requirements to reduce luggage loss rates.

    With this in mind, PinPoint aims to provide a new journey for travel industry assets through reusable, cost and energy-efficient, and globally connected trackers that offer airports and airlines access to real-time information about the location of luggage and high value assets, such as spare-parts, landing gear, Unit Load Devices (ULD) and much more.

    Deploying reusable tags

    Through reusable tags placed on luggage, proximity sensors installed across airports and Sigfox global coverage, airlines will be able to monitor luggage, accurately tracking its location and detecting anomalies. For high-value assets such as ULDs, airlines will be able to use this technology to collect data, enabling ULDs to report any movement, so optimizing ULD management and significantly reducing the risk of loss.

    Sigfox Bubble technology, an innovative beaconing solution enabling proximity detection, will also be developed and deployed in collaboration with Sigfox new partner Alps Alpine, one of the world’s foremost manufacturers of electronics components. By managing the emission power, Sigfox Cloud adapts the range of the Bubble, from less than one meter to a few tens of meters, improving the accuracy of the device’s location. Thus, when entering a Bubble cell, Sigfox devices and associated assets share their identification to the cloud providing a highly accurate location for each asset.

    Eyeing a joint venture

    The alliance between Sigfox and Amadeus, which aims in time to become a joint venture, is the starting point of a new journey that could revolutionize the travel industry.

    Although airports and airlines are the main targets initially, in the future, both companies hope to reach out to new sectors like hospitality to offer end-to-end tracking solutions that will cover the full traveller journey.

    “We are delighted to strengthen our partnership with Amadeus and share our combined expertise to create real digital transformation of the travel sector,” said Raouti Chehih, chief adoption officer at Sigfox. “Our strategic alliance named PinPoint will not only help to improve the travel experience, but this will also change completely the game for an industry looking for decades for THE technology able to save costs while improving efficiency and quality of services.”

     

    The post Sigfox and Amadeus develop asset-tracking solution appeared first on FutureIoT.

    ]]>
    Infineon ups the ante in smart card innovation https://futureiot.tech/infineon-ups-the-ante-in-smart-card-innovation/ Wed, 27 Nov 2019 05:30:44 +0000 https://futureiot.tech/?p=6116 Innovative ready-to-use delivery forms such as small SPA modules with integrated ISO- and EMV-compliant antenna enable designers to deliver payment solutions in new form factors while reducing production timelines to a few weeks.

    The post Infineon ups the ante in smart card innovation appeared first on FutureIoT.

    ]]>
    Infineon Technologies sets a new milestone in smart card innovation with 40nm generation of security chip solutions. The SLC3x has outstanding performance and scalability for a vast array of smart card applications and beyond.

    Smart card manufacturers and payment solution providers will benefit from a family architecture based on the de-facto industry standard ARM, contactless excellence from Infineon as well as innovative logistic concepts.

    Smart card solutions for payment, identification and other applications are increasingly transitioning to contactless, multifunctional technologies. They often also incorporate new biometric features for user identification. However, making a more convenient user experience with these new features and capabilities involve multiple stakeholders, adding implementation complexity and security challenges to the designs. As market leader in security solutions, Infineon enables its customers to better address these challenges and to better respond to new market trends.

    Delivering payment solutions in new form factors

    Infineon's SLC3x series of security controllers support the full application spectrum, from low-cost contact-based pre-paid and loyalty cards through standard dual-interface payment and identity cards to biometric system-on-card solutions and wearable devices - all compliant with the latest EMVCo specifications.

    Transaction speed and robust packaging are key success factors for contactless applications such as identification and transport ticketing, delivered through form factors such as wearables like key fobs and rings or through cards with biometric user authentication.

    With the SLC3x product family, Infineon said it enables contactless payment transaction times below 200 milliseconds even in scenarios with low reader field strengths or in combination with small antenna designs. In addition, highly robust and easy-to-integrate contactless or dual-interface packages such as Coil on Module support fast transition from contact-based to dual-interface solutions, while the performance and reliability of the final product is further improved.

    Innovative ready-to-use delivery forms such as small SPA modules with integrated ISO- and EMV-compliant antenna enable designers to deliver payment solutions in new form factors while reducing production timelines to a few weeks. The new platform also offers innovative logistic concepts to further shorten time-to-market.

    SLC3x products are based on a high-performance, powerful and energy-efficient 32-bit ARM SecurCore SC300 dual-interface security cryptocontroller. This is enhanced by Infineon's digital security technology as well as third-generation SOLID FLASH technology. Infineon said that combining these technologies with full coverage of contactless protocols, makes this family unique in the market.

     

    The post Infineon ups the ante in smart card innovation appeared first on FutureIoT.

    ]]>
    Digitising the dark: Cyberattacks against power grids https://futureiot.tech/digitising-the-dark-cyberattacks-against-power-grids/ Thu, 14 Nov 2019 01:00:06 +0000 https://futureiot.tech/?p=6038 Catching suspicious activity on an energy grid requires a nuanced and evolving understanding of how the grid typically functions.

    The post Digitising the dark: Cyberattacks against power grids appeared first on FutureIoT.

    ]]>
    Catching suspicious activity on an energy grid requires a nuanced and evolving understanding of how the grid typically functions.

    Accessing FutureIoT Premium Content

    Welcome! To access Premium content and more, please login below.

    Not a Premium member yet? Register now for a free account!

    Forgot Password

    Alternatively,

    The post Digitising the dark: Cyberattacks against power grids appeared first on FutureIoT.

    ]]>
    ABI Research: 44 billion IoT devices present formidable security challenge https://futureiot.tech/abi-research-44-billion-iot-devices-present-formidable-security-challenge/ Tue, 12 Nov 2019 06:09:28 +0000 https://futureiot.tech/?p=6016 The sheer amounts of data generated from the 44 billion IoT devices by 2023 will make every zettabyte of data vulnerable to attack – making the security of IoT today even more compelling.

    The post ABI Research: 44 billion IoT devices present formidable security challenge appeared first on FutureIoT.

    ]]>
    If you don’t know it yet – this should serve as a warning: Internet of Things (IoT) devices are insecure (period!). The Urgent11 security flaws, in addition to data hacks from Alexa and Google HomeOrvibo SmartmateAmcrest IP camera, are just the tip of the iceberg (as they call it)..

    The sheer amounts of data generated from the 44 billion IoT devices by 2023 will make every zettabyte of data vulnerable to attack – making the security of IoT today even more compelling.

    Integrating security into IoT projects is not an easy feat but is an increasingly urgent necessity. With an installed base of 44 billion connected devices projected for 2023, the amount of data and information generated and shared will reach zettabytes of data, according to global tech market advisory firm, ABI Research.

    CHECKOUT: Insecure by design

    “Much of that data will be sensitive, whether about an individual’s privacy or confidential business information. As such, it presents a lucrative opportunity for threat actors, as data has become a highly commoditized asset in modern societies. Add to that the potential of harnessing unprotected IoT devices for botnets, denial-of-service attacks, or even holding them hostage to ransomware, the imperative for security cannot be ignored,” emphasized Michela Menting, digital security research director at ABI Research.

    Several platforms and tools have emerged in the market recently, which can facilitate security implementation, even in the most basic IoT devices. Chipmakers like STMicroelectronics, NXP, Renesas, Microchip, Cypress, Nuvoton, MediaTek, RedPine, and Maxim Integrated, are offering secure microcontrollers that can service general-purpose IoT applications from smart home appliances to industrial control systems.

    These can enable a host of secure functionalities, including security co-processors and cryptographic accelerators, secure storage for keys and certificates, secure execution environments, and root of trust functionalities.

    “But beyond that, these secure microcontrollers come pre-packaged with supporting software development tools that can enable developers to leverage these hardware features and deploy secure services, such as key provisioning and onboarding to a cloud platform, as well as lifecycle management (e.g., secure over-the-air software updates),” Menting added.

    In a bid to facilitate secure IoT deployments, semiconductor vendors offer a wide breadth of software development platforms, from their own proprietary solutions but also focusing on interoperability and compatibility with third-party software and connectivity tools.

    The aim is to facilitate the use of secure hardware by providing secure software development and service connectivity tools that can easily allow developers to onboard and securely manage their devices.

    “Developing and managing secure IoT deployments is no longer the remit of security professionals but is a capability that is quickly becoming available to developers of all levels.  Enterprises looking to deploy IoT can now more easily engage in securing them, in a more cost-effective manner that can enable faster time-to-market. End-to-end IoT security is within reach for enterprises large and small,” concluded Menting.

    The post ABI Research: 44 billion IoT devices present formidable security challenge appeared first on FutureIoT.

    ]]>
    Schneider Electric deploys Ayla IoT platform https://futureiot.tech/schneider-electric-deploys-ayla-iot-platform/ Fri, 01 Nov 2019 03:00:26 +0000 https://futureiot.tech/?p=5907 Schneider Electric chose the Ayla platform for its strength in the consumer IoT market.

    The post Schneider Electric deploys Ayla IoT platform appeared first on FutureIoT.

    ]]>
    Schneider Electric has chosen the Ayla IoT platform to connect APC Smart Surge to the Internet of Things (IoT).

    “By using the Ayla IoT platform, Schneider Electric is demonstrating commitment to customer IoT security, energy management transformation and the entire connected-product experience,” said Jonathan Cobb, CEO of Ayla Networks. “Schneider Electric is one of the most recognised brands in the world and we are proud to be selected to help develop the cloud solution for APC Smart Surge.”

    Ayla Networks provides IoT platform-as-a-service (PaaS) for smart home device manufacturers and service providers.

    Critical to consumer tech success

    According to a senior Schneider Electric executive, Ayla Networks offered support for the smart home capabilities APC by Schneider Electric needed, such as voice control, scheduling, independent outlet and USB port control.

    Ayla Networks also made sure advanced features are managed through the APC Home mobile app and coupled with a control platform to support APC Smart Surge consumers.

    In addition to time-to-market and control platform features enabling customer support, Schneider Electric chose the Ayla platform for its strength in the consumer IoT market. The Ayla platform offers flexibility to support the full breadth of current and future products; and the ability to provide customers with the convenience of a mobile app and Amazon Alexa voice assistant to manage their connected products.

    Benefits to Schneider Electric and their customers

    The Ayla IoT platform provides comprehensive device, cloud and mobile app connectivity for any kind of product. Its end-to-end integrated technology includes the latest standards and protocols to enable Schneider Electric to connect their smart products to the cloud along with the software applications that are used to control them.

    By using the Ayla platform, Schneider Electric can achieve the following benefits:

    • Easier and more cost-effective development of connected products. Using built-in platform capabilities such as integration with Amazon Alexa to add voice control to any of its connected products, Schneider Electric can simplify and accelerate product launches.
    • More efficient management of its connected products. Ayla Networks provides a single IoT command and control platform for connected products. Its enterprise-grade IoT device management and provisioning capabilities means that Schneider Electric can provision and manage APC Smart Surge Protectors at scale.
    • Automatic futureproofing for connected products. Because Ayla Networks keeps its IoT platform up to date as IoT standards and technologies evolve, consumers can be confident that their Schneider Electric connected products will remain current and secure.
    • Enhanced customer experience. Schneider Electric can use the Ayla platform to create a single mobile app to interact with multiple products, thereby giving consumers the benefit of a superior and convenient experience.

     

    The post Schneider Electric deploys Ayla IoT platform appeared first on FutureIoT.

    ]]>
    Canon delivers cloud-based video analytics service in SG https://futureiot.tech/canon-delivers-cloud-based-video-analytics-service-in-sg/ Mon, 14 Oct 2019 02:00:16 +0000 https://futureiot.tech/?p=5777 Agent Vi's AI-powered video analytics SaaS provides enhanced surveillance and security to Singapore customers.

    The post Canon delivers cloud-based video analytics service in SG appeared first on FutureIoT.

    ]]>
    Canon Singapore announced last Friday a partnership with video analytics solutions provider Agent Video Intelligence (Agent VI) to launch the first AI-powered cloud-based video analytics service in the Lion City.

    Canon’s enterprise customers in Singapore are the first and only in Asia to experience innoVi, Agent Vi’s cutting-edge AI-powered video analytics Software as a Service (SaaS) on their existing surveillance cameras. The service is offered on a monthly subscription basis, saving customers from investing in any upfront capital costs or having to purchase dedicated equipment.

    ​​​​​​​“We are always looking for ways to help our customers improve and streamline their processes, and are delighted that this partnership with Agent Vi enables us to be the first to introduce cloud-based video analytics to Singapore,” said Edwin Teoh, head of marketing for Singapore operations at Canon Singapore.

    The partnership with Agent Vi will enhance Canon’s suite of network visual solutions, offering businesses seamless connectivity with maximum productivity and reduced costs.

    “Singapore’s Smart Nation initiative encourages businesses to harness the power of AI, data analytics and cloud computing as transformative business tools, and this offering cements our commitment to helping companies as they move forward in these areas,” Teoh said.

    Bolstering security with video analytics

    innoVi is a centrally-managed video analytics solution powered by cutting-edge deep Learning technology that enables unparalleled detection accuracy. Its algorithms actively and continuously learn how to categorise objects with precision, allowing innoVi to distinguish between people, vehicles and static objects.

    innoVi is able to transform any ONVIF / RTSP fixed IP camera into an intelligent video device, uncovering otherwise hidden incidents, insights and information.

    ​​​​​​​Itsik Kattan, CEO of Agent Vi, said: "The strategic partnership with Canon Singapore will allow Canon's customers to effortlessly benefit from a centrally hosted video analytics SaaS solution, to enhance their security, safety and operational needs, with no upfront capital costs."

    ​​​​​​​Being fully automated, the solution minimises the need for 24-hour monitoring and eliminates the chance of human error. The product is designed to meet the needs of companies requiring video analytics with a simple and easy-to-maintain setup such as hotels, condominium security and healthcare facilities. Subscription to the service starts at only S$137 per month with no upfront costs.

    "We are proud to harness our innovative solutions to Canon's forward-thinking strategy and jointly bring to market a unique solution that will serve thousands of new customers in Singapore and expand from there to additional regions served by Canon," ​​​Kattan said.

    The post Canon delivers cloud-based video analytics service in SG appeared first on FutureIoT.

    ]]>
    Singapore and UK signed IoT security pact https://futureiot.tech/singapore-and-uk-signed-iot-security-pact/ Fri, 11 Oct 2019 07:00:40 +0000 https://futureiot.tech/?p=5762 Both countries recommend that manufacturers of consumer IoT devices to implement industry best practices.

    The post Singapore and UK signed IoT security pact appeared first on FutureIoT.

    ]]>
    As part of the Singapore-UK Strategic Partnership, the two countries last week agreed to work together in improving the security of internet-connected devices.

    The agreement was signed by David Koh, CEO of Singapore's Cyber Security Agency, and Ciaran Martin, Head of the UK's National Cyber Security Centre during the Singapore International Cyber Week.

    In a joint statement, both national agencies expressed their commitment to take a leading role in driving improvements in the security of smart consumer products.

    “We want to ensure that internet-connected devices have security built in by design and the public and industry are protected against related security threats, such as cyberattacks, theft of personal data and risks to physical safety,” said the statement.

    Both nations will adopt a multilateral approach by working with partners, both internationally and regionally, including industry and consumer groups, to promote the implementation of good practice as set out in the relevant industry global standards.

    “Implementing clear good practice principles from industry across all their consumer IoT devices will result in citizens and the wider economy being made safer and more secure while using their products,” the statement said.

    Both countries recommend that manufacturers of consumer IoT devices to implement industry best practices such as:

    • Discontinuing the most blatant security shortcomings, such as the use of universal default passwords.
    • Normalising vulnerability disclosure processes across the IoT industry, so that researchers can report security vulnerabilities and manufacturers can respond accordingly.
    • Encouraging the development and deployment of software security updates so that consumers and the wider technical ecosystem are protected throughout the entire life-time of IoT products. Manufacturers should define a support period for the fixing of vulnerabilities.

    “We support the development of IoT assurance schemes and other efforts designed to give consumers confidence in the security of their products. The UK and Singapore have a shared interest in enhancing our bilateral cooperation in this area, as we develop our national approaches,” the statement said.

     

    The post Singapore and UK signed IoT security pact appeared first on FutureIoT.

    ]]>
    Report: Use of smart home assistants growing in Asia https://futureiot.tech/report-use-of-smart-home-assistants-growing-in-asia/ Mon, 30 Sep 2019 06:00:50 +0000 https://futureiot.tech/?p=5612 According to the State of Digital Lifestyles report by Limelight Networks, the use of smart home digital assistants is growing among online consumers in India, Japan, Singapore and South Korea.

    The post Report: Use of smart home assistants growing in Asia appeared first on FutureIoT.

    ]]>
    Online users in India, Japan, Singapore and South Korea are steadily growing reliant on smart home assistant such as Amazon Echo and Google Home to make it easier to access information and entertainment as well as automate many tasks, such as regulating the thermostat, lighting, refrigerators, and maintaining their calendars.

    Jaheer Abbas, senior director, Southeast Asia and India at Limelight Networks

    “Such devices are particularly popular in India, due to significant advancements in data connectivity, a young population that is hungry for new digital experiences and a fast-growing economy that have enabled people to quickly assimilate digital assistants into their everyday lives,” said said Jaheer Abbas, senior director, Southeast Asia and India at Limelight Networks.

    In an exclusive interview with FutureIoT, Abbas said ownership of digital assistants is highest in India at 40%, followed by South Korea (28.4%) and Singapore (23.8%). However, fewer than 15% of Japanese consumers own a digital assistant, with two-thirds having no plans to purchase one.

    Abbas was citing the results of the latest State of Digital Lifestyles report by Limelight Networks, which polled online behaviour of internet users. The results were based on responses of 4,500 consumers aged 18 and above in nine countries, including India, Japan, Singapore and South Korea.

    According to the report, mobile is the platform of choice of today’s online users with smartphone as the primary device being used for accessing information and entertainment.

    Dependence on mobile phones is highest in India, with 68% unwilling to give them up for a day or more. On the other hand, Japanese consumers spend the least amount of time using digital devices and do not consider them to be essential daily tools.

    “What this means is that mobile is a prime platform for businesses to engage with consumers – but it is also an increasingly competitive space since brands are all trying to capture consumers’ attention with their content and services,” Abbas said. “It is therefore important for businesses to prioritise optimising their content for mobile delivery by ensuring that the most effective and adaptable formats are delivered to the consumer.”

    Double edged sword

    The growing adoption of smart home digital assistants, however comes with the increasing concern about cybersecurity, particularly the protection of personal data.

    More than 83% of consumers in the four Asian markets included in the report said that they have a niggling worry about using the devices. Of this number, over a third (38.8%) were concerned about the privacy of data collected by the devices and 46.7% were worried about hacking into the devices.

    “With the consciousness heightened toward cybersecurity and mitigating the potential drawbacks of digital adoption, this will mean a demand on the businesses they engage with to be sufficiently prepared and to do enough to thwart threats,” Abbas said.

    And on the subject of security, the report revealed that internet-enabled security devices such as security cameras and doorbells are an increasingly popular way to keep homes safe.  Nearly 22% of online consumers in the four markets currently own one, while about 20% plan to purchase such a device in the next six months.

    Abbas noted that ownership is highest in Singapore where more than one-quarter (26.4%) currently use an internet-connected security device.

    “With advances in the Internet of Things (IoT) and in line with Singapore’s ambition to be a Smart Nation, internet-connected smart home security systems are on the rise, helping Singaporeans monitor their home from their smart phone,” he said.

    “On the other hand, Japanese consumers are the least likely to use one, with more than two-thirds saying they have no plans to purchase one,” he added.

    State of digital lifestyle in Asia

    Across the four Asian markets, the online consumers, who were polled, said technology overwhelmingly positive impact on the lives of consumers - with nearly 80% saying that technology has slightly or significantly improved their lives.

    “The report also showed that consumers are choosing online digital content more than ever before, with online streaming being the most popular way to enjoy digital music, movies, and TV shows,” Abbas said.

    Music is the most popular type of online digital content in every country except Singapore, where movies and TV shows are accessed most often. Indians have a higher overall level of engagement with digital content than consumers in any other country, with more than half accessing digital music daily. In South Korea, online newspapers and magazines are most popular, where almost three-quarters (74%) prefer to read them online rather than download or purchase a physical copy. Downloading newspapers and magazines is also popular in India at 21.1%, while physical copies are preferred by a majority of Japanese readers (58.8%).

    “Despite the popularity of digital media in our daily lives, there is room for improvement in the quality of experience currently available,” Abbas said.

    He said: “More than 89% of consumers in four markets remain frustrated with the challenges faced when experiencing digital content. The highest level of frustration is in Singapore where 93% face challenges with digital content, in particular when their experience is disrupted by errors. Indian consumers (43.8%) are most annoyed by rebuffering, followed closely by Japanese (28.6%) and South Korean (28%) consumers.”

    Rethinking content delivery

    Meanwhile, Abbas said content and internet service providers will need rethink their content delivery strategies to deliver against consumers’ increasing expectations for high-quality digital experiences and security concerns.

    Despite the popularity of digital media in our daily lives, more than 86% of consumers find digital content frustrating, especially in instances where digital content stops playing or rebuffers, takes too long to download, or the experience is disrupted by errors,” he observed.
    “Furthermore, mobile phones are increasingly being used to stream videos and listen to music, but they are often subjected to changes in bandwidth and network latencies that can interrupt content playback,” he added.

    Abbas pointed out content providers can leverage a content delivery network (CDN) that has been optimised to deliver high-quality audio and video streaming across all devices. They should also ensure low latencies, so that viewers are not frustrated by poor quality and repeated rebuffering that might cause them to abandon content.

    “Global consumers are optimistic about the impending rollout of 5G networks, with their promise of offering faster speeds that can potentially change how people and Internet of Things (IoT) enabled devices communicate. Nearly 3 out of 4 of global consumers (72.1%) expect that 5G network will bring faster download speeds.”

    However, online security is an area that must be addressed as a breach will have a major impact on consumer loyalty.

    “Content providers will need to be kept abreast of the latest developments in cybersecurity and update their security measures diligently,” Abbas said. “To protect web infrastructure and help secure customer data, a web application firewall should be utilised to protect web servers from malicious attacks,” he said.

    He added: “This helps increase site performance by reducing the amount of traffic that needs to be inspected. In addition, Bot traffic mitigation should also be employed to guard against the increasing number of malicious bots being used to try to exploit potential security vulnerabilities and exfiltrate sensitive data.”

    The post Report: Use of smart home assistants growing in Asia appeared first on FutureIoT.

    ]]>
    DENSO, BlackBerry roll out integrated automotive HMI system https://futureiot.tech/denso-blackberry-roll-out-integrated-automotive-hmi-system/ Thu, 19 Sep 2019 04:30:08 +0000 https://futureiot.tech/?p=5541 SUBARU is first in the world to ship vehicles with DENSO ‘Harmony Core’ digital cockpit technology powered by BlackBerry QNX.

    The post DENSO, BlackBerry roll out integrated automotive HMI system appeared first on FutureIoT.

    ]]>
    Today, vehicles are equipped with multiple HMI (Huan Machine Interface) systems, which require several device-specific operating systems to work in unison. Because the operating systems are independently controlled by multiple microcontrollers, it has not been possible to unite and coordinate them to display content and sound in a uniform way.

    That is until now. DENSO Corporation and BlackBerry has announced that it has shipped the first integrated HMI digital cockpit system in new 2020 SUBARU Legacy and Outback vehicles that will come out this Autumn in the United States.

    Called the DENSO Harmony Call and developed by BlackBerry and DENSO in collaboration with SUBARU, the new digital cockpit solution uses BlackBerry QNX Hypervisor (virtualisation) technology to enable integrated control of in-vehicle HMI systems. First revealed at CES in 2018, this blend of advanced software and human interaction creates a seamless automotive user experience as data-driven connected vehicles become our reality.

    The BlackBerry QNX Hypervisor technology enables the independence of several operating systems with different characteristics and controls the integration with one microcomputer.

    Creating value

    "With the rapid development of technology for self-driving and electric vehicles, the value of cars is about to change significantly,” said Atsushi Hayashida, director and head of the Cockpit Systems Business Unit at DENSO. “By collaborating with other companies and research institutes, refining the technology and accelerating product and service delivery to help manufacturers deliver next generation vehicles, DENSO is creating new value for the global smart mobility society."

    Valued at US$48.3 billion, DENSO develops advanced technology and components for nearly every vehicle make and model on the road today. It produces thermal, powertrain, mobility, electrification, and electronic systems in 221 facilities across 35 countries.

    Software is king

    "Software is the driving force in next-generation automotive design," John Wall, SVP and general manager of BlackBerry QNX said. "As cars become more data-driven and automated, they demand functional, secure and trusted in-vehicle software. A leader in automotive technology.”

    He added that BlackBerry is excited to bring one of the world's first integrated digital cockpit platforms to market with DENSO in SUBARU's latest vehicles and “helping manufacturers to take advantage of a significant industry trend - the exploding demand for a safe, seamless, digital in-car experience."

    Paving the way for future cars

    SUBARU is the first vehicle manufacturer in the world to commercially deploy the jointly developed digital cockpit platform, featuring BlackBerry QNX Hypervisor.

    "SUBARU is synonymous with innovation, quality and building trusted vehicles that customers can rely on," said Tatsuya Okuno, vice president and chief general manager of Engineering DIV.1 at SUBARU. "We are excited to introduce the integrated HMI cockpit systems in the all-new 2020 SUBARU Legacy and Outback (U.S. model). This is a world-first in new automotive digital experience seamlessly combines the cluster, head unit, infotainment system, and entertainment screens with the class-leading safety SUBARU is known for. We are excited to roll-out the Harmony Core HMI technology in future car models."

    Meanwhile from September 2019, automobile manufacturers around the world will sequentially launch new car models with the integrated HMI.

    The post DENSO, BlackBerry roll out integrated automotive HMI system appeared first on FutureIoT.

    ]]>
    Trend Micro: IoT is a hot topic in cybercriminal underground https://futureiot.tech/trend-micro-iot-is-a-hot-topic-in-cybercriminal-underground/ Tue, 17 Sep 2019 07:00:20 +0000 https://futureiot.tech/?p=5513 Global underground analysis reveals monetisation of IoT attacks is increasing.

    The post Trend Micro: IoT is a hot topic in cybercriminal underground appeared first on FutureIoT.

    ]]>
    Cybercriminals from around the world are actively discussing how to compromise connected devices, and how to leverage these devices for moneymaking schemes, according to Trend Micro.
    In its latest report entitled “The Internet of Things in the Criminal Underground”, the company showed details of the fast-growing market for IoT attacks.

    Trend Micro Research analysed forums in the Russian, Portuguese, English, Arabic, and Spanish language-based underground markets to determine how cybercriminals are abusing and monetising connected devices.

    The results revealed that the most advanced criminal markets are Russian- and Portuguese-speaking forums, in which financially driven attacks are most prominent. In these forums, cybercriminal activity was focused on selling access to compromised devices -- mainly routers, webcams and printers -- so they can be leveraged for attacks.

    "We've lifted the lid on the IoT threat landscape to find that cybercriminals are well on their way to creating a thriving marketplace for certain IoT-based attacks and services," said Steve Quane, executive vice president of network defense and hybrid cloud security for Trend Micro.

    According to Trend Micro's findings, most conversations and active monetisation schemes were focused on consumer devices. However, discussions on how to discover and compromise connected industrial machinery were also occurring, especially the vital programmable logic controllers (PLCs) used to control large-scale manufacturing equipment. The most likely business plan to monetise attacks against these industrial devices involves digital extortion attacks that threaten production downtime.

    "Criminals follow the money -- always. The IoT market will continue to grow, especially with landscape changes like 5G. While IoT attacks are still in their infancy, we also found criminals discussing how to leverage industrial equipment for the same gain. Enterprises must be ready to protect their Industry 4.0 environments,” Quane said.

    Additionally, the report predicts an increase in IoT attack toolkits targeting a broader range of consumer devices, such as virtual reality devices. The opportunities for attackers will also multiply as more devices are connected to the internet, driven by 5G implementations.

    Quane urged manufacturers to partner with IoT security experts to mitigate cyber-related risks from the design phase. End users and integrators should also gain visibility and control over connected devices to be aware of and curb their cyber risk.

     

    The post Trend Micro: IoT is a hot topic in cybercriminal underground appeared first on FutureIoT.

    ]]>
    Smart buildings: Going beyond adaptation https://futureiot.tech/smart-buildings-going-beyond-adaptation/ Tue, 17 Sep 2019 04:00:17 +0000 https://futureiot.tech/?p=5507 Asian cities such as Singapore must include smart features into the fabric of a building from the start of construction.

    The post Smart buildings: Going beyond adaptation appeared first on FutureIoT.

    ]]>
    Asian cities such as Singapore must include smart features into the fabric of a building from the start of construction.

    Accessing FutureIoT Premium Content

    Welcome! To access Premium content and more, please login below.

    Not a Premium member yet? Register now for a free account!

    Forgot Password

    Alternatively,

    The post Smart buildings: Going beyond adaptation appeared first on FutureIoT.

    ]]>
    ARAMCO incident shows reality of drone attacks https://futureiot.tech/aramco-incident-shows-reality-of-drone-attacks/ Mon, 16 Sep 2019 00:00:46 +0000 https://futureiot.tech/?p=5492 Black Sage, a counter-unmanned aircraft systems (C-UAS) maker, said drones pose as a persistent threat to critical infrastructure

    The post ARAMCO incident shows reality of drone attacks appeared first on FutureIoT.

    ]]>
    In light of the drone attack on ARAMCO’s oil facilities over the weekend in Saudi Arabia, Black Sage Technologies said national governments and organizations must be vigilant about potential attacks on critical infrastructure.

    On Saturday, 10 explosives drones hit two major oil sites in Saudi Arabia. Houthi rebels from Yemen claimed responsibility for the attack.

    Dave Romero, co-founder of Black Sage

    “This latest strike in Saudi Arabia is yet another example of this persistent threat to critical infrastructure and ultimately the security and safety of all,” said Dave Romero, co-founder of Black Sage.

    Black Sage specialises in the development, integration and deployment of counter-unmanned aircraft systems (C-UAS) solutions. With an ensemble of sensors, effectors and machine intelligence tools, Black Sage answers some of the most challenging counter-UAS mission requirements in critical infrastructure, internal security, and civil defense.

    Romero said the US and its allies need to immediately address threats of potential drone attacks, citing that the Taliban use drones as a weapon of war in Afghanistan.

    “The reality is there are on average seven sightings per day in the US near commercial and consumer aircraft in flight – we have been fortunate that no commercial aircraft have been impacted, yet,” he said. “Our industry insight and intel tell us that countries are developing drone swarms as a weapon and we need to guard against it. The technology and know-how are available. How many more attacks have to occur to take action and mitigate this threat?”

    As a C-UAS solution provider, Black Sage identifies, classifies, tracks and defeats UAS threats for military, government, law enforcement and civil applications.

    The company employs a hardware-agnostic approach, integrating best-of-breed sensors with its proprietary target classification, video target tracking and defense automation, providing adaptable, end-to-end C-UAS solutions to address a wide range of missions.

    Black Sage has proven experience securing critical power and government infrastructure. Some of its customers include U.S. Government Agencies, the Department of Defense, U.S. Aerospace & Defense prime contractors and allied military and government customers in Europe, Middle East, and Asia.

    The post ARAMCO incident shows reality of drone attacks appeared first on FutureIoT.

    ]]>
    Mining IoT data with AI https://futureiot.tech/mining-iot-data-with-ai/ Thu, 12 Sep 2019 00:32:38 +0000 https://futureiot.tech/?p=5466 Data on its own means nothing if action is not taken. The conversion of how AI plays a role - creating buckets of unstructured data into structured data, which can be used for decision making and is key to every company.

    The post Mining IoT data with AI appeared first on FutureIoT.

    ]]>
    Data on its own means nothing if action is not taken. The conversion of how AI plays a role - creating buckets of unstructured data into structured data, which can be used for decision making and is key to every company.

    Accessing FutureIoT Premium Content

    Welcome! To access Premium content and more, please login below.

    Not a Premium member yet? Register now for a free account!

    Forgot Password

    Alternatively,

    The post Mining IoT data with AI appeared first on FutureIoT.

    ]]>
    23% of Malaysian consumers use illicit streaming devices https://futureiot.tech/23-of-malaysian-consumers-use-illicit-streaming-devices/ Fri, 06 Sep 2019 01:00:42 +0000 https://futureiot.tech/?p=5403 50% of online consumers in the country have used piracy streaming websites to access premium content.

    The post 23% of Malaysian consumers use illicit streaming devices appeared first on FutureIoT.

    ]]>
    A new survey revealed that almost a quarter or 23% of Malaysian consumers are using a TV box to stream pirated television and video content.

    These TV boxes, also known as Illicit Streaming Devices (ISDs), allow users to access hundreds of pirated television channels and video-on-demand content, usually with a low annual subscription fee. TV boxes often come pre-loaded with illegal applications allowing ‘plug-and-play’ access to pirated content.

    Conducted by YouGov on behalf of the Asia Video Industry Association’s (AVIA) Coalition Against Privacy, the survey highlighted the detrimental effects of streaming piracy on legitimate subscription video services.

    Cancelled pay TV subscriptions

    Of the 23% of consumers who purchased a TV box for free streaming, nearly two thirds (64%) stated that they had cancelled all or some of their subscription to legal pay TV services. Specifically, 34% asserted that they cancelled their local pay television subscriptions as a direct consequence of owning an ISD. International subscription services, which includes pan-Asia-only offerings, were impacted as well – 20% of Malaysian users have abandoned subscriptions in favour of ISD purchases.

    Furthermore, the survey found that 50% of Malaysian online consumers have accessed streaming piracy websites or torrent sites to access premium content without paying any subscription fees.

    “The piracy ecosystem is highly fragmented and so what we are developing and refining is a holistic solution to include enhanced legislation to allow for effective enforcement; meaningful cooperation with e-platforms and other intermediaries, disabling access to pirated content through efficient and effective site blocking and consumer outreach,” said Neil Gane, general manager of AVIA’s Coalition Against Piracy.

    Video content piracy rampant among the youth

    Meanwhile, the survey pointed out a longer-term problem than the cancelled subscription. It found many of the people using ISDs are young, particularly popular among 18- to 24-year-olds, with 76% cancelling legitimate subscription services as a result of owning ISDs.

    The Malaysian government is currently mulling on how to address the issue of video content piracy caused by installing ISDs.

    In February, it was reported that the Malaysian Communications and Multi-Media Commission (MCMC) and the Ministry of Domestic Trade and Consumer Affairs (KPDNHEP) were conducting an in-depth study on a potential TV box ban. Currently, the sale of TV boxes requires SIRIM approvals and the sale of “unlicensed” TV boxes can result in a hefty fine.

    In June, four Malaysian businessmen were charged for possessing and selling unlicensed Android TV boxes and audio-video sender equipment and fined RM70,000 (USD$16,500).

    The post 23% of Malaysian consumers use illicit streaming devices appeared first on FutureIoT.

    ]]>
    Palo Alto Networks to buy IoT security firm Zingbox https://futureiot.tech/palo-alto-networks-to-buy-of-iot-security-firm-zingbox/ Thu, 05 Sep 2019 01:00:28 +0000 https://futureiot.tech/?p=5396 Palo Alto Networks yesterday said it has entered into a definitive agreement to acquire Zingbox, an IoT security company, for US$75 million to be paid in cash. The proposed acquisition is expected to close during Palo Alto Networks fiscal first quarter of 2020. The number of connected devices in enterprises is growing exponentially, yet most […]

    The post Palo Alto Networks to buy IoT security firm Zingbox appeared first on FutureIoT.

    ]]>
    Palo Alto Networks yesterday said it has entered into a definitive agreement to acquire Zingbox, an IoT security company, for US$75 million to be paid in cash. The proposed acquisition is expected to close during Palo Alto Networks fiscal first quarter of 2020.

    The number of connected devices in enterprises is growing exponentially, yet most of these devices are unmanaged and pose a security risk. Current IoT point products mostly focus on device profiling and inventory, not on detecting or stopping sophisticated attacks. Organisations are forced to integrate multiple IoT security products across different vendors, introducing complexity, higher cost, and manual effort.

    "The proliferation of IoT devices in enterprises has left customers facing an enormous gap in protection against cybersecurity attacks. With the proposed acquisition of Zingbox, we will provide a first-of-its-kind subscription for our Next-Generation Firewall and Cortex platforms that gives customers the ability to gain control, visibility, and security of their connected devices at scale." – Nikesh Arora, chairman and CEO of Palo Alto Networks

    Zingbox's cloud-based service and advanced AI and machine learning technology for device and threat identification capabilities will accelerate Palo Alto Networks delivery of IoT security through its Next-Generation Firewall and Cortex platforms.

    Organizations will gain the ability to quickly improve the visibility and security of their IoT landscape. Once combined, Palo Alto Networks will offer IoT security with best-in-class visibility and automated in-line prevention, all integrated with the Next-Generation Firewall and Cortex platforms.

    "Our vision has always been to ensure that organisations realise the full benefits of IoT devices without sacrificing security. By joining forces with Palo Alto Networks, we will be able to secure connected devices at scale to help organizations embrace digital transformation,” said Xu Zou, CEO of Zingbox.

    Once the acquisition is completed, Xu along with Zingbox co-founders May Want and Jianlin Zeng will join Palo Alto Networks.

     

    The post Palo Alto Networks to buy IoT security firm Zingbox appeared first on FutureIoT.

    ]]>
    MDM can tame and monetize IoT data explosion https://futureiot.tech/mdm-can-tame-and-monetize-iot-data-explosion/ Mon, 02 Sep 2019 03:00:35 +0000 https://futureiot.tech/?p=5331 In 1965 Wilf Hey was said to coin the catchphrase "garbage in, garbage out" (GIGO) to reflect the view that flawed, or nonsense input data produces nonsense output or "garbage". The phrase is even more noteworthy today in the era of big data, small data and analytics. As one finance manager participating at a CXOCIETY-hosted roundtable recently […]

    The post MDM can tame and monetize IoT data explosion appeared first on FutureIoT.

    ]]>
    In 1965 Wilf Hey was said to coin the catchphrase "garbage in, garbage out" (GIGO) to reflect the view that flawed, or nonsense input data produces nonsense output or "garbage".

    The phrase is even more noteworthy today in the era of big data, small data and analytics. As one finance manager participating at a CXOCIETY-hosted roundtable recently attested to "we have so much data coming in, it is hard work sifting through to glean any insight, let alone figure out what is real and what isn't."

    His predicament stems from the realization that as a business they have multiple sources of data: warehousing and inventory control, finance, sales and marketing, supply chain, product development, etc. And yet each department sees the company based on the data it holds and calls it's the correct version of the truth.

    So as the company moves to become more data-driven, how does one reconcile the different sources [and interpretation] of data and get to the one true version of the truth?

    What Master means

    Gartner defines Master Data Management (MDM) as a technology-enabled discipline in which business and IT work together to ensure the uniformity, accuracy, stewardship, semantic consistency and accountability of the enterprise's official shared master data assets.

    Master data is the consistent and uniform set of identifiers and extended attributes that describes the core entities of the enterprise including customers, prospects, citizens, suppliers, sites, hierarchies and chart of accounts.

    But the description is laced with technical jargon that businesses will instantly ignore if left untethered to a business outcome.

    Pierre Bonnet, vice president of Product and Engineering at TIBCO Software
    Pierre Bonnet, vice president of Product and Engineering at TIBCO Software

    Pierre Bonnet, vice president of Product and Engineering at TIBCO Software believes that MDM should be a business-led programme that is essentially the clearinghouse to guarantee that the most important data is clean and of the highest quality. An essential attribute of this function is the ability to share the data across the organisation.

    Clearinghouse

    Bonnet likens MDM to a clearinghouse for data.

    As companies deal with an increasing number of data sources and fragmented information from social media, mobile devices, and the cloud, MDM allows organisations to control and manage key master data entities scattered across different applications and databases. This improves visibility and control over the business activities and optimises various business operations such as the supply chain, inventory management, forecasting, and customer service.

    "In a fast-growing business market with high expectations of deep digitalisation, a company without such a "data clearinghouse" could lose control of its data quality and data governance, leading to the delivery of poor quality business processes to its market. Such an MDM system is the spine of the deep-digitalisation process a company must follow to reinforce its market sustainability," he explained.

    When consolidated and matched accurately, data can reveal opportunities, risks, and areas where the business can be improved.

    Got MDM, will DX

    While often not discussed, MDM may play an important role in organisations undertaking a digital transformation (DX) initiative. Why? At the core of many DX journeys is data – arguably the least understood, much abused and overhyped, and still relatively untapped for many organisations.

    Can a business successfully achieve transformation without the need for a clearinghouse for data?

    Bonnet cautions that there are two levels to consider when discussing digitalisation.

    The first is the external-facing part of digitalisation as represented by API and websites. This part has a limited impact on the organisation's internal workings.

    The second level called deep-digitalisation is where a company rethinks its internal IT systems to create a portfolio of autonomous and reusable coarse-grained components that can be exposed to the market via smarter APIs.

    Bonnet explained that to make this deep-digitalisation happen at the right scale with the right quality, the governance of the data must cover all the information system layers, not only revealing certain important data in a fairly rough manner.

    "To get this agility and depth of data governance, a high-end MDM system is mandatory. This system will be connected into all the information silos and layers within the silos, also with new systems. It is not a surface MDM system, but a deep MDM system with a strong data storage layer, rich governance features, and a very fast, agile process of delivery for the management of changes," he elaborated.

    Secret to making it work

    To achieve success at large scale, Bonnet says a company's MDM system must allow for an agile delivery process.

    "It is almost impossible to be sure about the data structure, semantics, and governance process a company needs to start, and the prediction for the future is so hard to establish, even impossible," he laments.

    The inability to know the future is the key reason for the agility mindset. This is a vital awareness.

    "If the MDM system is not agile enough, then all the existing systems running in a company could be slowed in their ability to change. There is also a potential for poor integrating with the MDM system which will not improve the data quality, and may have the opposite effect," he continues.

    He suggests that checking two points: first, the MDM system must be agile, without a rigid engineering process that could delay the delivery of the existing systems.

    This is what is called a "model-driven MDM" for which the data semantics will drive a big part of the expected delivery in an automatic process.

    The second point is the need for a methodology framework to set up a business glossary, model the data per domain at the semantic level, design the data policy with the workflow, and appoint the right roles for the data governance, etc.

    "Today, after a couple of years of implementing such an MDM system, it is clear that the "model-driven" approach is mature when applying it to the most important data, and the methodology framework relies on rich lessons learnt and best practices ready to share," he concludes.

    Focus on what is important

    Bonnet warns not to get hung up on sexy terms like AI, big data, and data lakes. These are just tools. The real challenge is making sure the data is clean.

    "Often, big data and data lake projects rely too much on some ‘magic' algorithms that should compute the vision for improving the future. But the business prediction will not be any good if the underlying data is wrong," he pointed out.

    He suggests subjecting the data to clear governance. This is arguably where MDM shines.

    "The MDM system is the masterpiece of the whole data enterprise governance solution. Once the data is aligned with the quality insurance process, then a company can start getting good results with data analytics and AI," said Bonnet.

    "By closing the loop between the operating system and data analytics results, the MDM is used as the bi-directional bridge to convey good data from the operating system to data analytics and from the results of data analytics back to the operating system. The two worlds are then connected under the governance enforced by the MDM system," he concluded.

    Tying it to IoT

    The Forrester Wave: Master Data Management Q1 2019 report notes that MDM is moving into its third generation, with the Internet of Things (IoT), and its massive stores of data, driving to the development of systems of automation and systems of design, and with it the introduction of new MDM usage scenarios to support co-design and the exchange of information on customers, products, and assets within ecosystems.

    Industries like consumer products goods and retail will likely find MDM the centrepiece of flexibility. Forrester says “MDM within ecosystems, connecting to product information management (PIM) systems, is becoming a key success factor for such strategic MDM implementations.”

    Minimising risks

    Deploying technology is often a complicated solution to a complex problem, with risks escalating as you add more departments into the mix. Data, which cuts across everyone within the company, is no exemption.

    Bonnet is not perturbed. He noted that solutions, as TIBCO EBX™, can be used to quickly comply with evolving data quality, management, and governance requirements, while automating current manual business processes around the management of master data.

    TIBCO EBX™ comes with out-of-the-box functionalities specifically designed for multi-party, multi-tier collaboration in the creation, management, and synchronisation of master data. Implementation is quicker as well, which allows businesses to quickly achieve business value and return on investment. Solutions also need to be scalable to meet future needs.

    First published on FutureCIO

    The post MDM can tame and monetize IoT data explosion appeared first on FutureIoT.

    ]]>
    Securing a converged IoT-IIoT future https://futureiot.tech/securing-a-converged-iot-iiot-future/ Sun, 01 Sep 2019 01:00:33 +0000 https://futureiot.tech/?p=5336 For enterprises IoT is important in their customer engagement strategy, but it is Industrial Internet of Things (IIoT) that will enable the business to bring together the ecosystem more cost effectively and efficiently.

    The post Securing a converged IoT-IIoT future appeared first on FutureIoT.

    ]]>
    The Altimeter report, 2018-2019 State of Digital Transformation, reveals that business growth remains the primary driver of digital transformation initiatives. But while market pressures like business opportunities (51%) and increased competitive pressure (41%) are high on the agenda of the C-suite, high-profile data breaches and new regulatory standards like GDPR are also providing impetus to transform (38%).

    Figure 1: Top priority technology investments in 2019

    Source: Altimeter 2019

    According to Brian Solis, principal analyst, Altimeter – a prophet company, there is growing acknowledgement of the importance of human factors in digital transformation. Still, “most transformation efforts continue to focus on modernizing customer touchpoints (54%) and enabling infrastructure (45%).

    It is not difficult to fathom the level of interest around the Internet of Things (IoT), particularly as consumers have embraced mobile technology long before they started reading of IoT – what Solis refers to the enabling infrastructure.

    For enterprises, IoT is important in their customer engagement strategy, but it is the Industrial Internet of Things (IIoT) that will enable the business to bring together the ecosystem more cost-effectively and efficiently.

    As enterprises learn to understand and master the data (big data) deluge that digital transformation brings to the company, the discovery also has the potential to help it in the one area that keeps leadership awake – security.

    As data breaches become a subject of discussion in the executive suite, it is important that enterprises to use the opportunity to glean customer insight but also the state of security readiness/vulnerability of the operation even as they embrace technologies like IoT and IIoT.

    Does digital transformation strengthen or weaken an enterprise’s security posture?

    FutureIoT raised this question to Haiyan Song, senior vice president, Security Markets at Splunk, in recognition of the growing adoption of IoT to engage with customers and IIoT to better improve operational efficiencies and increase the visibility of the supply chain.

    “It can be both. It depends on how you approach it. Digital transformation brings a lot more data to the organization. If you take the right strategy and have a very strong data foundation, you can leverage the data to do better detection, and enable faster response,” she opined.

    She cautioned that not embracing the data chaos that digital transformation brings, can overwhelm the organization, and unnecessarily expose the company to vulnerabilities as a result of the data deluge.

    In this exclusive interview, she openly discusses a number of key concerns organisations have with regards to IoT/IIoT. Click on the video below as she covers a number of key concerns senior business and technology leaders with FutureIoT/FutureCIO as roundtables and forums.

    Does digital transformation strengthen or weaken a company’s security posture?

    What is different about transformational security strategy (in contrast to a traditional security strategy)?

    What is data chaos and how do we use it to improve our security posture?

    In a converged [IoT and IIoT] future, who should be responsible for security?

    Altimeter recommends that any transformational initiative go beyond what many executives seem to be obsessed with today – customer experience – and instead encompass the transformation of core operational foundations so enterprises can compete and innovate more efficiently.

    Among respondents to the Altimeter study, the long-term transformation strategy (49%) involves the development of an agile IT infrastructure and technologies with increased flexibility, manageability and security.

    First published on FutureIoT

    The post Securing a converged IoT-IIoT future appeared first on FutureIoT.

    ]]>
    Lackluster cybersecurity in smart cities puts future IoT in peril https://futureiot.tech/lackluster-cybersecurity-in-smart-cities-puts-future-iot-in-peril/ Thu, 29 Aug 2019 01:00:23 +0000 https://futureiot.tech/?p=5307 ABI Research said lagging cybersecurity investments in smart cities puts future IoT ecosystem in danger.

    The post Lackluster cybersecurity in smart cities puts future IoT in peril appeared first on FutureIoT.

    ]]>
    Digital security investments in smart cities are severely lagging, thus seeding the future vulnerabilities of the IoT ecosystem, according to ABI Research.

    “Smart cities are increasingly under attack by a variety of threats. These include sophisticated cyberattacks on critical infrastructure, bringing industrial control systems (ICS) to a grinding halt, abusing low-power wide area networks (LPWAN) and device communication hijacking, system lockdown threats caused by ransomware, manipulation of sensor data to cause widespread panic (e.g., disaster detection systems) and siphoning citizen, healthcare, consumer data, and personally identifiable information (PII), among many others,” said Dimitrios Pavlakis, industry analyst at ABI Research.

    “In this increasingly connected technological landscape, every smart city service is as secure as its weakest link,” he added.

    Projected smart city cybersecurity spending not enough

    Based on ABI Research’s Smart City Cybersecurity application analysis report, the financial, ICT (Information and Communication Technologies) and defence industries will account for 56% of the US$135 billion projected total cybersecurity spend in critical infrastructure in 2024.

    The remaining 44% of the 2024 spend will be split between the Energy, Healthcare, Public Security, Transport and Water & Waste sectors – leaving them woefully underfunded and incredibly vulnerable to cyberattacks.

    Smart cities are comprised of a highly complex, interdependent network of devices, systems, platforms, and users.

    Smart energy, utilities, water and wastage, parking and automotive, industrial and manufacturing, building automation, e-government and telemedicine, surveillance and public safety are just some of the verticals that vendors and governments must secure.

    WAN smart-city connections to reach 1.3 billion

    ABI Research identified cloud service powerhouses like Microsoft, security leaders like Entrust Datacard and Rambus, cellular communication experts like Sierra Wireless, certification authorities like Globalsign, and multi-vertical service providers like Huawei as some of the key vendors providing smart city-specific solutions.

    The analyst firm that there will be about 1.3 billion wide-area network smart city connections by 2024, with almost 50% of those connections expected to be LPWA-LTE and LPWA Proprietary.

    While some LPWA protocols like the NB-IoT are attempting to tackle at least some digital and communication security challenges, ABI Research pointed out that these intrinsically lightweight cellular versions aim toward lowering bandwidth cost, increasing coverage, and lowering latency and are not, in general, capable of handling the increased number of cyber-threats in the interconnected smart city environment.

    “Lack of cryptographic measures, poor encryption key management, non-existent secure device onboarding services, weaponised machine learning technologies by cyber-attackers, poor understanding of social engineering, and lack of protection versus Distributed Denial of Service (DDoS) attacks are just are some of the key issues contributing to the amplification of cyber-threats in smart city ecosystems,” said Pavlakis.

    “This is further exacerbated by the lack of digital security investments and will, unfortunately, jeopardise the key elements of intelligence, efficiency, and sustainability of future smart city deployments,” he said.

    The post Lackluster cybersecurity in smart cities puts future IoT in peril appeared first on FutureIoT.

    ]]>
    US senators asked about safety of internet-connected cars https://futureiot.tech/us-senators-asked-about-safety-of-internet-connected-cars/ Mon, 26 Aug 2019 03:00:52 +0000 https://futureiot.tech/?p=5278 US senators Edward Markey and Richard Blumenthal asked the National Highway Traffic Safety Administration (NHTSA) whether it was notified about the cyber vulnerabilities of internet-connected cars.

    The post US senators asked about safety of internet-connected cars appeared first on FutureIoT.

    ]]>
    Two US senators last week asked the country’s National Highway Traffic Safety Administration (NHTSA) whether they’ve been notified about any malicious hacking attempts on internet-connected cars and if they have plans to address the cyber risk these vehicles posed on public safety.

    “We are concerned about the lack of publicly available information about the occurrence and handling of cyber vulnerabilities in internet-connected cars, and that NHTSA should be aware of these dangers in order to take possible regulatory actions,” said Senators Edward Markey and Richard Blumenthal in a letter to NHTSA dated August 22.

    Both lawmakers were reacting to a recent report by the Consumer Watchdog that said safety-critical systems of connected cars are being linked to the internet without adequate security and with no way to disconnect them in the event of a fleet-wide hack.

    Predicting that no less than two-thirds of new cars on American roads will have online connections to the cars’ safety-critical system by 2022, the report recommended for these vehicles to be fitted with a kill switch that will allow users to physically cut the online connection.

    Citing the report, the two senators expressed concern that while automakers such as BMW, Chrysler, Daimler, Ford, General Motors and Tesla have disclosed the cyber vulnerabilities to their investors and shareholders, they have kept consumers in the dark.

    “Consumers are purchasing internet-connected vehicles without sufficient safety warnings,” said Markey and Blumenthal.

    Besides asking NHTSA whether it has been notified of cyber vulnerabilities of internet-connected cars, the senators want to answer three more questions. These are:

    • What actions has NHTSA taken, and what actions does NHTSA plan to take, in order to address the cyber vulnerabilities and public safety risks created by the increasing number of internet-connected cars on US roads?
    • Does NHTSA have any formal process in place to receive reports of hacking or vulnerabilities in internet-connected cars?
    • In the event of a cyber incident or vulnerability involving the security of an internet-connected car, what entity would be expected to provide public disclosure? Would that public disclosure would be legally required?

    The senators request for a written response by September 13.

    The post US senators asked about safety of internet-connected cars appeared first on FutureIoT.

    ]]>
    The data conundrum in IoT https://futureiot.tech/the-data-conundrum-in-iot/ Thu, 15 Aug 2019 05:00:32 +0000 https://futureiot.tech/?p=5191 If “necessity is the mother of invention” then “innovation waits for no one”. The latter is probably more truth in the current wave of fintech-led disruption in the financial services community. But even in the more traditional industries such as manufacturing and logistics, we are seeing innovation come up driven in part by developments in […]

    The post The data conundrum in IoT appeared first on FutureIoT.

    ]]>
    If “necessity is the mother of invention” then “innovation waits for no one”.

    The latter is probably more truth in the current wave of fintech-led disruption in the financial services community. But even in the more traditional industries such as manufacturing and logistics, we are seeing innovation come up driven in part by developments in the area of Internet of Things (IoT).

    Some of the earliest applications of IoT are around wearable technologies that collect information about a user’s habits such as ManulifeMOVE in Hong Kong, and the environment around us like the AirCasting Platform and TZOA. Industrial applications include waste management, smart street lamps by Hello Lamp Post,

    Governments themselves are not necessarily holding back their own investments in IoT. Rapid urbanisation is forcing governments to look at technology to solve the problems of accelerating population densities in the urban areas. This is even more imperative in countries with small landmass such as Singapore, which has ambitions to become the first smart nation.

    All these developments are happening despite a lack of consistent strategy by industry and regulation by the government to control the use of IoT technologies.

    Speaking to FutureIoT, Anne Petterd, principal Baker McKenzie Wong & Leow, commented that “it's often said that that the law is not keeping up with technology. To some extent, there's truth in that. But it doesn't stop businesses from operating. If we all wait for the law to catch up we'd never get anything done.”

    So rather than sitting around and mulling what regulation will likely come into play in a not so distant future, she suggests areas organisations can look into proactively so businesses can continue to innovate while recognising legitimate concerns of consumers and regulators.

    RELATED: IoT innovation outpaces regulation for now

    She calls for prudent thinking on the part of businesses and developers.

    “A business that is more proactive with being transparent, thinking through even though I could make that use of data should I? And how do I communicate with people on that? These strategies will probably put themselves in a better position if regulations come and intervene in that space,” she concluded.

    But not everyone thinks strategically.

    She believes that businesses need to study, as part of their IoT strategy, how data is being used with the IoT solutions.

    “A lot of the IoT devices, particularly in the consumer space, are making a lot of use of personal data and data about people, collecting details about where people go, and what their preferences are. A lot of the time businesses don't spend enough planning time at the beginning of their IoT strategy development how [yet to be defined] privacy laws might influence product development,” she commented.

    Another area that's also forgotten is when third-party IoT solutions are brought in as part of the solution. “An example might be a manufacturer who wants to bring in IoT technology to use in its manufacturing plant. The company needs to think through how is that data collected being used? Is it being used just to optimize its own business or is the solution provider using that data to provide services to its entire user base which might include some important corporate information?” suggested Petterd.

    IoT and IoT data present significant opportunities for businesses and public sector organisations to enhance how products are developed or services delivered. And despite the early stages of development [and regulation] of the technology, there is amply ways for which organisations can innovate using the technology without being crippled by yet to be defined regulation.

    The key is thinking ahead of the possibilities, listening to what customers or users of the technology are saying, what regulators may be concerned about and taking prudent steps to incorporate this intelligence into their IoT strategy.

    As someone once quoted: “forewarned is forearmed”. There is a competitive advantage in advance warning.

    The post The data conundrum in IoT appeared first on FutureIoT.

    ]]>
    Making smart cities safe and secure https://futureiot.tech/making-smart-cities-safe-and-secure/ Mon, 12 Aug 2019 01:41:06 +0000 https://futureiot.tech/?p=5132 City planners and developers aren’t prioritizing security. Anyone can go on Shodan.io and find thousands of unprotected devices connected to the city’s internet

    The post Making smart cities safe and secure appeared first on FutureIoT.

    ]]>
    City planners and developers aren’t prioritizing security. Anyone can go on Shodan.io and find thousands of unprotected devices connected to the city’s internet

    Accessing FutureIoT Premium Content

    Welcome! To access Premium content and more, please login below.

    Not a Premium member yet? Register now for a free account!

    Forgot Password

    Alternatively,

    The post Making smart cities safe and secure appeared first on FutureIoT.

    ]]>
    China-based SUNMI to use NEXT Sensors into POS terminals https://futureiot.tech/china-based-sunmi-to-use-next-sensors-into-pos-terminals/ Fri, 09 Aug 2019 01:30:28 +0000 https://futureiot.tech/?p=5127 The SUNMI P1 POS terminals incorporating NEXT`s certified fingerprint technology will be used in Aadhaar Enabled Payment System (AEPS) applications

    The post China-based SUNMI to use NEXT Sensors into POS terminals appeared first on FutureIoT.

    ]]>
    Norway-based NEXT Biometrics, a global fingerprint sensor technology provider, yesterday announced that Shanghai SUNMI Technology has started to incorporate its Aadhaar-certified sensor modules into Point-of-Sale (POS) terminals for sale in India.

    SUNMI specialises in delivering a wide range of intelligent commodity hardware devices, including mobile, smart payment, desktop and self-service equipment to build business IoT solutions for a wide variety of industries.

    The China-based manufacturer sells more than 1 million POS terminals to local and foreign markets per year. The SUNMI P1 POS terminals incorporating NEXT`s certified fingerprint technology will be used in Aadhaar Enabled Payment System (AEPS) applications.

    "The P1 POS terminal is our first device to incorporate biometrics. The NEXT fingerprint sensor technology has been our deliberate choice because of its excellent reputation and proven installation base," said Lin (Jack) Zhe, founder of SUNMI. "We look forward to a successful market launch and growing customer base for Aadhaar enabled payments."

    "We are pleased that SUNMI joins the growing number of hardware manufacturers benefitting from our certified and proven sensor technology," said Alain Faburel, NEXT Biometrics chief sales and marketing officer. "We are making good progress in expanding our network of business partners for Aadhaar-based applications."

    The post China-based SUNMI to use NEXT Sensors into POS terminals appeared first on FutureIoT.

    ]]>
    Microsoft says Russian hackers targeting corporate IoT devices https://futureiot.tech/microsoft-says-russian-hackers-targeting-corporate-iot-devices/ Wed, 07 Aug 2019 03:00:09 +0000 https://futureiot.tech/?p=5110 Microsoft last Monday warned in a blog that Russian hackers known as Strontium are targeting corporate IoT networks to gain access into organizations. In April, security researchers in the Microsoft Threat Intelligence Center discovered the group’s attempts to compromise a VOIP phone, an office printer and a video decoder across multiple customer locations. Further investigation […]

    The post Microsoft says Russian hackers targeting corporate IoT devices appeared first on FutureIoT.

    ]]>
    Microsoft last Monday warned in a blog that Russian hackers known as Strontium are targeting corporate IoT networks to gain access into organizations.

    In April, security researchers in the Microsoft Threat Intelligence Center discovered the group’s attempts to compromise a VOIP phone, an office printer and a video decoder across multiple customer locations.

    Further investigation of the Microsoft revealed Strontium used these devices to enter corporate networks. In two of the cases, devices were deployed without changing the default manufacturer’s passwords, while in the third case the latest security update had not been applied to the device.

    “While much of the industry focuses on the threats of hardware implants, we can see in this example that adversaries are happy to exploit simpler configuration and security issues to achieve their objectives. These simple attacks taking advantage of weak device management are likely to expand as more IoT devices are deployed in corporate environments,” the blog said.

    At the conclusion of its investigation, Microsoft informed the manufacturers of the three devices.

    Monitoring the threat actors

    Over the last twelve months, Microsoft has delivered nearly 1, 400 nation-state notifications to those who have been targeted or compromised by Strontium.

    One in five notifications of Strontium activity were tied to attacks against non-governmental organisations, think tanks, or politically affiliated organizations around the world. The remaining 80% of attacks have largely targeted organisations in the following sectors: government, IT, military, medicine, education and engineering.

    Microsoft have also observed and notified Strontium attacks against Olympic organizing committees, anti-doping agencies, and the hospitality industry.  The “VPN Filter” malware has also been attributed to the group by the FBI.

    In 2018, hundreds of thousands of home and small business networking and storage devices were compromised and loaded with the so-called “VPN Filter” malware. The FBI took subsequent actions to disrupt this botnet, although the devices would remain vulnerable to re-infection unless proper firmware or security controls were put in place by the user.

    There were also multiple press reports of cyberattacks on several devices during the opening ceremonies for the 2018 Olympic Games in Pyeong Chang. Microsoft cited officials did confirm a few days later that they were a victim of malicious cyber-attacks that prevented attendees from printing their tickets to the Games and televisions and internet access in the main press centre simply stopped working.

    Better integration of IoT devices

    According to Microsoft, IoT devices must be identifiable, maintained, and monitored by security teams particularly in large complex enterprises.

    Some IoT devices may even communicate basic telemetry back to the device manufacturer or have means to receive software updates. In most cases however, the customers’ IT operation centre don’t know they exist on the network.

    “We are calling for better enterprise integration of IoT devices, particularly the ability to monitor IoT device telemetry within enterprise networks,” the blog said.

    “Today, the number of deployed IoT devices outnumber the population of personal computers and mobile phones, combined. With each networked IoT device having its own separate network stack, it’s quite easy to see the need for better enterprise management, especially in today’s bring-you-own-device world.

    Microsoft lists down 12 actions to protect corporate IoT devices. These are:

    1. Require approval and cataloguing of any IoT devices running in your corporate environment.
    2. Develop a custom security policy for each IoT device.
    3. Avoid exposing IoT devices directly to the internet or create custom access controls to limit exposure.
    4. Use a separate network for IoT devices if feasible.
    5. Conduct routine configuration/patch audits against deployed IoT devices.
    6. Define policies for isolation of IoT devices, preservation of device data, ability to maintain logs of device traffic, and capture of device images for forensic investigation.
    7. Include IoT device configuration weaknesses or IoT-based intrusion scenarios as part of Red Team testing.
    8. Monitor IoT device activity for abnormal behaviour (e.g. a printer browsing SharePoint sites…).
    9. Audit any identities and credentials that have authorized access to IoT devices, users and processes.
    10. Centralize asset/configuration/patch management if feasible.
    11. If your devices are deployed/managed by a 3rd party, include explicit Terms in your contracts detailing security practices to be followed and Audits that report security status and health of all managed devices.
    12. Where possible, define SLA terms in IoT device vendor contracts that set a mutually acceptable window for investigative response and forensic analysis to any compromise involving their product.

    The post Microsoft says Russian hackers targeting corporate IoT devices appeared first on FutureIoT.

    ]]>
    Akamai extends reach towards IoT devices https://futureiot.tech/akamai-extends-reach-towards-iot-devices/ Wed, 31 Jul 2019 01:00:28 +0000 https://futureiot.tech/?p=5041 Called Edge Cloud, Akamai’s new offering is designed to serve the needs of businesses bringing billions of endpoints online as part of the IoT connected device revolution and further boost the adoption and power of in-application messaging.

    The post Akamai extends reach towards IoT devices appeared first on FutureIoT.

    ]]>
    Akamai has unveiled a solution line that streamlines and secures the delivery of data to connected devices and in-application messaging at scale.

    Called Edge Cloud, it is designed to serve the needs of businesses bringing billions of endpoints online as part of the IoT connected device revolution and further boost the adoption and power of in-application messaging.

    "Akamai is investing to extend its network capabilities with the goal of meeting the unique needs of the growing IoT device and application messaging markets," said Craig Adams, senior vice president and general manager, Web Performance and Security, Akamai Technologies. "Delivering massive amounts of data across the globe securely is in Akamai's DNA. We are focused on developing technology designed to scale, simplify and secure the way IoT and application data is delivered to endpoints."

    Solving critical scale and operational challenges

    According to IoT Analytics Research, by 2025, approximately 22 billion connected devices will be sending data across the Internet. In addition, billions of application instances will be sending trillions of messages, and these endpoints represent both vast opportunities and challenges for businesses in terms of harnessing, distributing and protecting the data.

    From car makers to hotel operators, virtually every industry is incorporating endpoints in the form of connected devices and applications into their business strategies, capitalizing on the ubiquity of Internet access. However, building and managing the infrastructure required to support, scale and secure these experiences can be incredibly time-, cost- and resource-intensive for organizations and not a part of their core competency.

    According to Akamai, its Edge Cloud solution line provides global scale that other data platforms for IoT and messaging lack. As more use cases emerge for IoT and in-application messaging, such as Message Queuing Telemetry Transport (MQTT), the need to offer connectivity for billions of devices, real-time data delivery and capabilities that allow for easier data management are a requirement.

    IoT Edge Connect, a new product within the Edge Cloud solution line, tackles these challenges head on by offering a secure framework. Both resource-constrained IoT devices and applications using MQTT for messaging can send or publish information about a given topic to a server that functions as an MQTT message broker.

    "We are offering the next generation of messaging with scalability, operational simplicity and security, providing a turn-key solution that allows customers to focus on their core business rather than integrating and managing discreet but necessary components for messaging," said Lior Netzer, vice president and CTO, IoT, Akamai. "With the launch of IoT Edge Connect, we're harnessing the power of the Edge and bringing it to the next frontier of connected devices and applications."

    With IoT Edge Connect, developers can enable low-latency interactions with millions of endpoints and process data in real-time. Customers using the service can reduce network, compute and database build out, reduce security breaches and improve manageability, avoiding the need to develop and maintain proprietary and costly IoT and in-app messaging networks.

    The post Akamai extends reach towards IoT devices appeared first on FutureIoT.

    ]]>
    Moscow-based firms granted unified city identifier https://futureiot.tech/moscow-based-firms-granted-unified-city-identifier/ Tue, 30 Jul 2019 01:00:59 +0000 https://futureiot.tech/?p=5036 Called Mos.ID, it simplifies user access to online accounts in the city’s internet services, enabling Muscovites to use a wider range of online services, from payment of utility and telephone bills to internet banking.

    The post Moscow-based firms granted unified city identifier appeared first on FutureIoT.

    ]]>
    Moscow’s Department of Information Technology has granted businesses access to the unified city identifier called Mos.ID.

    The identifier simplifies user access to online accounts in the city’s internet services, enabling Muscovites to use a wider range of online services, from payment of utility and telephone bills to internet banking, without worrying about the security of their personal data or having to remember numerous passwords.

    “The new system will simplify life in the digital space, help to counter fraud and become a single point of entry into hundreds of internet services for citizens. In other words, it will do away with the need to memorize numerous passwords for various accounts,” said Denis Zhikharev, head of projects at DIT.

    DIT has been rapidly developing and actively growing for the past five years. In recent years, it has created over a thousand systems and services, targeting to launch around 300 new projects annually. Currently, it has digitalized over 166 state services, more than any other region of Russia.

    Verifiable and up-to-date personal data

    The advantage of this entry system is that the data stored in it are always up to date.

    Personal data entered when registering on the city portal are checked in government data bases, while user identity is verified in a multi-functional centre or through binding with a confirmed state services account and contains a number of verified details (social media confirm only the user’s telephone number and email address).

    As a result, each user can have only one authentic account and companies can offer their services online (for example, provide the results of medical tests carried out in private clinics or statements from credit reference agencies, with no additional confirmation of identity).

    With the user’s consent, verification of data (full name, passport data, address, age etc.) will expand opportunities for the provision of new online services, such as authentication in car sharing services and ad placement services, remote education, with internet providers or credit reference agencies, with no additional ID confirmation procedure.

    A high level of security of users’ personal data is ensured by using two-factor authentication with an anti-hammering function. The system has been tested by the Federal Service for Technical and Export Control to ensure protection of the Personal Data Information System.

    First adopters

    One of the first companies to begin using the unified identifier is the Moscow City Telephone Network, which provides broadband internet access, digital TV, mobile and landline telephone, CCTV, intruder alarm and other services in Moscow and Moscow Region. In addition, the system is now live on the website of the Higher School of Economics - one of Russia’s leading higher educational institutions and is currently being integrated with more than 10 other projects.

    “Mos.ru is the official portal of the mayor and government of Moscow. The main aim of the portal is to create a unified web space for the city, providing Muscovites with a single resource where they can find all the city platforms and online services they need,” said Zhikharev.

    He added: “It also provides access to state services in electronic form, instructions on what to do in various life situations, news about the city, your district or neighbourhood, and information about upcoming events. The mos.ru portal provides access to more than 330 services and has over 8.2 million registered individual users and more than 38,500 corporate users.”

    The services section was created on the bases of the most commonly occurring search requests. It brings together step-by-step instructions on what to do in 330 different life situations, such as making an appointment with a doctor, registering a vehicle, paying for parking or finding an impounded car. For convenience, the content is sorted by popularity in more than 14 categories (safety, courtyard, documents, house, health, education, work, family, sport, culture, leisure, transport, ecology and others). The What’s On section contains information about all city celebrations, festivals, fairs, campaigns, master classes, exhibitions, shows and sporting events. Users can apply filters to configure the service to their own interests by selecting, for example, only free events or events in their own district.

    Meanwhile, the DIT of Moscow has also built 178 portals, including the official Mayor and Government of Moscow web-site "mos.ru"​. Furthermore, DIT has created systems that cover over 60 industries, including:

    • Electronic queue for Civil registry office;
    • Arrangement of remote medical appointments;
    • Personal electronic medical records;
    • Children assignment to kindergartens/schools/extracurricular activities;
    • Providing schools with cutting edge technological equipment;
    • Obtaining references, enquiries and services remotely;
    • Numerous projects in housing and public amenities, starting from telemetrics and energetics to the possibility of submitting water usage information.

    The post Moscow-based firms granted unified city identifier appeared first on FutureIoT.

    ]]>
    Arming IoT with geospatial analytics for better insight https://futureiot.tech/arming-iot-with-geospatial-analytics-for-better-insight/ Wed, 24 Jul 2019 01:00:07 +0000 https://futureiot.tech/?p=4982 FutureIoT spoke with Geospock CEO Richard Baker for his take on this geospatial data and the technologies that bring IoT data to the next level.

    The post Arming IoT with geospatial analytics for better insight appeared first on FutureIoT.

    ]]>
    The ability to communicate with elements within an environment and take prescriptive action is one of the defining characteristics common in smart cities and processes that integrate Internet of Things (IoT) with those of machine learning and/or artificial intelligent technologies.

    But even during its earliest evolutions, IoT devices and sensors have been used to track and monitor everything from equipment to products, to humans. [your smartphone is an IoT device remember?]

    One of the earliest applications of Internet of Things (IoT) is in manufacturing – process and discrete – where IoT connected devices and sensors are used to monitor or track activities within the supply chain – in real-time and near real-time.

    In an article on Geospatial World, Matthew Zenus, Global Vice President, Database and Data Management Solution Go-To-Market, SAP described the data produced by these IoT devices as one-dimensional. He opined that it is the combination of IoT data with geospatial analytics, business data, and operational data, that “reveals hidden patterns and relationships that go to delivering better business outcomes.”

    He was, of course, alluding to one of the early applications of IoT – positioning sensors that allow for the exact tracking of objects by providing absolute (geographical positioning system or GPS data) or relative displacement information.

    With that in mind, FutureIoT spoke with Geospock CEO Richard Baker for his take on this geospatial data and the technologies that bring IoT data to the next level.

    How far advanced are governments in the use of geospatial data and or technology towards the planning and design or the actual management of smart cities?

    Richard Baker, CEO, Geospock

    Richard Baker: I would say that many cities around the world have got traditional GIS tools that they are using for terrain and geography planning. However, the actual use of sensor data and spatial analytics from sensor data is just emerging.

    What are the reasons for this?

    Richard Baker: Firstly, we probably had the last ten years, if you like, of IoT technologies emerging and actually getting deployed, probably we’re really only seeing the acceleration of IoT in smart cities from connected SIMs on mobile operators only in the last 5-7 years.

    The world is dealing with the physical connection side predominantly over those years. It’s only in the last couple of years that connectivity is producing such huge amounts of new metadata that the analytics of that data has become more relevant.

    There are over 20,000 smart city projects around the world today – mostly driven by local or central governments. Most share a common problem – a lack of talent, skill and understanding of how to manipulate and manage spatial data.

    Many governments will have a GIS team to deal with maps and terrain, but actually queuing data science on location and spatial data is a new field.

    In some cases, it’s also a lack of a data strategy, a lack of data scientists in local authorities. So, these emerging fields are my impression of the cities that we interact with.

    Can you share some use cases in Asia?

    Richard Baker: What we tend to see fundamentally is that many cities are taking an infrastructure first approach to digitising. This includes smart street lighting, smart dustbins, and climate weather sensors.

    The next step would be dealing with mobility and the congestion that is building up particularly in dense cities. The ability to track and monitor vehicular traffic will allow urban planners to spatially plan the city better.

    As a business what remains the biggest challenge for IoT vendors like GeoSpock?

    Richard Baker:  I think our largest challenge is fundamentally to move away from the technology discussion, and really very much work with businesses and governments around the world on the use cases and the problem statements.

    Part of that transition is very much being focused on the outcomes that we’re all trying to achieve in the transformation of the logistics market, or the transformations of smart cities, or in the rise of moving from connected vehicles to fully autonomous vehicles. I think the language is already changing.

    Most government and business leaders are already beginning to focus on what are the benefits to citizens, what are the benefits to businesses themselves, and ultimately what are those use cases that really this connected physical internet market really brings to us all.

    That leads us into a conversation around how many of those governments and how many of those enterprises really do have data first strategies that account for location analytics, location insights, as part of their design blueprint.

    I think location has become one of the most important metadata tags for both public sector and private sector companies, and ultimately designing that in to be part of the everyday model is perhaps the interim challenge to make sure that the data officer has that as part of the roadmap.

    How will smart cities evolve in the coming decade?

    Richard Baker:  We think that is going to ultimately bring about in the next 5-7 years a new era of private and public sector collaboration.

    I think if we can think about a city running an operating system and ultimately service application providers having universal access to the infrastructure, I think that becomes a very significant innovation playground. There’s a lot of services that can be optimised and new innovation developed that can help society in a significant way.

    For the first in many times, I think certainly when it comes to the environmental monitoring and the journey towards getting on top of climate change, problems in big metropolitan cities, quite frankly if you’re not measuring it you can’t do anything about it.

    And I think IoT connectivity, particularly climate weather sensors, we’re entering a new era of “weather of things”. When you’re thinking about the weather of things, every device is ultimately an input signal to the type of environment that you’re able to monitor. And if you’re able to really start to extract the value of those things then you can start to instruct change to reduce emissions and start to address climate change, if you like, at a root cause. We’re very motivated by that.

    The post Arming IoT with geospatial analytics for better insight appeared first on FutureIoT.

    ]]>
    Hacking infrastructure made easy with IIoT and 5G https://futureiot.tech/hacking-infrastructure-made-easy-with-iiot-and-5g/ Fri, 19 Jul 2019 04:00:09 +0000 https://futureiot.tech/?p=4900 The case of Triton or Trisis which targeted older versions of Schneider Electric’s Triconex Safety Instrumented System (SIS) controllers illustrates the vulnerabilities of current infrastructure against cyber attacks.

    The post Hacking infrastructure made easy with IIoT and 5G appeared first on FutureIoT.

    ]]>
    https://youtu.be/n5sriZaHr5o

    In the movie, Die Hard 4: Live Free or Die Hard, internet-based terrorist and former U.S. Department of Defense, decides to take down America by crippling its commercial and industrial infrastructure hacking into the very computers that manage these systems.

    The tools used for the hacking in the movie are NMAP or Network Mapper, a network port scanner and service detector offering stealth SYN scan, ping sweep, FTP bounce, UDP scan, operating system discovery. It also happens to be a free and open-source utility.

    While some argue that the hacking, in the movie, was too easy, the scenario is still plausible and we hear of this often enough as in the case of Triton or Trisis which targeted older versions of Schneider Electric’s Triconex Safety Instrumented System (SIS) controllers.

    FutureIoT spoke to Chakradhar Jonagam, Head Software Architect, Biqmind, to discuss among other things how organisations continue to struggle with security industrial infrastructure.

    As operators and governments push the 5G story out, it remains just a matter of time before we see more cyberattacks against state and industrial infrastructure. The question is – what should enterprises and regulators be doing today?

    RELATED: 5G is gonna wreck your security setup with IoT

    What are the business applications of industrial IoT in Asia-Pacific?

    Chakradhar Jonagam, Head Software Architect, Biqmind

    Chakradhar Jonagam: With 85% of Asia Pacific organisations still in the early stages of cloud maturity, many have yet to unlock the real business value of cloud computing. Industrial IoT will find plenty of applications in bridging legacy technology onto the cloud, which still forms the backbone for many global MNCs across APAC.

    This is where the adoption of a single framework by different industry stakeholders will ease their integration into the common cloud ecosystem regardless of markets or locations, without the need to rebuild all of their existing infrastructures.

    Another common business application for industrial IoT is the ability to not just help organisations scale their operations across geography, but also by solutions – both hardware and software. Operating from a single framework also means that the adopted solutions must have a uniformed approach to dealing with data, especially when collecting from a variety of data sources like sensors, equipment or machines.

    Edge computing again becomes a critical piece to the puzzle, in which data is collected across different sources, sites and devices must be interpreted similarly by different parties on the cloud. Along with other internal business and operational data, organisations can also potentially establish predictive models that will enable them to identify issues even before they arise by running remote diagnostics.

    How will 5G impact IoT rollouts?

    Chakradhar Jonagam: 5G data speed can operate 20 times faster and connect 1,000 times more devices than its 4G counterparts. This enables more devices to interact more efficiently with IoT networks. In addition to enhancing the mobile experience for consumers such as virtual reality content-streaming services, this increased speed and capacity is also a boon for a variety of industrial applications that require constant connectivity with no downtime.

    For instance, in the context of the oil and gas industry, the harsh operating environments of oil rigs result in inconsistent connectivity to operational touchpoints. As such, the process in which operators collect data on output is often done so manually through every sensor scattered across the oil rigs.

    With 5G networks, oil rig operators can leverage edge computing for visibility on its output, automating the collection of data in real-time to a centralised database where data can be processed, analysed and leveraged for more informed business actions. In the event of critical errors at the edge like gas leaks, seamless IoT connectivity is crucial for quick problem identification so more time can be allocated to addressing the issue.

    A combination of edge and IoT will also bring automation that can improve working conditions in hazardous environments by providing better visibility of the environment.

    What is the current state of security for IoT [or lack of it]?

    Chakradhar Jonagam: Cybersecurity used to be an afterthought with the assumption that all devices are isolated, and therefore, not connected to the internet. However, as the number of IoT-connected devices is estimated to reach over 75 billion by 2025, they are starting to garner widespread attention from cybercriminals and law enforcers alike. Consumers and businesses are becoming more susceptible to security breaches than ever before, potentially giving hackers access to security cameras, factory operations and even medical devices.

    Moving forward, we expect to see a lot more focus on addressing IoT vulnerabilities, as many of these devices are directly used by end-users in one way or another. Some common measures that will be enforced further include mandatory password changes as well as mutually authenticated protocols across multiple devices.

    How do you effectively measure the impact of industrial IoT?

    Chakradhar Jonagam: With multiple data points and systems, it is easy for organisations to get caught up in an ‘analysis paralysis’.

    Whether it is to deliver top-line objectives or reduce bottom-line costs, there are three key pillars that organisations should consider. Firstly, measuring traditional time to production against accelerated time to value is a good gauge to how much more quickly organisations are able to perform a task with the deployment of cloud-native solutions.

    The second measure is the cost savings generated from using fewer resources, time and infrastructure. Lastly, measuring productivity by determining the amount of repetitive work that has been automated, allows organisations to focus more on enterprise efforts.

    The post Hacking infrastructure made easy with IIoT and 5G appeared first on FutureIoT.

    ]]>
    Why Asia-Pacific leads the IoT charge to the edge https://futureiot.tech/why-asia-pacific-leads-the-iot-charge-to-the-edge/ Fri, 19 Jul 2019 01:00:04 +0000 https://futureiot.tech/?p=4824 Making these complex IoT ecosystems work together intelligently requires a foundation of direct and secure interconnection that can deliver the performance, scalability and security required to build a smarter world.

    The post Why Asia-Pacific leads the IoT charge to the edge appeared first on FutureIoT.

    ]]>
    Today, the concept of internet of things (IoT), which refers to the creation of a network that connects physical objects embedded with sensors and enables these objects to collect and exchange data, has long become familiar to most of us. In fact, as IoT technology grows in popularity with both governments and companies on a global scale, the Asia-Pacific region is one that continues to spearhead its adoption.

    According to the latest IDC Worldwide Semiannual Internet of Things Spending Guide, Asia-Pacific (excluding Japan) is projected to be the global leader IoT spending in 2019, accounting for approximately 36.9% of worldwide spending.

    The reason for Asia-Pacific to be leading the IoT charge lies in the unique combination of government advocacy, manufacturing roots and research and development (R&D) know-how. Asia-Pacific is also ahead when it comes to Smart City rollout, with a staggering US$63.4 billion earmarked for investment in Smart City technology in the region. As the backbone of smart cities, IoT is a key focus area for development in the region.

    As the region turns its focus to IoT, many of its markets have already begun heavy R&D investment to support its rollout. Various governments in the region such as Hong Kong and Australia are earmarking substantial amounts to build out accelerators and innovation hubs.

    Meanwhile, Asia-Pacific’s longstanding roots as a manufacturing hotbed have caused the region to witness the rollout of IoT firsthand in its production lines and factories, showcasing efficiencies and vertical integrations.

    Moving to the edge for IoT for success

    As the IoT market matures and companies seek to derive value from it, new considerations and best-practices are emerging. IoT relies on a highly distributed network capturing data, and this data must be analysed in real-time before it rapidly loses value. This leaves enterprises facing the tough problem: How can they process data while its intrinsic value remains high?

    In order to do this, analysis needs to happen at the ingestion point, on the network edge. With physics and latency considerations and given the complex processing and quick responses required by IoT, analysis is best done in close proximity to devices.

    By building out an IoT environment with edge architecture, enterprises can factor in filtering, processing and analytics closer to both the input devices and end-users. Not only will this help with faster analysis and better predictive models, but it also enables the optimisation of network costs and can streamline application performance.

    The limitations of early generation IoT were clear – the use of a device gateway to offer limited control and communication between sensors and IoT networks, and the consequent latency and bandwidth restrictions resulted in a response time far longer than the five milliseconds required to be considered “real-time”. Instead, edge processing will allow enterprises to fill these gaps, filtering data to reduce the quantity to transfer while gaining greater control of devices and services.

    The edge is already delivering IoT success

    Enterprises in the region have already begun reaping the benefits of the edge. Asia-Pacific-based ride hailing service, PickMe is working with data management services provider, Iguazio, for efficient and intelligent data management, in order for them to develop and act upon insights to streamline efficiency and grow revenue.

    With the freedom to work with multiple service providers, on-premises, in the cloud or as a hybrid architecture out at the edge, anywhere in the world, PickMe is now able to build a powerful matching engine that combines application, passenger and driver data at the edge to support with real-time rate adjustments.

    In the manufacturing sector, the external edge processes external input such as from the government, the weather and holiday dates can help to optimise pricing and inventory decisions once combined with value chain data. This combined data analysis allows products to get to market faster, especially when short turnaround time is necessary, such as during seasonal peaks.

    Meanwhile, internal analytics from industrial IoT sensors that distributed across manufacturing components will enable predictive maintenance, conferring the ability to address issues before they can affect the manufacturing process and end-user experience.

    As a result, manufacturers can optimise their architecture across multiple edges and focus distribution to support both internal analyses for improvements and external analysis for their end-users and customers.

    Ultimately, successful IoT initiatives will be dependent on interconnection, with digital infrastructures that can physically link dispersed sensors, devices and machines that make up public systems, services and experiences, essential for the real-time exchange of information.

    In the future, full IoT deployments can require interactions between multiple parties across a single or even multiple ecosystems. Making these complex IoT ecosystems work together intelligently requires a foundation of direct and secure interconnection that can deliver the performance, scalability and security required to build a smarter world.

    The post Why Asia-Pacific leads the IoT charge to the edge appeared first on FutureIoT.

    ]]>
    Tata Communications and Thales team up to boost data security around IoT https://futureiot.tech/tata-communications-and-thales-team-up-to-boost-data-security-around-iot/ Wed, 17 Jul 2019 00:00:38 +0000 https://futureiot.tech/?p=4890 Tata Communications and Thales are building a global IoT security solution that will protect critical business data in various sectors, with particular eye on connected vehicles at both the device and network level

    The post Tata Communications and Thales team up to boost data security around IoT appeared first on FutureIoT.

    ]]>
    Tata Communications and Thales are joining forces to develop a secure global IoT connectivity solution.

    ““IoT could transform how businesses operate and how people engage with one another and with every ‘thing.’ Protecting data against cyber-attacks both at the device and network level is crucial to accelerate IoT adoption worldwide,” said Anthony Bartolo, chief product officer, Tata Communications.

    In Tata Communications’ global Cycle of Progress survey, 30% of IT decision makers cited security and 25% cited privacy issues as the biggest barriers to IoT adoption. The combined capabilities of Tata Communications and Thales aims to lower these barriers and enable businesses and manufacturers to make the most of the transformational potential of IoT by giving them peace of mind that their critical IoT data is protected against cyberattacks.

    Thales will provide its T-sure warranted digital identity solution to Tata Communications MOVE™ SIM cards, based on technologies from Gemalto, a Thales company. While Tata Communications MOVE encrypts the data in motion (in current use), T-Sure protects the information at rest (archived) on the SIM, therefore safeguarding data both on the network and at the device level.

    The two companies look to undertake a series of proof-of-concepts with customers to test this solution in action.

    Automotive industry as initial target market 

    Specifically, both companies are eyeing the automotive industry as the initial target for their solution.

    The Thales and Tata Communications’ solution aims to secure the data that vehicles carry and provide control over data and applications, while keeping hackers and cyber-criminals at bay. Reliable communications from vehicles to infrastructure (V2I) and from vehicle to vehicle (V2V) will help unlock the value in data generated by vehicles in applications such as driving pattern analytics, emergency services or preventive maintenance.

    Thus, the manufacturer will be able to gather data through the SIM to ensure a vehicle is operating safely, the dealership can use the SIM for keeping track of the maintenance logs, and the vehicle car owner can trust that his or her private information stays private. The solution aims to allow for multiple secure ‘vaults’ within the vehicle to which only the vault owner has access.

    This means that the manufacturer, dealership and vehicle owner will each have their own private, secure space to store information, run applications and establish communications, and the security of these vaults would be enabled and managed via the Tata Communications MOVE platform.

    “The only thing that will allow IoT to fulfil its potential and bring about innovations like autonomous vehicles is totally trusted and secure data connectivity,” said Gareth Williams, vice president, Secure Communications & Information Systems, Thales/

    He added: “The marriage of Tata Communications’ expertise in the connected automotive sector with Thales’s leadership position in IoT and data security, reinforced by the integration of Gemalto, is driving an offering that will give end users complete trust in the integrity of their data whilst opening up new business opportunities for manufacturers.”

    The post Tata Communications and Thales team up to boost data security around IoT appeared first on FutureIoT.

    ]]>
    The long road to unified IoT standards https://futureiot.tech/the-long-road-to-unified-iot-standards/ Mon, 15 Jul 2019 23:46:40 +0000 https://futureiot.tech/?p=4881 The IoT and IIoT promise incredible improvements in everything from enterprise productivity to increased wellbeing of populations in smart cities. Yet, despite its potential, the adoption rate is still slow for many countries in Asia-Pacific and around the world.

    The post The long road to unified IoT standards appeared first on FutureIoT.

    ]]>
    Like many wireless communication standards today, those specifically intended to support the Internet of things (IoT) are still under development. The situation is even more so for industrial IoT (IIoT) applications, where many deployments are still in the early stage, particularly when it comes to standards like NB-IoT and LTE CAT-M1.

    Granted, in areas like IT (internet technology) and OT (operational technology), where standard groups have long operated, standards are well developed and adopted, but at the same time, the standards and frameworks for machine-to-machine (M2M) communication and IoT are still being worked on.

    Ongoing challenges

    Huei Sin Ee, Vice President And General Manager of General Electronics Measurement Solutions at Keysight Technologies

    Huei Sin Ee, Vice President And General Manager of General Electronics Measurement Solutions at Keysight Technologies noted that one of the biggest challenges of developing IIoT standards is ensuring the interoperability of different IoT devices across a diverse set of applications and different kinds of communication networks.

    She added that another for implementation is integrating legacy devices and applications with new devices and technologies since older systems weren’t originally designed to communicate with other applications or systems.

    Despite these challenges, many industrial customers are still keen to implement the IIoT since the potential benefits of this technology—such as automation and actionable business intelligence for the factory floor—is evident.

    Standard bodies like Industrial Internet Consortium (IIC), Object Management Group (OMG), and OneM2M are working together to set the standards and frameworks for machine-to-machine (M2M) communication and IoT.

    There have even been discussions about making the IoT standard an open standard, to expand the innovation, leverage from existing skillsets and integrate with new technology on the manufacturing floor.

    “Whether or not that happens in the future, the real challenge for modern manufacturers will remain on how to connect existing systems to the IoT while also preparing for future expansions,” Ee commented.

    Impact of 5G on IoT

    These days there’s a great deal of hype around 5G. While it certainly can’t be everything to everyone, there are a few distinct capabilities it offers, not the least of which is massive IoT for billions of devices and ultra-low latency and increased reliability for mission-critical IoT applications.

    “These capabilities make it ideal for everything from industrial automation and smart grids to Healthcare IoT. But the impact of 5G on IoT goes beyond just connecting devices to the IoT. Thanks to 5G’s high density, low cost and long-range, it will also expand the scope of IoT devices, improve their ability to operate efficiently, and accelerate their adoption,” added Keysight’s Ee.

    Additionally, 5G represents a fundamental shift in communication network architectures. And as such, it will expand the already pivotal role of cellular connectivity in the deployment of IoT applications.

    According to Ee: “There are various ways in which a 5G mobile network can support the deployment of advanced IoT applications. With a high network speed of about 10-20 Gbps, for example, 5G enables fast transmission of massive amounts of data between connected IoT devices and allows for new capabilities and features that make use of that data."

    Business applications of Industrial IoT in Asia-Pacific

    While many around the world are still assessing how best to implement the IIoT in the most effective, reliable and secure manner possible, several countries in Asia-Pacific are leading the way, having already developed and built out their IIoT capability.

    She cited the example of China with the rapid development of its manufacturing sector. “With so much competition, some players have pursued the IIoT as a means to gain much-needed efficiency and a leg up on competitors. The increasing sophistication of China’s manufacturing sector has led to the need for more technologically astute logistics providers and will eventually lead to the rise in its e-commerce industry. Several key players have already implemented a fully automated warehouse that ensures products are shipped from warehouse to recipient with a high level of efficiency,” said Keysight’s Ee.

    Singapore is another country in Asia-Pacific that is embracing digital and IIoT technologies as a means of improving the lives of its citizens. Named the “Smart City of 2018” at last year’s Smart City Expo World Congress, Singapore is widely recognized for its projects in urban innovation and transformation industry. The government has played a vital role in developing solutions, from dynamic public bus routing algorithms to predictive analytics for water pipe leaks.

    The IoT and IIoT promise incredible improvements in everything from enterprise productivity to increased wellbeing of populations in smart cities. Yet, despite its potential, the adoption rate is still slow for many countries in Asia-Pacific and around the world.

    Ee concluded that while plenty of organizations acknowledge and appreciate the potential benefits of the IIoT, many are still in the midst of assessing how best to implement it in the most effective and secure manner.

    “Others are waiting for full 5G deployment and standards to ensure they can leverage the IIoT to its fullest potential and with the least amount of risk.”

    The post The long road to unified IoT standards appeared first on FutureIoT.

    ]]>
    Singapore introduces trusted data sharing framework https://futureiot.tech/singapore-introduces-trusted-data-sharing-framework/ Thu, 11 Jul 2019 04:07:29 +0000 https://futureiot.tech/?p=4829 Singapore’s Infocomm Media Development Authority (IMDA) and Personal Data Protection Commission (PDPC) recently unveiled a framework that would facilitate trusted data sharing between organizations.

    The post Singapore introduces trusted data sharing framework appeared first on FutureIoT.

    ]]>
    Singapore’s Infocomm Media Development Authority (IMDA) and Personal Data Protection Commission (PDPC) recently unveiled a framework that would facilitate trusted data sharing between organizations.

    The Trusted Data Sharing Framework includes existing PDPC guides on personal data anonymization and sharing as well as new materials on data valuation for data sharing and sample legal templates to enable contractual data sharing.

    “When using the framework, organizations will also be guided through the regulatory considerations, and the contractual, technical and operational safeguards needed in a data sharing arrangement,” IMDA explained.

    With the framework, IMDA expects consumers to be more ready to share their data and consequently benefit from more personalized goods and services.

    However, while organizations have started to recognize the value of data, IMDA said there are many challenges businesses encounter when sharing data.

    These include lack of guidance, methodologies and systemic approaches for data sharing; establishing trust with partners; and ensuring compliance with regulations such as the Personal Data Protection Act (PDPA).

    When using the framework, organizations will also be guided through the regulatory considerations, and the contractual, technical and operational safeguards needed in a data sharing arrangement, according to IMDA.

    “If this results in increasing trust in the private sector and its ability to collect data responsibly, it benefits all of us because we will be able to accelerate our development towards the kind of trusted AI data solutions that we all want,” said Senior Minister of State for Communications and Information Janil Puthucheary at Innovfest Unbound annual technology conference on June 28.

    Last May, Singapore’s data protection authorities have also signed an agreement with Hong Kong to strengthen cooperation in personal data protection in the two jurisdictions.

    Under the memorandum of understanding, the Hong Kong SAR’s Privacy Commissioner for Personal Data (PCPD) and Singapore’s PDPC 1 will engage in the cross-sharing of experiences, exchange of best practices, joint research projects and information exchange involving potential or ongoing data breach investigations.

    The post Singapore introduces trusted data sharing framework appeared first on FutureIoT.

    ]]>
    Field battle tactics for reducing security risks of medical IoT https://futureiot.tech/field-battle-tactics-for-reducing-security-risks-of-medical-iot/ https://futureiot.tech/field-battle-tactics-for-reducing-security-risks-of-medical-iot/#comments Wed, 10 Jul 2019 04:00:54 +0000 https://futureiot.tech/?p=4812 87% of healthcare organisations will have adopted IoMT by the end of 2019 and there will be almost 650 million IoMT devices in use by 2020.

    The post Field battle tactics for reducing security risks of medical IoT appeared first on FutureIoT.

    ]]>
    IoT devices make our lives easier. For example, smart home technologies can optimise energy consumption conveniently by allowing us to turn household appliances on and off with a touchscreen or remotely with our smartphones.

    Likewise, organisations across all industries have also rapidly adopted IoT to improve operational efficiency. However, IoT devices can be one of the weakest links in an IT network.

    Why?

    • IoT devices are often built on outdated software and legacy operating systems that may be vulnerable to attack.
    • IoT devices are increasingly collecting and storing vast amounts of data which makes them an attractive target for cybercriminals.
    • IoT devices serve as an easy entry point for attackers looking to move laterally across an IT network and gain access to more sensitive data. Alternatively, such devices could be attacked directly and shut down with highly disruptive effects.

    The healthcare industry is one industry that has moved towards the Internet of Medical Things (IoMT) in a big way.

    By some estimates, 87% of healthcare organisations will have adopted IoMT by the end of 2019 and there will be almost 650 million IoMT devices in use by 2020.

    Take ultrasound machines for example. Ultrasound technology has made huge advancements over recent years to provide patients and doctors alike with detailed and potentially lifesaving information. Unfortunately, these advancements have not moved in tandem with IT security in which these machines sit, are now connected to and transfer images within.

    Check Point Research recently highlighted the dangers this could pose by getting their hands on an ultrasound machine and investigating what takes place under the hood. They discovered the machine’s operating system was Windows 2000, a platform that, like most other IoMT devices, no longer receives patches or updates and thus leaves the entire ultrasound machine and the information it captures vulnerable to attack.

    Due to old and well-known security gaps in Windows 2000, it was not difficult for our team to exploit one of these vulnerabilities and gain access to the machine’s entire database of patient ultrasound images.

    Video Demo of Hacking an Ultrasound machine

    https://www.youtube.com/watch?v=5hqXlEgBIqg

    The Financial Motivation for an Attack

    Cyber-attacks on hospitals occur on an almost weekly basis. One example is that of a ransomware attack on the Melbourne Heart Group which saw the hospital’s data scrambled by hackers and held to ransom. Other significant attacks seen include Singapore’s SingHealth which suffered a massive data breach that saw the Prime Minister’s health records stolen followed by 1.4 million patient records stolen from UnityPoint a few weeks later. In addition, May 2017 saw the massively disruptive WannaCry attack that caused 20,000 appointments in the UK’s NHS to be cancelled and over £150 million spent on remedying the attack. Interestingly, it was unpatched Windows systems that lead to such damage.

    However, it is primarily not mass disruption that motivates cybercriminals to target the healthcare industry. Due to the vast amounts of personal information that hospitals and other healthcare organisations store and transfer electronically, these institutions make for attractive targets to attack. This valuable data can be used to obtain expensive medical services and prescription medications, as well as to fraudulently acquire government health benefits. It is no wonder then that this information can fetch as high as US$60 per record on the Dark Web.

    Although there is numerous media mention describing the personal danger of cyber-attacks to patients, the financial damage is far more realistic and is what lies at the heart of cyber-attacks on the healthcare industry.

    According to the Ponemon’s Cost of Data Breach Study, at US$408 per health record, the healthcare sector demands the highest cost by far to remedy a data breach. This stands in contrast to the average of US$225 per record paid by other organisations. These costs include fees to investigate and repair the damage caused by an attack as well as paying fines or ransoms or any stolen funds themselves. Attacks can also result in a loss of patient records and information as well as cause long-lasting damage to the health institution’s reputation.

    The IoMT Security Problem

    The risk of a cyber-attack on healthcare organisations is huge. Such attacks could lead to the loss and illegitimate sharing of personal data, altering a patient’s medical information regarding medicine, dosages, and treatments, and hacking of MRI, ultrasound and x-ray machines in hospitals.

    The critical nature of healthcare environments also means that many stakeholders involved in the healthcare process often require immediate access to patients’ data across a large range of devices and applications. As a result, downtime to update or patch systems is not always an option. In addition, the large range of medical devices from diverse manufacturers is a potential nightmare to not only monitor them but also integrate a security policy that incorporates them all.

    From the hospital management’s perspective, downtime to update or patch systems not only affects the operational flow of the hospital itself but can also hit their financial bottom line. Having spent very large amounts on important healthcare equipment, it is vital that management sees a return on their investment by having that equipment up and running in order to be able to cover their costs through claims from patients’ medical insurance policies.

    From a regulatory point of view, the inherent vulnerabilities that come with operating healthcare devices, such as a lack of encryption of sensitive data as well as hard-coded or default login credentials, prevent IT professionals from even implementing security patches, should such patches even exist.

    Securing IoMT

    The above-mentioned security vulnerabilities highlight the importance healthcare organisations must place on their IT security posture. While there are still issues and vagueness when it comes to security protocol standardisation across IoMT devices, there is still much that healthcare organisations can do to protect their patients’ data.

    Healthcare organisations must remain alert to the multiple entry points that exist across their network. There can often be hundreds, if not thousands, of devices connected to the IT network, any one of which may contain security vulnerabilities in either the hardware or software used by such devices. Catching every one of these vulnerabilities is impossible, however, so it is essential healthcare organisations have an advanced prevention security solution in place to catch the inevitable attacks that will attempt to exploit these vulnerabilities.

    In addition, segmentation can never be overstated. Separating patient data from the rest of the IT network gives healthcare IT professionals a clearer view of network traffic to detect unusual movement that might indicate a breach or compromised IoMT device. Segmentation would also enable these organisations to prevent data stealing or encrypting malware from propagating further across the network and isolating the threat.

    Finally, segmentation should also apply to healthcare personnel within the organization with access to those systems provided only to those who require them to carry out their roles.

    Best Practices

    The benefits that connected medical devices offer cannot be ignored. They provide patients and healthcare providers with potentially life-saving information and enable an efficient way of handling this information.

    However, healthcare organisations must be aware of the inherent vulnerabilities of such devices that may escalate their chances of a data breach. Network segmentation is a best practice that allows IT professionals in the healthcare sector the confidence to embrace new digital medical solutions while providing another layer of security to network and data protection, without compromising performance or reliability.

    Once best practice cyber hygiene is implemented and enforced, IT security teams can rest assured their patients’ records, and in turn, their organisations’ finances and reputation, are safe.

    The post Field battle tactics for reducing security risks of medical IoT appeared first on FutureIoT.

    ]]>
    https://futureiot.tech/field-battle-tactics-for-reducing-security-risks-of-medical-iot/feed/ 3
    Are our smart buildings secure from hackers? https://futureiot.tech/are-our-smart-buildings-secure-from-hackers/ Tue, 09 Jul 2019 01:00:10 +0000 https://futureiot.tech/?p=4781 The right Building Automation System is optimized for the building to operate more efficiently and sustainably, while improving comfort and safety.

    The post Are our smart buildings secure from hackers? appeared first on FutureIoT.

    ]]>
    The number of smart buildings, with integrated building management technology at the core, is on the rise. The complex building automation system (BAS), which keeps occupants safe and comfortable, integrates various monitoring and control solutions such as heating, ventilation, and air-conditioning (HVAC), lighting, fire, security, networking onto a single platform. A smart building also uses data generated by IoT-enabled equipment, coupled with data gleaned from external sources, to allow for performance-enhancing, energy-saving decision making.

    However, what makes a building “smart” is also what makes it vulnerable to cyberattacks. With poor security controls, compounded by the lack of global security standards, the plethora of IoT devices could be easy targets for hackers. Similarly, poorly secured wi-fi servers could be exploited.

    Securing smart buildings thus takes a blended approach of risk-based planning, security architecture, technology, processes, and people skills. Such rigor, commonplace practice in IT systems, is not typical of BAS. Given the evolving threat landscape, it’s time that the strategy of protecting smart buildings keeps pace.

    Protecting the Building Automation Systems

    Prevention against intruder access is key to securing the smart built environment. The integrated BAS can be vulnerable to intrusions from within a corporate network. For instance, a hacker could gain access to the HVAC controls to compromise the stable environment within a laboratory thereby destroying years of research.

    Ransomware attacks BAS the same way as it does other embedded controls systems. The BAS could be crippled through attacks on its operating system of the server, or by making critical files such as configuration and database files inaccessible.

    It is good practice to deploy the BAS on a private network and to protect it from the Internet by a firewall. The servers should neither be used to check email, nor used to access websites that are not required for the running and management of the BAS. It’s also important to keep the systems updated with latest anti-virus software, revisions, and patches, as well as to conduct regular back-ups.

    All building data needs to be encrypted at rest and in transit using industry-leading protocols. The platform itself should be protected by a regulated access control system, and data masked to restrict access to sensitive information.

    Know Thy Devices

    A robust endpoint security strategy in smart buildings is essential. The sheer number and variety of endpoints — mobile phones, tablets, and printers, for instance — could be targeted for unauthorized access. Email phishing and malware are usually distributed through the Internet; hence any end device that accesses the web and receives email attachments carries a degree of security risk.

    Retaining control of systems and devices is equally crucial. It is important to identify and authenticate all devices and machines connected to the network. This would mitigate the risk of a hacker inserting a rogue, untrusted device into the network and taking control of any systems or machines. Strong cybersecurity solutions such as advance detection taps or strokes counts traps, recognise any forms of unknown actions, and in turn, lock down or isolate the network immediately to prevent any further damages.

    Cyber-physical Security

    A converged cyber-physical security application could bolster the overall security of smart buildings. This strategy relies on Artificial Intelligence (AI) to address real-time threats while keeping a check on false alarms. The analytics platform connects and combines data from internal and external sources with advanced risk algorithms to provide proactive threat protection.

    By decreasing alarm “noise,” the approach allows security teams to focus attention on the highest priority events. Through this process, information is put into context and ranked by risk severity — all this to provide a complete security picture, and to deploy the right security resources on the right security priorities.

    The Collaborative Factor

    Cybersecurity is everyone’s responsibility - from building occupants to facilities managers. Basic cybersecurity practice such as sound password management is essential. Additional two-factor authentication to access sensitive or confidential data (for example patient database) offers stronger protection. Regular audits on security measures helps stem complacency.

    The role of a facilities manager is more than about running a building. With the BAS technology now containing more IT-based hardware and software, facilities managers should collaborate with IT experts to address any cybersecurity concerns that threaten the smart built environment and, by extension, the building occupants.

    No two smart buildings are exactly alike. The right system integrator takes a holistic view of the building’s systems, then designs and installs technology to support the business objectives for the building, delivering better outcomes for the occupants. The right BAS is optimized for the building to operate more efficiently and sustainably while improving comfort and safety.

    It’s hard for one organization to go it alone in today’s rapid evolution of cyber threats. Industry initiatives such as the ISASecure are setting international cybersecurity standards and certification for the global ecosystem of intelligent buildings and smart city technologies.

    In summary, securing smart buildings and building systems is a shared responsibility requiring focus and commitment from multiple parties. Businesses and organizations would benefit from a streamlined, multi-pronged approach that protects data, devices and manage security incidents, as well as to continually improve risk management for better overall operational efficiency.

    The post Are our smart buildings secure from hackers? appeared first on FutureIoT.

    ]]>
    Wuthering Heights in telecom crime against IoT https://futureiot.tech/wuthering-heights-in-telecom-crime-against-iot/ Mon, 01 Jul 2019 04:00:47 +0000 https://futureiot.tech/?p=4691 The annual cost of telecommunications subscription fraud is estimated at more than US$12 billion. Some think the situation is much worse – pegging the financial damages to be between 3% to 10% of an operator’s annual profits.

    The post Wuthering Heights in telecom crime against IoT appeared first on FutureIoT.

    ]]>
    Did you know that the annual cost of telecommunications subscription fraud was estimated to be more than US$12 billion? In fact, some think the situation is much worse – pegging the financial damages to be between 3% to 10% of an operator’s annual profits.

    Such fraud is conducted when – simply put - cybercriminals gain access to the SIM cards of legitimate subscribers, or other billing portions of a telecom network, effectively taking over control of charges incurred by voice or data usage, subsequent payment channel, and the data being transmitted via the SIM card, such as one-time password to online banking accounts. Needless to say there are many ways fraudsters can cash in on the pilfered SIM cards.

    If US$12 billion doesn’t sound bad enough, we are expecting it to get much worse - when IoT projects start to become commonplace globally.

    Compromising IoT devices via SIM cards

    A common and well-known link that communication devices and internet devices have is the use of a SIM card. For IoT devices to have a unique presence and connection to the internet, they should have a SIM in the same way a phone does.

    SIM cards can serve like credit or debit cards in that they are used to initiate billing or connections that have corresponding fees. That’s why SIM cards, unfortunately, can be subject to many of the same frauds and risks credit cards are.

    SIMs of all types – eSIMs, USIMs, multi-eSIMs and the like – can be remotely updated with arbitrary information for the purpose of “efficient content delivery’, a standards-based means of changing large numbers of SIM cards all at once, remotely. This can also constitute an attack if used maliciously.

    In the case of smart city devices like traffic lights and smart garbage bins, cybercriminals have various ways to abuse SIM cards. They could choose to extract the SIM cards embedded in the IoT devices to launder money or conduct other illicit activities. In some cases, even when the SIM cards might be difficult to extract, vulnerabilities still lie in how the devices have the capability to change carriers remotely. Moving from one carrier to another creates risks as some carriers could be cooperating with or created by criminals.

    Similar to a smart city, a smart factory is a collection of centrally managed robots that compose part of an IT network. While many factories consider themselves isolated from the internet, the means by which they meet disaster recovery requirements includes having a cellular data connection for performing backups to an offsite location. While the robots may not necessarily have SIM cards or phone numbers like typical phones and IoT devices, their cellular device will have an internet connection that will allow backups or factory control. What this means is the factory can then be used for outbound fraud, and cyber-telecom vulnerabilities can be used to attack the factory.

    Even smart and autonomous vehicles can be subject to the same attacks as mobile phones. Telephony denial of service (TDoS), for example, could cause a smart car to become lost due to a broken internet connection.

    What are our options?

    Keeping in mind the connection between IoT and telecom should help in creating defences against threats that shift from one to the other. For IoT devices, simple measures like changing the default settings and credentials of the device can already prevent some of the telecom attacks from happening.

    Geopolitically, most telecom crimes tend to be addressed by the telecom companies themselves. The costs are absorbed as the cost of doing business – creating an isolation almost. Without thorough cross-border intelligence sharing with law enforcement, the source, investigative method, and evidence cannot be connected in a way that results in a meaningful number of arrests or a decrease in the acceleration of international cyber-telecom fraud.

    It is important to acknowledge that there is only so much a single organisation or industry can do against an interconnected web of threats. When multi-billion-dollar classes of fraud proliferate among criminal groups and become scalable on the back of sprawling IoT projects, the need to work together for the benefit of all has never been greater.

    The post Wuthering Heights in telecom crime against IoT appeared first on FutureIoT.

    ]]>
    NIST report on IoT security raises awareness on risks of connected devices https://futureiot.tech/nist-report-on-iot-security-raises-awareness-on-risks-of-connected-devices/ Mon, 01 Jul 2019 01:01:18 +0000 https://futureiot.tech/?p=4698 The NIST report highlighted three factors that may affect the management of cybersecurity and privacy risks for IoT devices as compared to conventional IT devices.

    The post NIST report on IoT security raises awareness on risks of connected devices appeared first on FutureIoT.

    ]]>
    The National Institute of Standards and Technology (NIST), a US physical sciences laboratory that promotes innovation and industrial competitiveness, has released a report to help organizations understand and manage cybersecurity and privacy risks associated with the internet of things (IoT).

    Mike Fagan, a NIST computer scientist and one of the authors of the report, said the paper is mainly for organizations thinking about security on the level of the NIST Cybersecurity Framework.

    “It’s targeted at the mode of thinking that an organization would have — more resources, more people, more ability, but also more risk of attack because of all those things. It’s bad when a single house is attacked, but if a million bank account passwords are stolen, that has a much larger impact,” Fagan wrote in a company announcement.

    The 34-page report, “Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks (NISTR 8228),” is a companion document to the Cybersecurity Framework and SP 800-53 Rev. 5, two NIST resources that offer guidance for mitigating risk to information systems, according to Fagan.

    “IoT is still an emerging field,” Fagan said. “Some challenges may vanish as the technology becomes more powerful. For now, our goal is awareness,” he said.

    The report highlighted three factors that may affect the management of cybersecurity and privacy risks for IoT devices as compared to conventional IT devices as well as three high-level risk mitigation goals that organizations should have in mind.

    “The availability, efficiency, and effectiveness of cybersecurity and privacy capabilities are often different for IoT devices than conventional IT devices. This means organizations may have to select, implement, and manage additional controls, as well as determine how to respond to risk when sufficient controls for mitigating risk are not available,” the report noted.

    On mitigation goals, the report emphasized that the most important consideration for  IoT administrators is to protect the device and data and individuals’ privacy. 

    “Organizations should ensure they are addressing the cybersecurity and privacy risk considerations and challenges throughout the IoT device lifecycle for the appropriate risk mitigation goals and areas,” the report noted.

    While the report provides insights on the management of risks associated with IoT, NIST is a non-regulatory body and can only provide guidelines.

    However, the report itself is the first in a planned series of documents NIST is developing, according to Fagan.

    NIST said it plans to release a core baseline document that aims to identify fundamental cybersecurity capabilities that IoT devices can include. 

    “We’d like to help all IoT users be aware of the risks to their security and privacy and help them approach those risks with open eyes,” Fagan said.

    Governance, regulations, and standards pertaining to IoT are gaining ground in many parts of the world. Many alliances and industry bodies have released similar guidelines for IoT users, including the FIDO Alliance, NFC Forum, and the Wi-SUN Alliance

    Even the International Organization for Standardization (ISO) has released a reference framework for IoT. The new standard, called the ISO/IEC 30141, provides an internationally standardized IoT Reference Architecture for connected systems.

    Early this year, the European Telecommunications Standards Institute (ETSI) has released the TS 103645, which it said is a globally applicable standard for cybersecurity in IoT. The new specification seeks to establish a security baseline for internet-connected consumer products.

    The post NIST report on IoT security raises awareness on risks of connected devices appeared first on FutureIoT.

    ]]>
    FIDO Alliance moves to secure IoT devices https://futureiot.tech/fido-alliance-moves-to-secure-iot-devices/ Fri, 28 Jun 2019 02:07:07 +0000 https://futureiot.tech/?p=4678 The FIDO Alliance has announced two new initiatives to expand standards and certifications to the Internet of Things.

    The post FIDO Alliance moves to secure IoT devices appeared first on FutureIoT.

    ]]>
    The FIDO Alliance has announced two new initiatives to expand standards and certifications to the Internet of Things. The ultimate goal: remove password use from IoT. 

    In support of this objective, FIDO said it has formed two new working groups — the Identity Verification and Binding Working Group (IDWG) and the IoT Technical Working Group (IoT TWG).

    The IDWG will define criteria for remote identity verification and develop a certification program and led by co-chairs Rob Carter, Mastercard, and Parker Crockford, Onfido Ltd. Other participating organizations include Aetna, Google, Idemia, Lenovo, Microsoft, Nok Nok Labs, NTT DOCOMO, OneSpan, Phoenix Technologies Ltd., Visa Inc., Yahoo! JAPAN, Yubico and the UK Cabinet Office.

    Meanwhile, the  IoT TWG team will be working to provide a comprehensive authentication framework for IoT devices and will develop use cases, target architectures and specifications covering IoT device attestation/authentication profiles, automated onboarding and binding of applications, and IoT device authentication and provisioning via smart routers and IoT hubs.

    FIDO said this team is led by co-chairs Marc Canel, ARM Holdings, and Giridhar Mandyam, Qualcomm Inc. Other participating organizations include Google, Idemia, Infineon Technologies, Intel Corporation, Lenovo, Microsoft, Nok Nok Labs, OneSpan, Phoenix Technologies Ltd., Yahoo! JAPAN and Yubico.

    Andrew Shikiar, executive director and chief marketing officer of the FIDO Alliance, explained that as they  look at the threat vectors in the marketplace, they noticed a gap between the high assurance currently provided by FIDO Authentication and other methods of identity verification and authentication for IoT.

    “This gap can be most effectively addressed through industry collaboration and standardization rather than siloed, proprietary approaches,” he said.

    Citing data from Gartner, FIDO said 20.4 billion connected things will be in use by 2020, opening up opportunities for increased efficiencies and innovation across industries. 

    “Yet, lack of IoT security standards and typical processes such as shipping with default password credentials and manual onboarding leave devices, and the networks they operate on, open to large-scale attack,” it said.

    Formed in July 2012 to address the lack of interoperability among authentication technologies, the FIDO Alliance counts  as members global tech leaders across enterprise, payments, telecom, government and healthcare sectors.

    It has published three other specifications for authentication — FIDO Universal Second Factor (FIDO U2F), FIDO Universal Authentication Framework (FIDO UAF) and FIDO2, which includes the W3C’s Web Authentication (WebAuthn) specification and FIDO Client to Authenticator Protocol (CTAP). 

     

    The post FIDO Alliance moves to secure IoT devices appeared first on FutureIoT.

    ]]>
    Optimisation imperatives to fuel AI-powered homes and buildings https://futureiot.tech/optimisation-imperatives-to-fuel-ai-powered-homes-and-buildings/ Fri, 28 Jun 2019 00:43:04 +0000 https://futureiot.tech/?p=4668 Vertically-integrated building automation solutions, edge intelligence in commercial building automation applications, and energy disaggregation in commercial buildings will be distinct features in building management in 2019

    The post Optimisation imperatives to fuel AI-powered homes and buildings appeared first on FutureIoT.

    ]]>
    Home & building technology companies are increasingly embedding artificial intelligence (AI) and machine learning algorithms into products to facilitate self-learning behaviour and stay ahead of the competition.

    These technologies are expected to enable building optimization capabilities, which are key differentiators. Additional features that support sustainability and customer-centric solutions will help entrants compete against incumbents and overall, creating a$1.3 trillion industry in 2019.

    "Vertically-integrated building automation solutions, edge intelligence in commercial building automation applications, and energy disaggregation in commercial buildings will be distinct features in building management in 2019," said Anirudh Bhaskaran, senior industry analyst for Industrial at Frost & Sullivan.

    He added that leading building automation participants will be looking to integrate cognitive abilities in buildings by way of partnerships with technology companies. Analysing huge volumes of data is critical for cognitive buildings.

    "Numerous smart home devices will be integrated with voice command control in 2019. Smart home security providers will lay emphasis on the comfort of homeowners in addition to improving home security by offering multi-functional products," noted Bhaskaran. "To make homes truly connected and energy efficient, homes and buildings companies need to establish partnerships with utilities, energy consultants, and retailers. Meanwhile, Software-as-a-Solution (SaaS) developers need to develop a vendor-agnostic software platform to make solutions compatible with third-party hardware."

    Energy efficiency and low carbon technologies are key topics in Europe, while the US will see high growth in IoT-based markets. In Asia, there will be a surge in voice command control. To tap these growth opportunities and others, participants across tiers are implementing a range of strategies including:

    • Providing smart thermostats, smart speakers, wearable devices, smart locks, indoor cameras, and connected LED bulbs. A large number of smart home devices were integrated with Amazon, Google, and Apple smart speakers in 2018.
    • Incorporating machine learning algorithms to provide personalized services to building occupants.
    • Ensuring interoperability by having hardware manufacturers come together to develop products that are compatible with both wired and wireless protocols.
    • Building a centralized data repository in the cloud for customers to access energy consumption data for independent data analytical applications.
    • Leveraging the data generated in buildings to provide maximum insights with nearly zero human intervention.
    • Developing multi-controller products that control multiple building services, mainly HVAC and lighting controls, to reduce the capital expenditure for building managers.
    • Adopting flexible business models that cover both hardware and software.

    The post Optimisation imperatives to fuel AI-powered homes and buildings appeared first on FutureIoT.

    ]]>
    India’s Subex sets up IoT security lab in US https://futureiot.tech/indias-subex-sets-up-iot-security-lab-in-us/ Fri, 28 Jun 2019 00:40:46 +0000 https://futureiot.tech/?p=4667 Bangalore-based critical infrastructure security solutions provider Subex has established an internet of things (IoT) security lab in the United States.

    The post India’s Subex sets up IoT security lab in US appeared first on FutureIoT.

    ]]>
    Bangalore-based telecoms analytics solutions provider Subex has established an internet of things (IoT) security lab in the United States.

    The company announced in a news release on its website that the new lab in Florence, Arizona is an extension of its ongoing work in securing the town’s critical public infrastructure.

    “The lab will serve to raise awareness on cybersecurity issues for citizens of Florence, lawmakers, businesses, and other stakeholders. The lab is comprised of physical and virtual devices, connected networks and systems, and subsystems that raise awareness of various aspects of cybersecurity,” Subex said.

    The town of Florence has partnered with Subex in securing its critical public infrastructure in August 2018. 

    Florence is located 61 miles southeast of Phoenix, in Pinal County, Arizona. According to its website, it is one of the oldest towns in the state, with a population of approximately  approximately 27,500. 

    Under the partnership agreement, Subex will provide end-to-end cybersecurity to detect, repel and remediate advanced threats to Florence’s most basic and vital technological systems. It will also continue to be the cybersecurity partner of Florence when it launches its smart cities project.

    “This is an agreement by which the Town of Florence is a partner with Subex in developing cutting-edge technology that can be marketed to other private, non-profit, and government customers,” said Brent Billingsley, the Town Manager of Florence, Arizona, at the time of the announcement of the deal.

    Vinod Kumar, CEO, Subex, said in the same media statement that the partnership will improve awareness among cities on the urgent need to improve cybersecurity and vigilance measures.  

    In launching the IoT Security Lab, Billingsley was quoted as saying that the lab will also provide students “with an understanding of how smart sensors can improve and enhance their lives.”

    Meanwhile, Kumar said that it will be useful in raising awareness on cybersecurity across Arizona. 

    “In a world where the security environment continues to be threatened by the emergence of new threats in various forms, it is essential for all stakeholders to maintain the highest levels of situational and operational awareness,” he said.

    Founded in 1992, Subex provides software for revenue assurance, fraud management, IoT security, partner management, telecom analytics and network analytics. For the fiscal year 2019, which ended March 31, 2019, it reported a revenue of INR 3,481 million.

    Among the highlights of the year include the cybersecurity partnership with Florence as well as its partnership with Telefonica on a new cybersecurity venture.

    The post India’s Subex sets up IoT security lab in US appeared first on FutureIoT.

    ]]>
    Transforming Manufacturing: The Singapore Experience https://futureiot.tech/transforming-manufacturing-the-singapore-experience/ Thu, 27 Jun 2019 01:09:55 +0000 https://futureiot.tech/?p=4637 At the Cxociety C-Suite roundtable discussion on Mastering Agile in the Digital Manufacturing Era, delegates agreed that digital-led business transformation will continue to evolve in response to changing economic, environmental, and socio-political conditions.

    The post Transforming Manufacturing: The Singapore Experience appeared first on FutureIoT.

    ]]>
    Supply chain, logistics and the entire manufacturing process are facing disruption. It is rooted in globalization, consumerization and the difficulty in forecasting supply-demand trends in today's dynamic market landscape.

    In response, many manufacturers are choosing digital transformation. However, as their peers in other industries are finding out, the journey is fraught with challenges and pitfalls.

    According to a recent IDC survey, some of the key concerns in the manufacturing industry have been around increased competition, rising internal costs and increased cybersecurity threats. To mitigate these challenges, organizations have been looking at integrating technologies, such as internet of things (IoT), cloud, and blockchains, that can increase visibility, credibility, and transparency across the value chain, in essence, launching digital transformation drives across the complete value chain.

    In the Cxociety C-Suite roundtable discussion titled Mastering Digital Disruption: The Supply Chain Opportunity, sponsored by Epicor, we asked leading manufacturers and supply chain players in Singapore their experience, insights and challenges in mastering disruption.

    B2C vs. B2B

    It is called the Amazon effect. It is a catch-all phrase for digital platform players disrupting logistics, it highlights the impact of digital platforms in shaping business-to-consumer (B2C) processes and meeting the needs created by consumerization. It aims to give manufacturers direct access to consumers, simplify their supply chains for cost efficiency and agility, help them to reach new markets faster and lower industry barriers for competition.

    Digital transformation of the business-to-business (B2B) market, in comparison, remains slow. “There is one big difference between B2C and B2B. In B2C, you are selling to the consumer; in B2B, your end customer is a function in another company,” said Vincent Tang, Vice President, Sales, Asia, Epicor.

    For example, Supreme Components International is transforming for better logistics. “Our transformation is driven by the logistics of electronics components. Digital transformation gives us a massive opportunity to drive better user experience and B2B conversation,” said Piyush Aggarwala, the company’s Director.

    One delegate to the roundtable noted that better management of spare part inventories is a huge motivator for their organisation, allowing employees to track and retrieve information about the spare parts” from the cloud, allowing the company to plan better for future needs.

    Automation is another reason many manufacturers are embracing digital transformation. Amy Chung, Chief Executive Officer, Container Printers noted that as manufacturers move automation and real-time processes, “digitalization will become a huge driver.”

    “To me, whatever that helps the company to grow its revenues and profits should always take priority,” said Sian Chin Phua, Chief Financial Officer, TEHO International Inc, who added speed and agility are now becoming vital differentiators in the manufacturing industry.

    Brandon Lee, Chair, Smart Automation Industry Group, Singapore Manufacturing Federation sees three phases of digital transformation in the manufacturing industry. "Phase one begins with digitization, which allows you to monitor the manufacturing better. The next phase is to explore how to do things right, so you have to leverage data intelligence for business efficiency...then the last phase is to move from a human-based approach to a systematic one."

    Transformation Struggles

    Having the needs clear, the tools available, the framework developed and funding support available does not mean digital transformation is any less painful.

    Singapore Manufacturing Federation’s Lee noted, “We can come up with a feasible plan to transform the industry, but implementing it is never going to be easy.”

    One challenge is identifying the benefits. While digital transformation offers general benefits for all industries, there are not many use cases for Singapore-based manufacturers.

    It is one of the reasons why many balk at adopting new software and solutions, said TEHO International’s Phua. Without a clear idea of the benefits, it then becomes difficult to gauge the value in investing in the solution.

    “The moment you mention the cost, everyone sits back. Companies lose out not because they have a bad solution but because their initial investment was too high. Businessmen can’t see past the initial investment,” he said.

    However, Phua admitted that part of the problem is also complacency. “[Manufacturers in Singapore] are so comfortable. But every industry is like that until something disrupts them and then the industry wakes up,” he added, pointing to how Uber and Grab impacted the taxi industry.

    Market size is another challenge, said Kim Poh Ng, Director, Sunjet Aluminium International, which is creating a common data platform to link up its manufacturing plants and outsource some of their processes to third-party players.

    “Singapore is too small to focus all your manufacturing resources. So, for a [Singapore] manufacturing company to survive, it needs to have enough of a market. Besides, a lot of [multinational corporations] move to where the market is,” Ng added.

    Irene Hwa, Marketing Director, Asia Pacific, Epicor Software noted that the challenges are similar to other industries. "The ultimate objectives of digital transformation remains the same across all industries. So, everyone wants to have real-time access to what is happening in their business because that allows them to be more efficient and drive real-time decision making, which also allows you to make quick adjustments to individual customers' [needs] at any one time."

    Hwa sees new advances in the internet of things (IoT) analytics and sensors helping manufacturers to drive digital transformation. But she also warned that digital transformation is a journey and software is only a tool. "It is no replacement for good strategy."

    Singapore Manufacturing Federation’s Lee observed that any digital transformation effort needs should also create an ecosystem and deep skills within the industry. “Why do [Singapore manufacturers struggle when multinational corporations leave Singapore every few years? It is because we do not have the ecosystem and deep skills. In short, we do not have a unique competitive advantage.”

    Lee noted that the Singapore government agency is already looking to address these issues through the Local Enterprise and Association Development (LEAD) program.

    "LEAD is trying to use collaboration to upgrade the industry capabilities and promote deep skills," he added.

    Beyond IT

    Participants agreed that a successful digital transformation journey is not just a sum of the digital solutions and processes. It also requires a strong implementation partner.

    “The biggest pain point is execution. The product can be fantastic, but if the [vendor] team is not as smart or do not tell you what to do, it takes away time that I could have used for other tasks,” said Supreme Components International’s Aggarwala.

    This raises the importance of references for most organisations. The challenge, however, is that there are not many industry references in Singapore.

    TEHO International Inc.'s Phua and Sunjet Aluminium International's Ng observed that industry experience should not be limited to the software knowledge but should also include the vendor's understanding of the industry and its best practices. While such an investigation could take time, "it is necessary," said Phua.

    Epicor’s Tang saw the relationships between customers and vendors as a two-way street. His company often vets potential customers for product fit.

    “A lot of people buy the brand, but do not realize whether the product matches their needs. Then you end up using [the product] less or customizing a lot. This is why we first find out whether our product can meet the customers’ needs,” he said.

    Tang also noted that top management commitment is vital. "When there are problems among departments, you need someone at the top to make a decision. It is something ERP vendors cannot do."

    In the IDC FutureScape: Worldwide Manufacturing 2019 Predictions, Reid Paquin, research director, IT Priorities and Strategies, IDC Manufacturing Insights, noted that the manufacturing industry continues to evolve. Digital transformation is a discussion that has touched every part of the value chain.

    "No matter if you work in design, the supply chain, operations, or service, the adoption of digital capabilities to create business value has become critical to success. Our predictions create a framework for IT and line-of-business executives to plan and execute technology-related initiatives in the years ahead," he concluded.

    At the conclusion of the Cxociety C-Suite roundtable discussion on Mastering Digital Disruption: The Supply Chain Opportunity, delegates agreed that digital-led business transformation will continue to evolve in response to changing economic, environmental, and socio-political conditions. These businesses will also need to keep a pulse on changing customer-consumer preferences if they want to remain relevant in a constantly evolving marketplace.

    The post Transforming Manufacturing: The Singapore Experience appeared first on FutureIoT.

    ]]>
    Report confirms shift of botnet attack focus to Linux, IoT https://futureiot.tech/report-confirms-shift-of-botnet-attack-focus-to-linux-iot/ Fri, 21 Jun 2019 06:12:49 +0000 https://futureiot.tech/?p=4587 In 2018, botnets were shifted from Windows platforms towards Linux and internet of things (IoT) platforms, leading to the fast decline of older Windows-based families and the thriving of new IoT-based ones.

    The post Report confirms shift of botnet attack focus to Linux, IoT appeared first on FutureIoT.

    ]]>
    In 2018, botnets were shifted from Windows platforms towards Linux and internet of things (IoT) platforms, leading to the fast decline of older Windows-based families and the thriving of new IoT-based ones.

    These are among the findings of 2018 Botnet Trend report released by network security provider NSFOCUS.

    “As for platforms hosting Command and Control (C&C) servers, families using IoT platforms, though smaller in quantity, were more active, attracting 87 percent of attackers,” the report noted.

    “In 2018, a total of 35 active families were found to issue more than 100 botnet instructions, accounting for 24 percent of all known families. Several families with the highest level of instruction activity accounted for most of the malicious activities throughout 2018,” it added.

    Richard Zhao, COO at NSFOCUS, sees the need for security service providers to adapt their strategies to better mitigate the increasing threats posed by the new generation of botnets.

    “As defenders, we not only need to enhance our capabilities of countering ransomware and crypto miners but also need to improve the protections for IoT devices,” he said. “While the total number of IoT devices globally surges rapidly and IoT product lines are increasingly diversified, IoT devices still have poor security. Insecure firmware and communication protocols lead to numerous vulnerabilities in IoT platforms.”

    In 2018, the Botnet Trend report developed by NSFOCUS Fuying Laboratory, detected 111,472 attack instructions from botnet families that were received by a total of 451,187 attack targets, an increase of 66.4% from last year.

    It said the United States (47.2%) and China (39.78%) were the two worst-hit countries when it came to botnet attacks.

    “Botnets in 2018 continued to use distributed denial-of-service (DDoS) as their primary weapon to attack high-speed networks,” the report added. “Statistical analysis shows that gambling and porn websites were the most targeted, suffering 29,161 (an average of 79 per day) DDoS attacks throughout the year.”

    The post Report confirms shift of botnet attack focus to Linux, IoT appeared first on FutureIoT.

    ]]>
    Accenture acquires security firm specializing in securing connected devices https://futureiot.tech/accenture-acquires-security-firm-specializing-in-securing-connected-devices/ Thu, 20 Jun 2019 01:07:45 +0000 https://futureiot.tech/?p=4575 Acquiring Deja vu Security is part of Accenture’s plan to boost its Security’s Cyber Defense offerings.

    The post Accenture acquires security firm specializing in securing connected devices appeared first on FutureIoT.

    ]]>
    Multinational professional services firm Accenture has announced the acquisition of a Seattle-based security firm specializing in the design and testing of enterprise software platforms and internet of things (IoT) technologies.

    A media release on its website disclosed that acquiring Deja vu Security is part of Accenture’s plan to boost its Security’s Cyber Defense offerings.

    The financial terms of the agreement were not disclosed.

    Founded in 2011, Deja vu Security provides a full range of security services designed to strengthen business applications and is expected to bring to Accenture “a deep expertise in the techniques, tools and methods for securing connected devices and IoT networks.”

    Kelly Bissell, senior managing director of Accenture Security, said Deja vu Security’s team of innovative specialists brings considerable technical cybersecurity skills to the company.

    “For technology companies, third-party suppliers and consumers alike, IoT security controls often remain an afterthought — which is why it’s critical that security is built in from the start for any new products, processes or services,” he said.

    Recent Accenture research found that companies globally could incur $$5.2 trillion in additional costs and lost revenue over the next five years due to cyberattacks, as dependence on complex internet-enabled business models outpaces the ability to introduce adequate safeguards that protect critical assets.

    The post Accenture acquires security firm specializing in securing connected devices appeared first on FutureIoT.

    ]]>
    Smart homes under attack: security cameras, smart hubs most vulnerable — research https://futureiot.tech/smart-homes-under-attack-security-cameras-smart-hubs-most-vulnerable-research/ Thu, 13 Jun 2019 01:31:45 +0000 https://futureiot.tech/?p=4386 The average home receives five attempted attacks per device per day via smart networks, and smart home security cameras equate to 47% of the most vulnerable devices.

    The post Smart homes under attack: security cameras, smart hubs most vulnerable — research appeared first on FutureIoT.

    ]]>
    The average home receives five attempted attacks per device per day via smart networks, and smart home security cameras equate to 47% of the most vulnerable devices, followed by smart hubs (15%) such as Google Home, Amazon Alexa.

    These are among the findings of research conducted by SAM Seamless Networks’ Threat Assessment Lab.

    Other devices found to be vulnerable to attacks are NAS (12%), printers (6%), smart TVs (5%), and IP Phones (4.3%).

    According to the report, 40% of attacks aim to take complete control of the device while 30%  aim to reveal sensitive information or allow bypassing authentication.

    Ransomware is the most common type of attack in the United States, Japan, and India while email malware and phishing are the most common attacks in Europe.

    Globally, the most common attacks are phishing (50%), IoT crypto mining (30%), ransomware (10%), and financial trojan (10%).

    The report also revealed that China and the United States are the top countries both for executing attacks and being targeted, followed by Brazil, Russia, and India.

    But the most targeted countries are the United States (13%), China (11%), Japan (11%), India (10%), and Italy (5%).

    “The target of attacks is no longer just enterprises,” said Sivan Rauscher, CEO and Co-Founder of SAM. “High profile hacks on home networks have positioned these at the forefront of cybercrime.”

    “The upcoming regulation and government policies on IoT and connected devices bring further attention to the problem, but they are not enough,” she said.

    Ruscher said there is an in-depth and continual investigation to understand where the vulnerabilities are coming from.

    Dave DeWalt, Chairman of SAM Seamless Networks and CEO of NightDragon, affirmed that home networks are highly vulnerable with multiple access points.

    “As enterprise security technology becomes more sophisticated, attackers are now targeting lower hanging fruit which is easier to access,” he said.

    According to the report, routers are leveraged to access and “own” the home network while NAS (backup drives) are utilized as an access point as many use old software and seldom is firmware updated.

    Meanwhile, “cameras are utilized as access points as many are based on the same generic model, with the same exploits which enable an attacker to access millions of devices.”

    “Seventy percent of attacks are in plaintext protocols (HTTP, Telnet, RTSP, UPNP, SIP) while 16.5% of attacks are in SSL,” the report added.

    Headquartered in Tel Aviv, Israeli SAM Seamless Networks is a cybersecurity technology platform that protects the connected home.

    Founded in 2016 by former cyber specialists in the Israeli Army, including CEO Sivan Rauscher, CTO Eilon Lotem, and Vice Chairman Shmuel Chafets, the company has since raised a total of $16 million over two rounds in 2018.

    The post Smart homes under attack: security cameras, smart hubs most vulnerable — research appeared first on FutureIoT.

    ]]>
    Live NB-IoT projects in Shenzhen https://futureiot.tech/live-nb-iot-projects-in-shenzhen/ Wed, 12 Jun 2019 04:19:03 +0000 https://futureiot.tech/?post_type=case-study&p=4374 China Telecom and Huawei have partnered with Shenzhen Water and Shenzhen Gas to demonstrate the benefits that NB-IoT connected smart meters would bring to both utility companies.

    The post Live NB-IoT projects in Shenzhen appeared first on FutureIoT.

    ]]>
    China Telecom and Huawei have partnered with Shenzhen Water and Shenzhen Gas to demonstrate the benefits that NB-IoT connected smart meters would bring to both utility companies. The NB-IoT deployments have proven to be a success, with all meters deployed being able to connect in a secure manner, and offering a much improved service over previous iterations of the respective metering services.

    The deployments have demonstrated that NB-IoT can collect the required data and control of the required parameters across both gas and water meters, demonstrating the NB-IoT is flexible, scalable and fit for a variety of different use cases, whilst allowing each industry to develop their service as they see fit.

    The trials have proven that mobile operators are good partners for gas or water suppliers looking to deploy smart meters, and the IoT platforms and services that they are able to offer are a strong fit for industry needs. NB-IoT is a good choice for Chinese utilities, and able to meet their specific objectives through scalability, security and functionality.

    Click here to download the case study

    The post Live NB-IoT projects in Shenzhen appeared first on FutureIoT.

    ]]>
    Discrete manufacturing to drive US$12.4B IIoT platforms market https://futureiot.tech/discrete-manufacturing-to-drive-us12-4b-iiot-platforms-market/ Wed, 12 Jun 2019 03:05:56 +0000 https://futureiot.tech/?p=4357 Discrete manufacturing identified as the #1 area for Industrial IoT Platforms for Manufacturing in terms of market spending by 2024

    The post Discrete manufacturing to drive US$12.4B IIoT platforms market appeared first on FutureIoT.

    ]]>
    Market researcher IoT Analytics says the Industrial IoT Platforms market is accelerating in 2019 as more and more industrial manufacturers prioritize their transformation into IoT data-driven companies. Spending on Industrial IoT Platforms-related software and services for connected manufacturing solutions is forecast to grow at a rate of 40% per year until 2024.

    IoT Analytics says IoT platforms are increasingly being used for optimizing discrete manufacturing products and environments.

    Discrete manufacturers (e.g., in automotive, industrial machinery) are faced with unprecedented pressures (e.g., mass customization, decreasing product lifecycle span) to transform what they design, build, sell and service while remaining competitive in today’s increasingly connected world.

    As part of this digital transformation, discrete manufacturers are investing in new technologies that leverage the capabilities of IoT, cloud, and big data analytics to enhance their ability to innovate and maximize return on their assets.

    Industrial IoT Platforms are being implemented as the central backbone of these discrete manufacturing environments enabling remote command, continuous sensing capabilities from equipment on the factory floor, giving access to new streams of data, and supporting new capabilities such as predictive maintenance.

    The aim is to drive greater efficiencies and productivity throughout operations in the plant, deliver higher-quality outputs and increase profitability. For example, Jabil (a manufacturing solutions provider for a range of industries such as automotive, energy and aerospace) is using Microsoft Azure’s IoT Suite to integrate predictive analytics in real-time manufacturing environments to help create the ‘Factory of the Future’ by increasing the throughput of products while simultaneously decreasing the chance of waste and the need for human touch.

    Commenting on the report findings, IoT Analytics Managing Director Knud Lasse Lueth noted that over the last 2-3 years many manufacturers have woken up and realized that IoT and digital will be impacting their business tremendously.

    These companies are at an important inflection point, performing lots of industrial IoT Proof-of-Concept projects, getting an understanding of what works for them and what doesn’t. As part of these PoCs, IoT Platforms have increasingly become a central part of the overall technology solution.

    “Using IoT Platforms as the unifying backbone, selected OEMs have started to monetize software alongside the actual physical product that they have been selling for years. Some OEMs even started their journey to sell equipment-as-a-service (EaaS) with the help of an IoT Platform. I expect this to become a major trend in the coming years but it will still take a while until EaaS is a dominant theme in the industry,” he concluded.

    The post Discrete manufacturing to drive US$12.4B IIoT platforms market appeared first on FutureIoT.

    ]]>
    Bad news: IIoT accelerates evolving cyber threat horizon https://futureiot.tech/bad-news-iiot-accelerates-evolving-cyber-threat-horizon/ Thu, 06 Jun 2019 01:27:36 +0000 https://futureiot.tech/?p=4258 Radical rethink needed to address fast evolving threat horizon warns ABI Research

    The post Bad news: IIoT accelerates evolving cyber threat horizon appeared first on FutureIoT.

    ]]>
    Developments within the Industry 4.0 and the Industrial Internet of Things (IIoT) ecosystem have significantly enhancing the digital and connectivity capabilities of Industrial Control Systems (ICS) across multiple verticals including manufacturing, oil and gas, critical infrastructure, and nuclear power.

    This has opened the floodgates to serious cybersecurity risks, threatening to cause billions of dollars in damage to industrial operations worldwide. ABI Research noted that despite the imminent danger, cybersecurity investment within the ICS market is severely lagging, expected to barely cross the US$2 billion mark by 2025.

    “Over the past years, this shift has allowed internet-borne cyberthreats to find their way into traditionally sheltered industrial networks, wreaking havoc to severely underprepared systems. The cybersecurity threats faced in ICS are unlike any other,” warned Dimitrios Pavlakis, Industry Analyst for ABI Research. “ICS are powering the world’s leading and most critical industries.  A well-placed cyberattack can cause human casualties, billions in infrastructure damage, and even bring certain operations of a country’s critical infrastructure to a grinding halt.”

    Social engineering, combined with cyberattacks like LockerGoga, WannaCry, notPetya, Triton, Sauron, CrashOverRide, DragonFly, and many of their mutations, have proved that digitized industrial systems are not only quite vulnerable but also a very attractive target for cyber-attackers.

    ABI Research blames the problem on the juxtaposition of IT and OT.  IT security integration is expected to absorb almost 80% of the ICS security in 2019, which is primarily lead by successful Security Information and Event Management (SIEM) implementations. That is expected to drop below 70% by 2025 when other investment sources like OT asset management, threat intelligence, encryption, and ID management will increase considerably.

    Additionally, while threat intelligence, encryption, and ID Management in ICS will start slowly, they are expected to grow almost threefold in investment within the next five years.

    “Industrial cybersecurity strategies need a radical rethink and should be built from the OT ground up to address the evolving threat landscape. Customizing IT security and placing into an OT environment is not the answer but is one example of a strategy that is indicative of the inherent confusion regarding the ICS cybersecurity landscape,” said Pavlakis.

    Steering away from traditional “air-gapped” models (having no external connections) and embracing the underlying premise of Industry 4.0 for ICS is not an easy task. The same security procedures, protocols, network/user/device protection, and ID management that make sense in corporate IT environments cannot be applied to industrial ones. Doing so will not only serve to exacerbate the underlying “IT versus OT” issue but also will gravely hinder security operations and integrations of security products with ICS equipment across the board.

    “Increasing security infrastructure investment without hindering industrial operational objectives, managing the IT-OT convergence in a streamlined approach, developing new KPIs for cybersecurity operations, forcing the evolution of SIEMs and SOCs for ICS, and tending to the rising concerns from AI-borne cyberthreats are the essential components and should be used as the foundational building blocks in the development of any ICS cybersecurity strategy,” concluded Pavlakis.

    The post Bad news: IIoT accelerates evolving cyber threat horizon appeared first on FutureIoT.

    ]]>
    McDonalds uses IoT to eliminate spoilage, improve quality and increase profit https://futureiot.tech/mcdonalds-uses-iot-to-eliminate-spoilage-improve-quality-and-increase-profit/ Thu, 30 May 2019 02:35:44 +0000 https://futureiot.tech/?post_type=case-study&p=4211 Running a fastfood chain takes a lot of time and effort. So how to do run 12 of them and still be productive and profitable?

    The post McDonalds uses IoT to eliminate spoilage, improve quality and increase profit appeared first on FutureIoT.

    ]]>
    Running a fastfood chain takes a lot of time and effort. So how to do run 12 of them and still be productive and profitable? If there is anything to be learned from big data and machine learning is to do so by spotting the exceptions rather than the norm.

    This is exactly what Paul G., owner and operator of 12 McDonalds franchises did. He deployed technology from SwiftSensors to enable him to spot things that happen in real-time in the kitchen, in the store room, electrical closets, even the cash safe.

    Click here to download this case study to know more.

    The post McDonalds uses IoT to eliminate spoilage, improve quality and increase profit appeared first on FutureIoT.

    ]]>
    Aeroporti di Roma’s digital transformation journey https://futureiot.tech/aeroporti-di-romas-digital-transformation-journey/ Thu, 30 May 2019 01:26:01 +0000 https://futureiot.tech/?p=4194 Floriana Chiarello, Head of Demand Management at Aeroporti di Roma – the Italian fixed-based Leonardo da Vinci-Fiumicino Airport (in Greater Rome) and Rome Ciampino Airport says "Our digital strategy is a must-have enabler to deliver innovative, efficient, and high-quality services to passengers, retailers, companies, and the entire airport ecosystem.

    The post Aeroporti di Roma’s digital transformation journey appeared first on FutureIoT.

    ]]>
    All busy airports share several common challenges: managing passenger flow, ensuring flights depart on time and incoming flights are routed efficiently, checked-in baggages are properly tagged and routed to the right flights on carousel. Other operational issues include customer experiences as it relates to customs and immigration, use of airport facilities including toilets, restaurants and shops.

    Floriana Chiarello, Head of Demand Management at Aeroporti di Roma – the Italian fixed-based Leonardo da Vinci-Fiumicino Airport (in Greater Rome) and Rome Ciampino Airport says "Our digital strategy is a must-have enabler to deliver innovative, efficient, and high-quality services to passengers, retailers, companies, and the entire airport ecosystem.

    For instance, one major airport in Roma – the Rome-Fiumicino International Airport serves as a hub connecting over 230 destinations worldwide. It serves over 47 million passengers annually with over 100 airlines using the airport at some point in time.

    In this short video, Chiarello talks about the importance of digital transformation in ensuring high quality passenger and business partner experience. "TIBCO offered a new approach, a platform to support vertical implementations and drive the future of our digital transformation. TIBCO technology is managing all airport information and its correlation to enable decision-making,” she concluded.

    The post Aeroporti di Roma’s digital transformation journey appeared first on FutureIoT.

    ]]>
    Solving the massive IoT security problem https://futureiot.tech/solving-the-massive-iot-security-problem/ Tue, 28 May 2019 05:53:10 +0000 https://futureiot.tech/?p=4157 The IoT security challenge is a popular topic in recent years - many articles have covered the reasons for the challenge and have extensively discussed its possible implications. What has not been well discussed is a surprising fact – while the cyber-attack landscape for embedded devices is growing dramatically, the level of effort required to […]

    The post Solving the massive IoT security problem appeared first on FutureIoT.

    ]]>
    Ruth Artzi is Senior Product Marketing Manager at VDOO
    Ruth Artzi, Senior Product Marketing Manager, VDOO

    The IoT security challenge is a popular topic in recent years - many articles have covered the reasons for the challenge and have extensively discussed its possible implications. What has not been well discussed is a surprising fact – while the cyber-attack landscape for embedded devices is growing dramatically, the level of effort required to carry out a successful attack is decreasing.

    These two effects will probably lead to more and more devices being attacked while deployed in the wild unless security is implemented in the near future and in a scalable manner that will provide security coverage, against existing and emerging threats, for every device. For a truly effective security implementation, security must be designed into the product, not added post-deployment by the user.

    Lack of security slows IoT growth and weakens trust

    Enterprise users are rightfully concerned as the financial motivation for attacking connected devices is constantly growing. While the cost of crafting an attack vector is pretty low, there is a huge potential gain from a successful attack. It is probably only a matter of time before attackers initiate additional widespread and large-scale campaigns targeting IoT devices such as the infamous Mirai and VPNFilter that took advantage of devices with minimal or no security.

    Businesses deploying IoT devices understand the impact of cyberattacks to their business continuity and reputation, therefore shifting from insecure to secure devices in order to stay one step ahead of the attackers. For that reason, vendors are advised to enhance the security state of their devices – plenty of research shows that investing in security in the short term will lead to higher adoption in the long term.

    But, security is not in the IoT maker’s DNA

    Because competition for connected devices is high, time-to-market, functionality, and cost are the priorities for vendors and there is less concern for security. Emerging standards and regulations around IoT security change this reality to some extent, yet when it comes to the device vendors, there are still difficulties in complying with standards, mainly because of limited awareness as well as lack of security expertise. Taken all together, vendors are worried about entering the security arena as it seems like a very costly process as well as a cause for a potential delay in the product release.

    Device manufacturers lean on traditional product design approaches established before these devices were aimed to be connected to the internet. There was never a need for security on a refrigerator or a thermostat, so consequently security was more of an afterthought. Based on that, it makes sense that manufacturers do not fully understand why and how to implement security.

    The security automation revolution

    Security implementation that is based on automated analysis dispels many of the concerns vendors have about security. The industrial revolution allowed humanity to produce food at scale, shifting from manual slow processes to automated and more efficient processes. For the IoT ecosystem, security automation is the same thing – allowing all devices to be secure in a scalable and cost-effective manner.

    Security should not be a burden for the vendors to carry by themselves, nor a long and expensive process that needs to be outsourced to third-party manual services. An automated security solution puts the control back in the vendor’s hands –based on analyses of thousands of devices, it offers transparency and deep visibility into all first- and third-party device’s components, and it maps out existing security threats together with a balanced risk mitigation plan. All this allows developers with no security background to implement best practices crafted by industry top experts, in a fast and cost-effective way.

    Enabling device-specific protection  

    When it comes to IoT devices, there is a huge variety – each device is different from another, with different security requirements, so how can one generic security solution address them all? Rather than addressing one device type or a specific protocol, security should be specific to the device, addressing its unique threat landscape and resources. Automation is the key to enabling this at scale. By using machine learning based solutions that quickly define device-specific security customisations, manufacturers can implement security into product design quickly and cost-effectively.

    Until the automation era, securing a device required an expensive and long process of manual penetration testing. This process is usually done post device development as part of the system testing phase, at which point changes are costly and usually cause a delay in time to market.

    On the contrary, automation can make the security analysis process much faster, where the product security state including a specific mitigation plan is generated in less than an hour. The simplicity of such a process allows easy and continuous integration of security best practices into the design and development phases. It eliminates the time and resources needed to mitigate security gaps after the fact, and it makes security implementation much more affordable.

    A foundation for auto-generated security solutions

    Not only is automation an incredibly effective method for security analysis, it also serves as a strong basis for additional security solutions. Once deeply analysing the device attributes, tailoring device-specific solutions as additional protection layers is possible and highly recommended. Such solutions are generated precisely based on the device’s specific threat landscape and include products like a runtime protection micro-agent that are designed to consume the minimum of the device’s resources and therefore do not interrupt its functionality. This kind of solution allows protection against known and unknown threats, which is very useful in this ever-changing world of cyber threats.

    Whether it is for analysis or for the creation of additional security products, automation is the key for a cost-effective and scalable device-specific security strategy.

    The post Solving the massive IoT security problem appeared first on FutureIoT.

    ]]>
    Arm demonstrates test chip and board for highly secure IoT designs https://futureiot.tech/arm-demonstrates-test-chip-and-board-for-highly-secure-iot-designs/ Mon, 27 May 2019 00:50:12 +0000 https://futureiot.tech/?p=4125 Arm has demonstrated the first IoT test chip and development board, which it says is designed to offer more choice to IoT designers in system-on-chip  development.

    The post Arm demonstrates test chip and board for highly secure IoT designs appeared first on FutureIoT.

    ]]>
    British multinational semiconductor and software design company Arm has demonstrated the first internet of things (IoT) test chip and development board, which it says is designed to offer more choice to IoT designers in system-on-chip (SoC) development.

    Developed in collaboration with Samsung Foundry, Cadence, and Sondrel, the test chip is a 28nm fully-depleted silicon-on-insulator (FD-SOI) embedded MagnetoResistive Random Access Memory (eMRAM).

    “The promise of a world transformed by a trillion connected devices is not far in the future, but for IoT devices to scale we must continue to put a range of technology options in front of designers to test and evaluate,” said Gus Yeung, VP, GM and Fellow, Physical Design Group, Arm, in a news release.

    He said the Musca-S1 test chip board would enable IoT designers to prototype their product designs from device-to-data security.

    It includes, among others, testing and evaluation of new eMRAM technology for reliable, low-power, and secure device development through secure memory implementation.

    Arm explained that eMRAM technology offers advantages over traditional embedded flash (eFlash) memory technology, as it can quickly scale below 40nm process technology.

    The  Musca-S1 test chip demonstrates a combination of on-chip power control, Samsung Foundry’s Reverse Body Biasing (RBB) and eMRAM non-volatile memory power shutdown, allowing for testing and evaluation of new classes of highly energy-efficient, controlled IoT devices.

    And for the first time on Samsung Foundry silicon, designers will have the opportunity to run Arm Mbed OS as well as test device and data management capabilities using the Arm Pelion IoT platform, the company said.

    “The combination of Musca-S1 and working 28FD-SOI silicon reassures IoT designers they can achieve faster development, deploy body biasing and integrate eMRAM technology in their next-generation IoT devices for enhanced energy efficiency and IoT security,” said Jaehong Park, executive vice president of Design Platform Development, Samsung Electronics.

    The Musca-S1 test chip and development board is on display at Samsung Foundry Forum North America in San Jose, California as part of an air sensor IoT application demo, featuring the device and data management capabilities of the Arm Pelion IoT platform.

    Arm said it will be available in limited quantities in the third quarter of 2019, and is targeted for loan to customers in the fourth quarter of the year.   

    The post Arm demonstrates test chip and board for highly secure IoT designs appeared first on FutureIoT.

    ]]>
    TIBCO Connected Intelligence to power smart cities https://futureiot.tech/tibco-connected-intelligence-to-power-smart-cities/ Tue, 14 May 2019 03:24:43 +0000 https://futureiot.tech/?p=4016 In this short video, TIBCO presents its Connected Intelligence offering which is used to spot and seize opportunities to differentiate and lead.

    The post TIBCO Connected Intelligence to power smart cities appeared first on FutureIoT.

    ]]>
    Smart cities leverage technology to serve people by collecting and analyzing data from people sensors and devices throughout the city and environment. This allows government services and law enforcement, companies ranging from energy and utilities waste management, to private transportation, to healthcare and hospitals, and even smart homes to all more effectively manage and optimize their resources.

    At issue however is how to effectively manage and orchestrate these disparate data sets to allow for more intelligent management? This video covers strategies to creating a sustainable smart city operation using TIBCO Spotfire technology. It includes use case applications including traffic, street light management, and energy management.

    In this short video, TIBCO presents its Connected Intelligence offering which is used to spot and seize opportunities to differentiate and lead.

    The post TIBCO Connected Intelligence to power smart cities appeared first on FutureIoT.

    ]]>
    Fueling digital business with connected intelligence https://futureiot.tech/fueling-digital-business-with-connected-intelligence/ Tue, 14 May 2019 01:54:27 +0000 https://futureiot.tech/?post_type=case-study&p=4012 Learn how TIBCO makes digital smarter by clicking here to download this customer ebook and learn how organizations are leveraging TIBCO technology to become competitive innovators in their industry.

    The post Fueling digital business with connected intelligence appeared first on FutureIoT.

    ]]>
    Learn how TIBCO makes digital smarter by clicking here to download this customer ebook and learn how organizations are leveraging TIBCO technology to become competitive innovators in their industry.

    Accessing FutureIoT Premium Content

    Welcome! To access Premium content and more, please login below.

    Not a Premium member yet? Register now for a free account!

    Forgot Password

    Alternatively,

    The post Fueling digital business with connected intelligence appeared first on FutureIoT.

    ]]>
    Study: Cybersecurity skills shortages lower in Asia-Pacific https://futureiot.tech/study-cybersecurity-skills-shortages-lower-in-asia-pacific/ Thu, 09 May 2019 03:29:19 +0000 https://futureiot.tech/?p=3980 Overall, cybersecurity professionals are confident that automation and AI will make their workload more manageable without jeopardizing their job security.

    The post Study: Cybersecurity skills shortages lower in Asia-Pacific appeared first on FutureIoT.

    ]]>
    What is the impact of automation and artificial intelligence (AI) in staffing for cybersecurity functions?

    A survey conducted by the Seattle-based cyber intelligence provider DomainTools, in conjunction with the Ponemon Institute, sought to answer this question by polling 1,400 security professionals based across the Asia Pacific (APAC), US, and the UK.

    All respondents in the study are responsible for attracting, hiring, promoting and retaining cybersecurity personnel within their organizations.

    The research report based from the survey, “Staffing the IT Security Function in the Age of Automation,” provided key insights on the state of staffing for cyber security personnel.

    Overall, the respondents in the UK and US were much more confident that automation will improve their cybersecurity staff’s ability to do their job (59% and 65% of respondents, respectively) than APAC respondents (48%), who were also more likely to distrust AI as a cybersecurity tool.

    However, APAC may be a little better off as the study found that shortages also seemed to be lower in the region (67%) compared to the UK (70%) and the US (78%).

    "The survey reported that 40% of respondents expect an increased need for hires with more advanced technical skills, aligning especially in Asia Pacific where governments and educational institutions are already accelerating specialized cybersecurity programs and initiatives, such as the ASEAN-Singapore Cybersecurity Centre of Excellence announced during the Asean Ministerial Conference on Cybersecurity (AMCC) in September 2018, where ASEAN nations are adopting a rules-based approach to regional cybersecurity frameworks," the study noted.

    The cyber think-tank and training center that the report cited has a S$30-million investment from Singapore and the ASEAN.

    ASEAN, or the Association of Southeast Asian Nations, is a ten-nation group comprised of Brunei, Cambodia, Indonesia, Laos, Malaysia, Myanmar, the Philippines, Singapore, Thailand, and Vietnam.

    Singapore's Deputy Primi Teo Chee Hean, Deputy Prime Minister and Coordinating Minister for National Security said in a speech during the center’s launch that the rapid growth of digital technologies, such as the Internet of Things (IoT), cloud computing and AI has broken down walls and opened up new opportunities for everyone.  

    "Innovation is key in an increasingly digital future; but so too is resilience provided by robust cybersecurity," he said.

    A partial solution

    The research report of DomainTools affirmed that automation will provide a partial solution to staffing problems.

    For one, respondents said it could relieve cybersecurity professionals of time-consuming and non-cost-effective tasks, such as malware analysis, which is either already automated (50%), or is planned to become so in the next three years (56%).

    However, only 35% of respondents think that automation will reduce the headcount of their cybersecurity function: 40% even expect an increased need for hires with more advanced technical skills.

    Poll results also clearly indicated a shortage of cybersecurity staff across geographical regions (78% of all respondents admitted their teams are understaffed).

    “Contrary to the popular belief that the rise of automation will threaten the job market, organizations now feel these technologies will help ease the current strain on resources, and offer the potential to promote job security for highly skilled staff, while strengthening cybersecurity defenses,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute.

    Although there are geographical differences in the level of confidence placed in AI and automation as cybersecurity tools, Corin Imai, senior security advisor at DomainTools, said that the reasons that motivate their adoption seem to be consistent across regions

    “The results of the survey reveal that, overall, cybersecurity professionals are confident that automation will make their workload more manageable and will increase the accuracy of certain tasks, without jeopardizing their job security,” he said.

    The post Study: Cybersecurity skills shortages lower in Asia-Pacific appeared first on FutureIoT.

    ]]>
    Poll highlights consumer distrust in connected devices https://futureiot.tech/poll-highlights-consumer-distrust-in-connected-devices/ Wed, 08 May 2019 02:50:57 +0000 https://futureiot.tech/?p=3969 Collectively, across these the countries polled, 65% of consumers are concerned with the way connected devices collect data.

    The post Poll highlights consumer distrust in connected devices appeared first on FutureIoT.

    ]]>
    More than half (53%) of Japanese who own connected devices agree that they are “creepy” ” in the way they collect data about people and their behaviors, and 66% believe that manufacturers should only produce connected devices that protect privacy and security.

    The same number of consumers (66%) agree that retailers should ensure the connected devices they sell have good privacy and security standards.

    These were among the findings of a survey conducted by IPSOS Mori on behalf of the Internet Society and Consumers International. Aside from Japan, the poll was conducted in the United States, Canada, Japan, Australia, France, and the United Kingdom.

    In the US and the UK, the numbers are higher — 66% of Americans and 59% of Brits who own connected devices agree that they are “creepy” in the way they collect data about people and their behaviors.

    Moreover, 85% of Americans and 85% of Brits agree that manufacturers should only produce connected devices that protect privacy and security. Also, 66% of Americans and 86% of Brits agree that retailers should ensure the connected devices they sell have good privacy and security standards.

    Collectively, across these three countries, plus France, Australia and Canada, 65% of consumers are concerned with the way connected devices collect data. More than half (55%) do not trust their connected devices to protect their privacy, and a similar proportion (53%) do not trust connected devices to handle their information responsibly, the survey found.

    However, despite these concerns, connected devices are everywhere, and many people are willing to be part of the Internet of Things (IoT) revolution — 69% of those surveyed said they own connected devices, such as smart meters, fitness monitors, connected toys, home assistants, or gaming consoles.

    “The survey results underscore the need for IoT manufacturers to build their devices with security and privacy in mind,” said Internet Society President and CEO Andrew Sullivan, in a news release. “Security should not be an afterthought. It’s clear that manufacturers and retailers need to do more so that consumers can trust their IoT devices.”

    While the majority of poll respondents (88%) believe that regulators should ensure IoT privacy and security standards,  81% also said manufacturers need to provide that assurance, and 80% said retailers must also address privacy and security.

    Helena Leurent, Director General, Consumers International said that they want to see tangible action from manufacturers, retailers, and governments on this issue.

    “It has to be a collective effort, not the responsibility of one group. We are exploring this conversation with progressive manufacturers. Together we are looking at the opportunity to create person-centered technology, that people not only enjoy using but feel safe and secure doing so,” she said.

    In 2018, the Internet Society and Consumers International formed a working partnership aimed at creating a safer, more trusted Internet for everyone.

    They released the results of the survey at Consumers International Summit 2019 in Lisbon, Portugal, a gathering of consumer organizations from around the globe working together with representatives from business, civil society, and governments.

     

    The post Poll highlights consumer distrust in connected devices appeared first on FutureIoT.

    ]]>
    Gartner: Blockchain to help with food safety and traceability https://futureiot.tech/gartner-blockchain-to-help-with-food-safety-and-traceability/ Tue, 07 May 2019 06:06:58 +0000 https://futureiot.tech/?p=3962 Gartner predicts 20% of top global grocers will use blockchain for food safety and traceability by 2025

    The post Gartner: Blockchain to help with food safety and traceability appeared first on FutureIoT.

    ]]>
    Annual grocery sales are on the rise in all regions worldwide, with an emphasis of fast, fresh prepared foods. Additionally, customer understanding has increased for the source of the food, the provider’s sustainability initiative, and overall freshness. Grocery retailers who provide visibility and can certify their products according to certain standards will win the trust and loyalty of consumers.

    Gartner predicts that by 2025 20% of the top 10 global grocers by revenue will be using blockchain for food safety and traceability to create visibility to production, quality and freshness.

    “Blockchain can help deliver confidence to grocer’s customers, and build and retain trust and loyalty,” said Joanne Joliet, senior research director at Gartner. “Grocery retailers are trialing and looking to adopt blockchain technology to provide transparency for their products. Additionally, understanding and pinpointing the product source quickly may be used internally, for example to identify products included in a recall.”

    Blockchain appears as an ideal technology to foster transparency and visibility along the food supply chain. Encryption capabilities on the food source, quality, transit temperature and freshness can be used to ensure that the data is accurate and will give confidence to both consumers and retailers.

    Some grocers have already been experimenting with blockchain and are developing best practices. For example, Walmart is now requiring suppliers of leafy greens to implement a farm-to-store tracking system based on blockchain. Other grocers, such as Unilever and Nestlé, are also using blockchain to trace food contamination.

    Joliet noted that as grocers are being held to higher standards of visibility and traceability they will lead the way with the development of blockchain, but we expect it will extend to all areas of retail. “Similar to how the financial services industry has used blockchain, grocers will evolve best practices as they apply blockchain capabilities to their ecosystem. Grocers also have the opportunity to be part of the advancement of blockchain as they develop new use cases for important causes for health, safety and sustainability,” she added.

    The post Gartner: Blockchain to help with food safety and traceability appeared first on FutureIoT.

    ]]>
    Embedded Security-as-a-Service to Prevent the Next Big Botnet Attack https://futureiot.tech/embedded-security-as-a-service-to-prevent-the-next-big-botnet-attack/ Thu, 02 May 2019 01:00:51 +0000 https://futureiot.tech/?p=3904 As the IoT continues to expand and permeate new industries, where should we put our trust when it comes to security in electronic systems and what is the tradeoff?

    The post Embedded Security-as-a-Service to Prevent the Next Big Botnet Attack appeared first on FutureIoT.

    ]]>
    Yoni Kahana, VP Customers, NanoLock Security
    Yoni Kahana, VP Customers, NanoLock Security

    By: Yoni Kahana, VP Customers, NanoLock Security

    In recent years, dramatic attacks from the Mirai botnet attack of 2016 to Intel Spoiler in 2019 exposed the vulnerability of processors for electronic systems that undermined assumptions commonly held around the security of the processor and leveraging the root of trust in the system.

    In embedded endpoint devices, today’s software security solutions are limited in scope. They can either disrupt the main functionally, demanding processing power and requiring integration of security features conflicting with the functional requirements, or not provide adequate levels of security, causing software to be potentially undermined by lower level software that breaks through the security measures.

    The question is, as the IoT continues to expand and permeate new industries, where should we put our trust when it comes to security in electronic systems and what is the tradeoff? And what are the opportunities for new solutions that better address the needs of edge and embedded devices?

    The role of the processor

    Electronic systems control our world and surround us – from today’s modern automotive that features dozens of Electronic Control Units (ECU), to industrial Programmable Logic Controllers (PLC) responsible for manufacturing most of the products we consume, to the electronic modules in our home (e.g. routers) – electronics are the backbone that make up our increasingly connected lives.

    All modern electronic systems include two main building blocks: the processor responsible for executing the state machine and the system software that eventually brings the functionality that users expect. This software, stored on the persistent memory (Non-Volatile Memory – NVRAM, or flash), survives when the power is off and is loaded to the processor and the RAM during boot time.

    Because of the nature of interconnectivity and reliance on software installed in CPUs and online in electronic systems, the opportunity for hackers and cyber-criminals to cause disruption is increased. To prevent these types of attacks, security solutions have been integrated directly into electronic systems.

    From car hacking, to camera attacks like the Mirai botnet attack in 2016, to attacks via the router like VPNFilter, this trend and subsequent risk will continue to increase as more devices join the network.

    Once adversaries can modify the state machine or the system software, they can change the functionality of the system. These changes can create critical or safety issues depending on the system, expose sensitive data that should be protected, allow access to an unauthorized party and much more. And in order to get access, the adversary requires a way to manipulate the software that resides in the NVRAM.

    Modern processors have security features that are meant to provide security layers which include secure boot, memory protection, different privileges to software processes, encryption, trusted execution environment and more. Generally speaking, these features are used to prevent adversaries from gaining access to and taking control of the system – these features are intended to prevent the modification of the original state machine, which controls the functionality of the system.

    Therefore, the security of the processor is key to ensuring larger network and device security.

    The limitations of the security that processor can provide

    The aforementioned processor security features rely on the creation of different levels of trust. However, since the processor needs to support many different software designs and functionalities, the processor and the security features controlled by the software must also be protected by the processor.

    This is a paradox - different software layers give different control privileges to the processor and attacks like denial of service (DoS) reveal that opportunities for attack lie within those layers. DoS attacks can be easy to execute by simply modifying one bit of the “secured software” which causes the wrong signature validation and halts the secure boot process. These types of attacks can even “brick” the device or allow for the move to recovery mode which can then be attacked in the same manner.

    With recent attacks like Meltdown/Spectre, it was also demonstrated that due to the tradeoff between functionality and security, sometimes processor security features can be comprised at the processor level.

    Nowadays, the management of end devices is critical for commercial systems and it is often assumed that software updates will be required for feature updates and security patches. But once the software on the processor is no longer trusted, the management of the electronic system cannot be trusted, and the software update mechanism can no longer be secured due to the now lack of trust in the compromised end point. This creates a major problem for the deployment of commercial IoT systems.

    Additionally, these processor-based security features require additional resources in the form of additional silicon or additional firmware code, creating a cost increase for companies to purchase or upgrade processors that can adequately support the security features. It may be insignificant in some high-end applications that are less sensitive to cost, but it has an effect on low cost applications that can’t afford bill of material (BoM) increases.

    So, how can companies ensure that their IoT devices on the network remain secure?

    New solutions for a more secure IoT devices

    An innovative approach to IoT security is to protect the device’s flash, even from the processor and the software that is running on it. Creating a root of trust in the secure flash that blocks write operations to the protected memory facilitates a secure channel all the way from cloud to the flash, making it impossible for attackers to alter the firmware with any malicious code. This approach is agnostic to the processor and any software that is running on the device and avoids any latency in boot time or run time.

    And since the solution has moved from the processor side to the flash side, this approach, agnostic of the processor and the OS, means that there is no need for additional cost resources on the processor side. Therefore, ironclad security can be achieved with low-power, low-cost processors, creating a more palatable cybersecurity solution for IoT manufacturers and IT management.

    One may assume that this cost burden would then shift to the flash side, however, because preventing writing to memory area is much simpler in the flash itself, it is an insignificant increase compared to the cost (in performance and price) in the processor.

    When implemented into the flash side properly, there will be no performance impact on preventing unauthorized modification of the software, which eliminates the trade-off between security and functionality. This enables embracing security solutions in end devices that that until today couldn’t support that balance -- such as ECUs in cars, PLCs in industrial solutions, routers, cameras and other IoT devices.

    Of course, today’s IoT devices require updates. By protecting the flash, we create a secure channel between the device’s flash all the way to the cloud that neither the network nor the software and processor within the device can breach, thereby extending the trust beyond cloud-to-processor to cloud-to-flash.

    What’s next?

    The cloud-to-flash approach goes beyond purely hardware/software security and protection; This shift enables new opportunities and revenue engines for various vertical markets embracing IoT.

    The value of this new approach reaches beyond a technology paradigm change. It also changes the commercial view of security and management and opens the door to deriving revenue from security in IoT.

    About Author:

    Yoni Kahana is VP, Customers, for Israel-based IoT cybersecurity management startup NanoLock Security and a 20+ year cybersecurity industry veteran for Fortune 500 companies like General Motors and Qualcomm. NanoLock’s edge device management and protection platform uses a cloud-to-flash protection approach that configures the mechanism for secure updates and trustworthy management – essential for deployments of IoT devices in crucial applications in emerging tech such as smart cities, autonomous vehicles, industrial, telecoms and others.

    The post Embedded Security-as-a-Service to Prevent the Next Big Botnet Attack appeared first on FutureIoT.

    ]]>
    Tables turned: Consumers can now spy on their IoT devices https://futureiot.tech/tables-turned-consumers-can-now-spy-on-their-iot-devices/ Wed, 01 May 2019 00:01:06 +0000 https://futureiot.tech/?p=3891 Researchers from Princeton University have built an open-source tool that lets you inspect IoT traffic in your home network.

    The post Tables turned: Consumers can now spy on their IoT devices appeared first on FutureIoT.

    ]]>
    We’ve been warned. Someone is watching over us at home, not just the pet — the smart TV, our refrigerator, our lights, our microwave oven, our kids’ toys, or anything that is connected to the Internet. The walls have ears — and yes, eyes.

    But a new desktop tool is reversing this.

    Researchers from Princeton University have built an open-source tool that lets consumers inspect IoT traffic in the home network right from the browser. Not just consumers but academic researchers as well.

    “Let’s say you have a smart Geeni light bulb. Are you aware that it could be communicating with a Chinese company every 30 seconds even while you are not using the bulb?” the Princeton researchers wrote in a blog post.

    “Many IoT devices are proprietary and close-source. This lack of transparency makes it difficult for consumers to decide whether to trust their devices’ security and privacy practices (or the lack thereof),” they added.

    The Princeton IoT Inspector monitors network activities of all IoT devices connected to the home network.

    This information includes who the IoT device contacts on the Internet, and whether the contacted party is malicious or is known to track users; how much data is exchanged (in terms of bytes per second) between the device and the contacted parties; how often the data is exchanged.

    But it does not collect sensitive information, including “network activities of phones, computers, or tablets; actual contents of communication; and any personally identifiable information, such as your home network’s IP address, the MAC addresses of your devices, your name and email,” according to Princeton.

    Beyond its uses for the consumer, the IoT Inspector also collects  data that helps Princeton with IoT research, “specifically, measuring and mitigating the security, privacy, and performance problems of IoT devices.”

    Currently, Princeton is inviting researchers and academics to take part in the study, “IoT Inspector: Identifying Privacy, Security, and Performance Risks of Consumer IoT Devices.”

    “Our goal is to measure and visualize these risks, both for research and for the user,” it said.

    Market research firm IDC expects the global market for smart home devices to grow 26.9% year over year to 832.7 million shipments this year.

    To a large extent,  these devices enrich the lives of many users, according to Princeton.

    As tech giants Amazon, Google, Apple and many other tech companies race to bring more devices to consumers' homes, there is also an increasing advocacy toward making people aware of the security implications as well as studying the effects of the intersection of people and IoT.

    The post Tables turned: Consumers can now spy on their IoT devices appeared first on FutureIoT.

    ]]>
    Report highlights cybersecurity implications of IoT for India https://futureiot.tech/report-highlights-cybersecurity-implications-of-iot-for-india/ Fri, 26 Apr 2019 02:42:19 +0000 https://futureiot.tech/?p=3858 The IoT phenomenon is one of the most disruptive technologies changing the way organizations function and carry out business, according to the report.

    The post Report highlights cybersecurity implications of IoT for India appeared first on FutureIoT.

    ]]>
    While the ongoing election in India has yet to decide if Prime Minister Narendra Modi will remain in power, The Wall Street Journal reported on the Indian economy under his five-year premiership.

    Under Modi, initiatives such as the Smart Cities Mission, Digital India, Startups in India and Make it India have been launched.

    As Future IoT reported in January 2018, India is taking the well-trodden path to digital transformation with an eye on the prize: a US$1 trillion economy by 2022. Somewhere in this grand vision is the reality of 5 billion connected IoT ecosystem.

    Cybersecurity for Industry 4.0,”  a joint study conducted by The Associated Chambers of Commerce and Industry of India (ASSOCHAM) with global professional services firm Ernst & Young (EY) noted that the focus of governments and industries had indeed shifted to technologies like Internet of Things (IoT), artificial intelligence (AI), blockchain, robotics, and other advanced technologies.

    The IoT phenomenon, for one, is one of the most disruptive technologies changing the way organizations function and carry out business, according to the report.

    “Devices and sensors are used to collect data from everywhere – home, cars, office, manufacturing plant, hospital, etc. The data is collected and processed to automate responses or provide tools for decision making. IoT is aimed at increasing efficiency and productivity while conserving resources,” it said.

    Under the government’s Smart Cities Mission, for example, 100 smart cities will be developed where  IoT will be used in the applications like smart parking, tele-care, intelligent transport system, citizen safety, smart urban lighting, smart grid, and water management, to name only a few.

    As of January 2018, some 99 cities have already been selected to be upgraded as part of the initiative, which was launched in 2015 with a funding ₹98,000 crore (US$14 billion).

    As expected, security implications will be enormous.

    "Estimates have been made that internet-connected things will outnumber humans 4-to-16. Even if a few of these devices are not secured properly, cyber criminals will have easy access in to the IoT network and would be able to disrupt the services," the report cited.

    However, it also mentioned that to date, only 4% of organizations in the country are confident that they have fully considered the information security implications of their current strategy. Hence, the government and organizations needs to step in.

    This echoes a similar survey conducted by security firm Trend Micro in April and May 218 that only 14 percent of respondents say they have a complete organizational awareness of IoT threats.

    The report believes that the way forward for India is for governments and organizations to focus on a framework that provides an integrated approach to cybersecurity, including developing capabilities for threat detection and employing the use of AI to recognize patterns for smart monitoring of the IT infrastructure.

    Another approach it offered is “security by design,” which means that security is built in from the beginning of software and hardware development.

    California’s cybersecurity law, signed in September 2018, as well as the UK government’s 'world first' IoT Code of Practice, introduced in November 2018, both use this approach.

    “The need for security by design has become crucial as tech companies continue to churn out a myriad of IoT objects for consumers and enterprises,” the ASSOCHAM-EY report affirmed.

    “Cybersecurity should no longer be viewed as a function of information technology or information security alone. It needs to form an integral part of culture and strategy of the organization,” the report concluded.

    The post Report highlights cybersecurity implications of IoT for India appeared first on FutureIoT.

    ]]>
    Israeli startup raises $32M to secure all types of IoT devices https://futureiot.tech/israeli-startup-raises-32m-to-secure-all-types-of-iot-devices/ Thu, 25 Apr 2019 02:58:37 +0000 https://futureiot.tech/?p=3844 IoT security startup VDOO Connected Trust Ltd.  is setting its sights on providing security for all types of embedded devices.

    The post Israeli startup raises $32M to secure all types of IoT devices appeared first on FutureIoT.

    ]]>
    Securing embedded devices and the internet of things (IoT) is becoming a big business.

    This week, an Israeli startup has raised $32 million in Series B funding to increase market adoption of its IoT security platform and strengthen its technical capabilities.

    Based in Tel Aviv, VDOO Connected Trust Ltd. was founded in 2017 by cybersecurity researchers and developers. It offers an end-to-end platform for security automation, certification, and protection.

    The company said it is setting its sights on providing security for all types of embedded devices.

    More specifically, the funds will be used to push innovation in automated analysis capabilities, including zero-day vulnerabilities detection both for new and legacy devices.

    VDOO is also looking to expand its partner and distribution network, which already includes NTT, Macnica, DNP, and Fujisoft in Japan.

    “At a time when embedded devices already deployed in the field not only collect data but actually control our physical environment, affecting both business operations and our personal lives, it’s hard to imagine a future where all of these devices can be exploited,” said Netanel Davidi, Co-CEO and Co-Founder of VDOO.

    “The reality is that devices are highly vulnerable and there is a reasonable chance they will be under a massive attack in the near future,” he added.

    The latest funding round, which brought total funding for the young company to $45 million, was led by venture capital firms WRVI Capital and GGV Capital.

    NTT DOCOMO, MS&AD Ventures, and strategic individual investor Avigdor Willenz, Founder of Galileo Technologies and Annapurna Lab. 83North, Dell Technology Capital and David Strohm, who led the company's initial financing, also participated in this round.

    Clear demand for security

    Lip-Bu Tan, Founding Partner of WRVI Capital, an international venture firm focusing on OEMs (Original Equipment Manufacturers) of embedded systems, hardware, and software, said they decided to back VDOO technology as they see a clear demand for security.

    VDOO’s automation platform enables IoT manufacturers to raise the security bar with device-specific security requirements integrated into common task management and development environments.

    The technology improves the device’s security by automatically generating tailor-made on-device micro-agents for active real-time protection against known and unknown threats, including exploits that utilize advanced methods.

    Citing figures from Statista, Glenn Solomon, Managing Partner at GGV Capital, wrote in a company blog post that the IoT market is exploding, with the number of IoT devices growing to over 30 billion by next year, more than double over the past five years.

    “The growing number of attacks, zero-day discoveries, and malware crafted specifically for IoT all indicate that cybercriminals are increasingly exploiting IoT devices due to their lack of security,” he said. “Device makers, including vendors, manufacturers, and large integrators, all are realizing they need to take IoT device security seriously.”

    “Hence, VDOO’s pipeline is rapidly expanding,” he said.

    IoT security a recurring concern

    Juniper Research pegged IoT security spending to top US$6 billion by 2023.

    “The interconnected nature of the IoT means that even innocuous devices like the connected fridge can become a threat. Vendors see that risk as low, while little has been done from a regulatory perspective to protect consumers,” explained research author Steffen Sorrell in the report.

    Meanwhile, on the side of critical infrastructures in sectors such as in sectors such as utilities, transport, and healthcare, cybersecurity is a growing concern, according to ABI Research. Hence, it forecasts security spending for the protection of critical infrastructures to hit $125 billion globally by 2023.

    At a recent FutureIoT roundtable, one of the delegates pointed to security as a recurring concern as organizations push forward the digitalization of businesses.

     

    The post Israeli startup raises $32M to secure all types of IoT devices appeared first on FutureIoT.

    ]]>
    USPACE-Chunghwa Telecom solve Taipei’s parking problem https://futureiot.tech/uspace-chunghwa-telecom-solve-taipeis-parking-problem/ Thu, 25 Apr 2019 02:41:09 +0000 https://futureiot.tech/?post_type=case-study&p=3840 Chunghwa Telecom and USPACE have partnered together to supply the smart locks. Lock users can rent out their parking space, and allow immediate access to the space via the app.

    The post USPACE-Chunghwa Telecom solve Taipei’s parking problem appeared first on FutureIoT.

    ]]>
    Chunghwa Telecom and USPACE have partnered together to supply the smart locks. Lock users can rent out their parking space, and allow immediate access to the space via the app.

    Accessing FutureIoT Premium Content

    Welcome! To access Premium content and more, please login below.

    Not a Premium member yet? Register now for a free account!

    Forgot Password

    Alternatively,

    The post USPACE-Chunghwa Telecom solve Taipei’s parking problem appeared first on FutureIoT.

    ]]>
    Addressing the protection problems of IoT payments https://futureiot.tech/addressing-the-protection-payment-of-iot-payments/ Thu, 25 Apr 2019 01:48:20 +0000 https://futureiot.tech/?post_type=whitepaper&p=3837 This Smart Payments Association (SPA) explores the challenges, opportunities and hurdles that businesses must discover and overcome for them to truly exploit the potential of IoT to facilitate cross-border business while meeting increased risks associated with an evolving technology like IoT.

    The post Addressing the protection problems of IoT payments appeared first on FutureIoT.

    ]]>
    This Smart Payments Association (SPA) explores the challenges, opportunities and hurdles that businesses must discover and overcome for them to truly exploit the potential of IoT to facilitate cross-border business while meeting increased risks associated with an evolving technology like IoT.

    Accessing FutureIoT Premium Content

    Welcome! To access Premium content and more, please login below.

    Not a Premium member yet? Register now for a free account!

    Forgot Password

    Alternatively,

    The post Addressing the protection problems of IoT payments appeared first on FutureIoT.

    ]]>
    China Unicom’s quantum encryption project gets WSIS Prize for information security https://futureiot.tech/china-unicoms-quantum-encryption-project-gets-wsis-prize-for-information-security/ Wed, 17 Apr 2019 03:41:17 +0000 https://futureiot.tech/?p=3724 China Unicom and Hengtong Optoelectronics have developed data encryption and leakage prevention and tamper-resistant network system based on quantum encryption trunks.

    The post China Unicom’s quantum encryption project gets WSIS Prize for information security appeared first on FutureIoT.

    ]]>
    China Unicom and Hengtong Optoelectronics have developed data encryption and leakage prevention and tamper-resistant network system based on quantum encryption trunks.

    On April 9, the World Summit on the Information Society (WSIS) recognized the technology for its potential to protect the information security of citizens. The project was among the 18 development projects honored at the 10th WSIS Forum in Geneva, Switzerland.

    Zhu Changbo, vice president of China Unicom Network Technology Research Institute and dean of China Unicom Smart City Research Institute, received the trophy and certificate from International Telecommunications Union (ITU) Secretary-General Zhao Houlin.

    “Information security protection is an ongoing task. This project has the capacity of continuous operation, providing long-term quantum encryption information security services for government affairs, finance, electric power, and big data, etc. in the areas where the trunk line passes,” the WSIS said in the award citation.

    China Unicom explained on its website that it has been cooperating with Hengtong Optoelectronics in studying the use of quantum encryption technology to solve information security problems.

    The two companies have signed a strategic cooperation agreement on quantum encryption communication research in 2017 and have since launched a number of innovative quantum security service experiments.

    According to information the company provided in Chinese, the project covers the main line area from Beijing to Xiong'an and uses the FM phase-encoding quantum key distribution device (QKD) with independent intellectual property rights to construct a data encryption anti-leakage and anti-tamper system based on the quantum-encrypted communication trunk.

    The total length of the encrypted communication trunk project is about 700 kilometers, the company said.

    Regional information exchange

    The partners hope to build a regional information exchange for the Beijing-Tianjin-Hebei region and the Yangtze River Delta region and provide information security services for government and private enterprises, and the public.

    WSIS said in the award citation that the project can be replicated and applied to more quantum secure communication trunks.

    “For example, it is planned that Beijing-Xiong'an Quantum Communication Trunk Line will be extended to Tianjin and form the Beijing-Tianjin-Hebei Quantum Communication Ring Network,” WSIS said.

    The Nanjing-Shanghai Quantum Communication Trunk Line will also be extended to Shanghai, Anhui, and Zhejiang and form the Yangtze River Delta Quantum Communication Ring Network.

    Moreover, WSIS noted that the two ring networks are planned to be connected by a quantum communication trunk line. This can provide an experimental platform for promoting the quantum secure communication technology in more regions.

    Tech for social good

    The WSIS Prizes, now on its eighth edition, recognize individuals, governments, civil society, local, regional and international agencies, research institutions and private-sector​ companies for leveraging the power of tech towards the achievement of the United Nations Sustainable Development Goals.

    The ITU said a total of 1,062 projects were nominated this year, compared to 492 last year, and almost one-third of the projects (29%) originated from Asia-Pacific.

    “This decade has seen a period of extraordinary growth and progress for ICTs," said Houlin Zhao, ITU Secretary-General. “But with progress come challenges. It is up to all of us to ensure that ICTs and these emerging technologies continue to prove a force for good."

    One-fifth (20%) of the projects benefit women and almost another fifth benefit youth, followed by remote and rural communities, people with disabilities, the elderly, unemployed and poor, indigenous and nomadic people, refugees and internally displaced people, and migrants (4%).

    One-third of projects were submitted by the private sector (33%), followed by government (27%), civil society (23%), academia (11%) and international organizations (6%).​​

    The post China Unicom’s quantum encryption project gets WSIS Prize for information security appeared first on FutureIoT.

    ]]>
    IoT security startup Armis secures $65 M funding https://futureiot.tech/iot-security-startup-armis-secures-65-m-funding/ Mon, 15 Apr 2019 23:52:48 +0000 https://futureiot.tech/?p=3709 California-based IoT enterprise security company Armis has raised another $65 million in Series C funding, bringing the company’s total funding to $112 million.

     

    The post IoT security startup Armis secures $65 M funding appeared first on FutureIoT.

    ]]>
    California-based IoT enterprise security company Armis has raised another $65 million in Series C funding, bringing the company’s total funding to $112 million.

    The company, which provides security solutions for managed and unmanaged Internet of Things (IoT) devices, said it will use the funds to speed up investments in sales, marketing, and engineering as it looks to expand its cross-industry solutions for device management on a network.

    “IoT security has come of age, with CIOs and CISOs across industries prioritizing it as they realize the significant risk these connected devices pose,” said Yevgeny Dibrov, CEO and co-founder of Armis, in a media statement.

    Armis’ sensing technology can analyze and manage enterprises IoT devices including traditional devices like laptops and smartphones;  and unmanaged smart devices like smart TVs, webcams, printers, HVAC systems, industrial robots, medical devices and more.

    With IoT endpoints growing to 14.2 billion this year and 25 billion units by 2021, according to estimates by research advisory firm Gartner, the attack surface of the connected enterprise is also expanding by leaps and bounds.

    A recent report showed that half of the top 12 global exploits targeted IoT. Another poll revealed that companies have started sustaining significant monetary losses due to lack of good practices as they incorporate IoT into business models.

    According to Armis, unmanaged and un-agentable devices have no inherent security, and cannot be protected by legacy security solutions.

    Dbrov claims that the Armis platform is purpose-built to address insecure endpoints or  ‘un-agentable’ devices.

    “But beyond the technology, it’s how we partner closely with our customers to secure this new attack landscape,” he said.

    Vote of confidence

    Sequoia Capital led the latest funding round with participation from Insight Venture Partners and Intermountain Ventures. Return investors include Bain Capital Ventures, Red Dot Capital Partners, and Tenaya Capital.

    Carl Eschenbach, partner at Sequoia, joined the board of directors.

    “As every industry and market segment faces the issue of identifying and securing these devices, Armis is providing the best solution with their easy to install, agent-less platform. This, along with their incredible team and company culture, is why we’ve partnered with the company since the Series A in Israel and are thrilled to be part of this next phase of growth,” Eschenbach said in a media statement.

    Jeff Horing, Managing Director at Insight Venture Partners, said they believe the Armis platform will be addressing a "$30-billion market.”

    Armis disclosed in the news release announcing the funding round that “it has seen 700% growth in annual revenue, with multiple multimillion-dollar contracts with enterprises, and has deployments in more than 25% of the Fortune 100.

    Customers include Mondelēz, Sysco Foods, Allergan, and Samsung Research America, the company said.

    Before the current funding round, Armis had also raised $17 million and $30 million in Series A and Series B funding, respectively.

    The post IoT security startup Armis secures $65 M funding appeared first on FutureIoT.

    ]]>
    Industry group calls for responsible, ethical use of biometrics https://futureiot.tech/industry-group-calls-for-responsible-ethical-use-of-biometrics/ Tue, 02 Apr 2019 01:35:04 +0000 https://futureiot.tech/?p=3472 The Biometric Institute, whose mission is to promote the responsible and ethical use of biometrics and biometric analytics, has released the Ethical Principles for Biometrics.

     

    The post Industry group calls for responsible, ethical use of biometrics appeared first on FutureIoT.

    ]]>
    At its annual conference in Washington DC on March 26, the Biometric Institute, a multi-stakeholder community whose mission is to promote the responsible and ethical use of biometrics and biometric analytics, has released the Ethical Principles for Biometrics.

    An idea first hatched at the Institute’s annual joint group meeting last October, the document compiles the ethical principles governing the use of biometrics for members and the wider community.

    It was put together by a collaborative, diverse group of members, including the Biometric Institute’s Privacy Expert Group, privacy commissioners, biometrics experts, and government employees.

    Chief executive Isabelle Moeller said that in the absence of joined-up international laws to protect human rights, everyone who operates in the field of biometrics should work according to seven principles.

    These include identity, privacy, federal and state biometric legislation and face recognition technology, in the context of responsible use.

    “Technology is moving so fast that laws and regulations are struggling to keep up. Without clear international legislation, businesses in the biometrics world are often faced with the dilemma, “Just because we can, should we?” she said in a news release.

    “Our role is to guide our members in the responsible and ethical use of these rapidly developing technologies so they benefit, not disadvantage humans. We hope the whole biometrics community will follow the principles and promote them,” she added.

    The seven principles are aimed at enabling members – and anyone operating in the biometrics industry – to show their commitment to addressing the ethical issues raised by new technology, and by biometrics in particular.

    Terry Aulich, head of the Biometrics Institute’s Privacy Expert Group and former Australian senator and state government minister said, "Even if some laws do not prevent commercial or governmental bad behavior, our Ethical Principles ask our members to operate at a higher level of accountability.”

    Biometrics defined

    The International Organization for Standardization (ISO) defines biometrics as automated recognition of individuals based on their biological and behavioral characteristics, which it says form distinguishing, repeatable features can be extracted for recognition.

    Key stakeholders in biometrics including Microsoft, the Federal Trade Commission, National Institute of Standards and Technology (NIST), and the Center for Democracy discuss hot topics in biometrics at the annual conference.

    According to the Biometrics Institute, the launch of the Ethical Principles comes off the back of a joint briefing at the UN headquarters in New York.

    “Since 2017, the Biometrics Institute has been involved in a two-stage project with the United Nations to compile the Compendium of Recommended Practices for the Responsible Use and Sharing of Biometrics in Counter-Terrorism,” it said.

    The compendium provides practical guidance on the implementation of biometric systems and is aimed to serve as a reference for member states.

    It includes existing good practices in the field of biometrics and addresses how biometric systems should be developed and managed in accordance with human rights.

    The post Industry group calls for responsible, ethical use of biometrics appeared first on FutureIoT.

    ]]>
    Know your day-to-day IoT security https://futureiot.tech/know-your-day-to-day-iot-security/ Thu, 28 Mar 2019 02:14:45 +0000 https://futureiot.tech/?p=3458 Ken Munro shows us how insecure Internet of Things products are and how easy it is to hack them. The big question is: how can we use these products in a safe way?

    The post Know your day-to-day IoT security appeared first on FutureIoT.

    ]]>
    Ken Munro shows us how insecure Internet of Things products are and how easy it is to hack them. The big question is: how can we use these products in a safe way?

    Ken Munro is a specialist in ethical hacking. He is able to hack everything – from hotel keycards, to a range of IoT devices, from wearable tech to children’s toys and smart home control systems.

    Ken is a respected speaker and pulls no punches during his annual Tech Talk presentations at Infosecurity Europe, where he can also be found performing practical hack attacks on the company stand. He is a regular speaker at events held by industry bodies and associations and has spoken at the ISSA Dragon’s Den, (ISC)2 Chapter events and CREST (Council of Registered Ethical Security Testers) events, where he sits on the board, helping to establish standards in both member organisations and among individual penetration testers. He’s also an Executive Member of the “Internet of Things Security Forum”, a body that aims to promote best security practice and the application of controls in smart device manufacturing, and spoke out on IoT security design flaws at the forum’s inaugural event. He’s also not averse to getting deeply techie, regularly participating in hacking challenges and demos at 44CON, DefCon and Bsides.

    The post Know your day-to-day IoT security appeared first on FutureIoT.

    ]]>
    Two faces of digitization in the rail industry https://futureiot.tech/two-faces-of-digitization-in-the-rail-industry/ Wed, 27 Mar 2019 00:36:56 +0000 https://futureiot.tech/?p=3422 From level crossings to signal boxes, and even autonomous trains, the potential for digitization in the rail sector is huge and already becoming a reality. This transformation presents new opportunities but also new challenges. How must the rail sector react?

    The post Two faces of digitization in the rail industry appeared first on FutureIoT.

    ]]>
    Sedat Sezgün
    Group Vice President Business Segment Rail
    HIMA

    Authored by:
    Sedat Sezgün,
    Group Vice President Business Segment Rail
    HIMA

     

    From level crossings to signal boxes, and even autonomous trains, the potential for digitization in the rail sector is huge and already becoming a reality. This transformation presents new opportunities but also new challenges. How must the rail sector react?

    For rail transportation to remain competitive with other methods of travel, such as airplanes and cars, the sector must become more efficient and reduce costs. There are many means to achieve this, including automating processes and even trains themselves. However, while such measures may make rail operation simpler and more effective, they also have implications for rail safety. These changes require new types of safety solution and providers must adapt with the ever-developing technology landscape of the rail sector.

    Evolving with Digitization to Gain the Market Share

    Despite the rail industry being a somewhat closed market with high barriers to entry, if existing players do not develop solutions suitable for the networked age, they are likely to get left behind. Software companies could potentially take over and gain the market share. This transformation of the market represents challenges for companies as success depends on investing resources in research and development. However, if handled correctly, digitization offers safety solution providers and rail operators an abundance of opportunities. By working closely with rail companies, safety solution providers can help create new business models and access new markets.

    Defining a clear strategy for success

    If safety providers react to this change, not only can they profit, they can actually contribute to influencing digitization. Companies must embrace drivers of digitization such as the Internet of Things (IoT) and machine learning, and develop a strategy using them. In this way, new solutions and systems will work in harmony with the demands of the digital age.

    Secondly, safety providers must look to build on their internal IT knowledge and expertise. This allows them to take control of solution development themselves and not be reliant on IT third parties, which may be costly and relinquish a business’ influence on digitization of the rail sector. Finally, working together with others in the industry is vital. In this way, the rail sector can tackle challenges as a collective to minimize costs and reduce risks in solution development.

    “Due to the rise of digitization in the rail sector, solutions based on COTS systems and open safety technology will form the key foundation for digital platforms in the future.” Reinhold Hundt, Rail Industry Expert at Astran

    Digitization in the rail industry is changing safety requirements. This calls for significant technological advancements to keep pace with the new market. Cybercrime is perhaps the foremost challenge, but there are also many other aspects to consider, such as innovation cycles and communication between devices. What must companies do to ensure they’re protected?

    The digital age is the era of interconnectivity. Machines can be connected to one another and even to people. Five key drivers of digitization are used to create these intelligent networks. These are IoT, machine learning, Industry 4.0, virtual reality, and autonomous systems. This development requires new types of safety technology.

    Standardized Communication Is Key

    To defend applications against cyberattacks, it is vital to minimize, or even eliminate, opportunities for people to access systems. This can be achieved by implementing closed safety systems. HIMA identified cybercrime as an issue early on and designed its COTS controllers with this in mind. Such controllers for rail safety utilize their own operating systems for applications, making it incredibly difficult for hackers to gain access. COTS technologies, including those from HIMA, only use the functions required for the relevant application, and distributed control systems are separate from one another. As a result, if the communication processor is attacked, safe operation continues.

    Standardization of communication interfaces could spark huge developments in rail technology and automation. By creating consistent communication, organizations could connect rail networks across entire nations, or even internationally. But consolidating different communication protocols presents challenges. Therefore, controllers should be designed so that they fulfill the requirements for standardizing communication and ensuring continuous safety.

    Innovation Cycles Undergoing Change

    As a result of the rapid advancement in software over the past two decades, innovation cycles have become significantly shorter. If safety technology requires long-term availability, updates are necessary in short intervals. Modern controllers must ensure that updates are simple and quick to perform. Additionally, it should be possible to map hardware functions using software. Backward compatibility would also be ideal in order to combine older systems with newer ones to ensure they are future proof.  A modular design makes it possible for users to exchange certain functional modules or add completely new ones – even during operation.

    A Clear Strategy for the Digital Future Is Required

    Regardless of whether it’s standardization, migrating central functions to the cloud, autonomous trains, or smart supply chains and maintenance models, digitization will trigger fundamental new developments in the rail sector. It still remains to be seen who is fully on track for future success.

    “Standardization of communication and ensuring reliable safety are our two central challenges in the digital age.” Dr. Alexander Horch, Vice President of Research, Development, and Product Management at HIMA

    The post Two faces of digitization in the rail industry appeared first on FutureIoT.

    ]]>
    Business security issues with IoT devices https://futureiot.tech/business-security-issues-with-iot-devices/ Tue, 26 Mar 2019 04:46:17 +0000 https://futureiot.tech/?p=3400 At a recent FutureIoT roundtable, one of the delegates pointed to security as a recurring concern even as organizations push forward the digitalization of the business. At a panel discussion, a CIO queried the extent to which the business is mandating the introduction of emerging technologies such as wearables despite the lack of prevailing standards […]

    The post Business security issues with IoT devices appeared first on FutureIoT.

    ]]>
    At a recent FutureIoT roundtable, one of the delegates pointed to security as a recurring concern even as organizations push forward the digitalization of the business. At a panel discussion, a CIO queried the extent to which the business is mandating the introduction of emerging technologies such as wearables despite the lack of prevailing standards and best practices in deploying and managing such solutions.

    Chester Wisniewski, Principal Research Scientist at Sophos

    Chester Wisniewski, Principal Research Scientist at Sophos, spoke to FutureIoT editor to share his views on how IoT deployments need to be further evaluated in light of growing awareness around vulnerabilities arising from the use of such technologies.

    How is IoT faring in the industrial and enterprise space, especially with regards to security?

    Chester Wisniewski: Security teams and IT teams are often unaware of a lot of the enterprise IoT they already have because it may have been introduced by third parties. And great examples of that are… some work I was doing at a university a few months ago where when they were renovating a part of their campus, they discovered that the company that had installed the lift, had put the lifts on their network, so that they could remotely monitor the lifts for maintenance purposes and to collect statistics from them to determine when they needed to do repairs.

    They also discovered things like the vending machines in the cafeterias were connected to their network – a lot of these things were introduced under their network that they didn’t really know were there, right?

    On the enterprise side, I think at this point most the organisations I am talking to are just struggling with identification because it is too easy to connect these things and they get connected without the security team being aware or notified.

    On the industrial side, it’s a much more complicated thing.

    Obviously, IoT is driving efficiency and possibility the ability to not have to send people to locations to monitor sensors and temperatures and pressures, and all these types of things are driving a whole lot of efficiency. The problem is that the vendors supplying most of the gear have largely ignored security and they bolted on internet capabilities for the things that were designed 25 years ago; that wasn’t designed with the idea that somebody could tamper with them. And now that they are on the internet, of course, they can be tampered with and they are being tampered with. There is a huge amount of risk being introduced there.

    What makes IOT devices exploitable at this stage?

    Chester Wisniewski: On the enterprise side, it’s usually because they are using commodity - off the shelf components from a software perspective, right?

    Most of these devices are running some sort of Linux Operating System (OS). Many of them even run some IoT versions of things like Android. And they are not being updated, so the risk is simply just being out of date and not being patched and maintained. They are built to be deployed once and once they are in the field, there is kind of an expectation that the only time you might ever update them would be for features, not for security.

    On the industrial side, the problem is much more complicated because things are placed in buckets when we talk about security and things based on their capabilities. At the bottom of the pile, we have things that just monitor temperatures of something in the pipeline or pressures or these types of very simple sensors that are now internet enabled.

    In the middle, you have things that might be a little more intelligent, for example, enterprise IoT, where they have some capabilities. They have an operating system, they’ve got some memory, they’ve got a small processor but because they are deployed in the field and need to run on batteries or a small solar panel because they are not connected to the grid or they are in a remote location. They need to be able to run on extremely low power for a long time, so they have very limited processors and capabilities like that.

    On the higher end of full-fledged computers that are controlling things that we would also consider to be IoT in the industrial side and those have a lot more capabilities to be managed, patched and fixed and maintained over a period of time because they are more capable computers.

    Should we at this point in time really be worried about IoT security? How much of it is well-placed and where are the greatest areas of vulnerabilities for us? 

    Chester Wisniewski: The truth of the matter is that there are compromised devices all over most enterprises and it doesn’t cause them to fail every day and it is unlikely that your hacked Coca Cola machine is going to result in a GDPR violation, right?

    I mean, the truth of the matter is the risk is somewhat contained already on the enterprise side and the benefits of embracing this kind of stuff outweigh the risks. It’s just more of an issue of, can you do things that are cheap and easy that help you minimize that risk?

    If you know that the lifts and the Coke machine are on your network, you start to isolate them with your firewalls, so they can’t talk to everything else on that network. Maybe you just let them talk to the internet because that is the whole purpose of them being there. And if they start talking to your laptops, servers, and databases, you know something is wrong and that is a very bad thing. You just block them, once you are aware of them you can sense them in a little bit and let them do their thing.

    I don’t think that we need to get too concerned with updating and patching IoT devices the way we think about fixing our laptops every month, right? It should be a pretty one-time kind of a thing, to identify what you have, contain it and put off to the side and just let it go. It’s fine.

    More of the concern is on the industrial side because obviously, depending on the sector you are in, blowing up pipelines or messing with chemical plants or disabling things in water filtration systems is obviously a huge public safety concern. Most of these devices have literally almost zero security built into them and they trust any commandment.

    Sadly, the control software also trusts that anything it’s getting from these devices must be valid, like there is no authentication to say that a sensor is actually a sensor. Any hacker can get on the network and start sending messages saying that they are that sensor and in most of the systems there is no way to tell that in fact, it is not the sensor and it is somebody else impersonating it and sending data in. That is where, I think, the most work needs to be done.

    Are current generation security solutions designed to support IoT from a security standpoint?

    Chester Wisniewski: Security and IoT are still kind of two separate areas, it’s a complex thing. Traditional IT security teams really have no tools or capability to assist with IoT stuff today. The existing tools just are completely separate- I’ll address them separately as you asked me.

    So, on the industrial side, usually, the protection and maintenance of the IoT rely on the engineers who actually manufacture and manage it day to day, not the computer people. The computer people don’t have tools to do it and the engineering people who are responsible for it don’t understand the risks because they are not computer people. The current generation stuff that is being sold has gotten a heck of a whole lot better in the past few years. There is way more capability to identify, protect and authenticate communication to industrial IoT devices.

    So, I think, to some degree we need to start having traditional IT security people embedded in those industrial management teams. They need to have a seat at the table when decisions are being made about how to deploy things and they need to be part of testing and securing that system in an ongoing basis hand-in-hand with the traditional engineers because they are such different skillsets that we really cannot expect the physical engineers to comprehend the hacker mindset, or vice versa. The hacker mindset people are not people that understand pipes and pressures and sensors and managing a refinery. We need some sort of a cross-trained hybrid team to start dealing with that.

    On the enterprise side, since most of the stuff is commodity based, there’s a lot of opportunities for the traditional IT team to actually investigate and potentially identify risks from these devices because most of them are running things like Linux and Android that the IT team already has experience identifying, managing and testing. So, while the manufacturers may not be responsive to a lot of security reports, which is a bit of an issue. If I am an IT person on the enterprise side, I’m just worried about identifying and isolating these devices so if they are compromised, they cause no harm

    On the enterprise side, it’s not getting any better. All the stuff has all sorts of security problems, but the staff are prepared for it and understand it better. We kind of have opposites in the two spaces.

    What is your advice to organisations?

    Chester Wisniewski: On the enterprise side, I would go back to what I was saying earlier. I would be investing my time into identification and isolation. Allow the devices, embrace them and let them make you more efficient but put them in their own little playpen off to the side so that they cannot hurt anyone else. That is cheap and easy, it’s really not that difficult. It’s just a matter of putting a little bit of time in and it will pay off for a long time.

    On the industrial side, I’d say you need to hire your own hacker. You really need your own in-house hacker. If you are big enough to have industrial IoT and you have got enough cash flow that is a real concern for your business, you need to have your own internal hacker. You need somebody who is trying to break your stuff to understand how to break it.

    Work hand in hand with the team that is building it so that over time you continuously improve. You are never going to fix your 25-year-old stuff – that stuff is going to be out there. You need somebody that is helping you figure out where all those risks lie and explaining it to the people who control it so that you are managing that risk appropriately and having your own internal hacker is the answer.

    The post Business security issues with IoT devices appeared first on FutureIoT.

    ]]>
    Smartphone makers favour face biometrics over fingerprint https://futureiot.tech/smartphone-makers-favour-face-biometrics-over-fingerprint/ Mon, 25 Mar 2019 04:00:35 +0000 https://futureiot.tech/?p=3394 1.26 billion fingerprint sensors will be shipped in 2019; phone makers are turning their interest on face recognition

    The post Smartphone makers favour face biometrics over fingerprint appeared first on FutureIoT.

    ]]>
    Apple, Samsung, Huawei, Xiaomi, and LG are driving face recognition applications in consumer electronics as face biometrics apps are expected to boast an impressive 26.9% 5-year CAGR growth until 2024. Despite this increased attention by smartphone markers ABI Research says fingerprint sensors will continue to experience healthy growth with an estimated 1.26 billion fingerprint sensors to be shipped in 2019.

    End-users certainly have a lot of biometric upgrades to look forward to in the coming years including the incorporation of an “invisible, in-glass” fingerprint sensor for smartphones, a more streamlined approach to iris recognition, as well as more accurate behavioural recognition.

    However, one particular implementation seems to be more delayed than initially expected: biometrically embedded payment cards with fingerprint sensors are off to rough start.

    “We have seen all relevant actors and market innovators making all necessary preparations during the last 3 years - educating the public regarding battery-less fingerprint-embedded cards, technologies that allow energy harvesting from nearby terminals, meticulous conformity to EMV specifications, and even addressing issues like tamper-resistant integrated circuits for additional protection of any biometric data contained therein,” commented Dimitrios Pavlakis, Industry Analyst at ABI Research.

    Pavlakis added that although most of the supporting technology has indeed reached critical mass there are still a few pricing and operational issues that currently keep many projects in the pilot phase.

    However, credit card companies like MasterCard and Visa, market leaders like Gemalto, IDEMIA, and FPC and innovative market entrants like IDEX, NEXT Biometrics, Zwipe, and Smartmatic are currently some of the main actors expected to lead this biometric evolution in the near future. Fingerprint sensor embedded payment cards are expected to experience significant growth from 2021 onwards.

    The automotive industry is also ripe for a user security upgrade with biometric applications set to increase significantly through 2024. These applications include merging leading modalities like face, fingerprint, voice and iris with ADAS (Advanced Driver Assistance Systems), health monitoring, and user customization.

    Advanced analytics and machine vision coupled with face recognition and surveillance, iris recognition in governmental and civil applications, and even biometrically-enhanced cryptocurrency wallets are some of the enticing new applications expected to keep biometric automotive technologies in the spotlight in the coming years.

    The post Smartphone makers favour face biometrics over fingerprint appeared first on FutureIoT.

    ]]>
    Routers and IoT proven path to hacking insecure smart homes and businesses https://futureiot.tech/routers-and-iot-proven-path-to-hacking-insecure-smart-homes-and-businesses/ https://futureiot.tech/routers-and-iot-proven-path-to-hacking-insecure-smart-homes-and-businesses/#comments Sun, 24 Mar 2019 04:35:29 +0000 https://futureiot.tech/?p=3389 Exposed cyber assets found in hospitals and industrial control systems (ICS) – connectedness introduces notable risks even as it provides expansive efficiency

    The post Routers and IoT proven path to hacking insecure smart homes and businesses appeared first on FutureIoT.

    ]]>
    Fans of the Die Hard franchise will recall that in the fourth instalment, Live Free or Die Hard, an attack was made against American public infrastructure.

    That attack may not be so fictional, as the latest Trend Micro report suggests that devices such as routers are entry points to attacks. Recall the infamous attack against Bangladesh's central bank which saw hackers steal US$80 million. Reuters blamed the successful hack because the bank “skimped on network hardware and security software”.

    According to Trend Micro vulnerabilities cut across both industrial, commercial and consumers, such as routers and IoT devices being used for cryptocurrency mining and pharming attacks.

    Cryptocurrency owners have become a major target in 2018 using cryptocurrency-mining malware and cryptocurrency-stealing malware. Trend Micro says underground forums continued to peddle wares that use smartphones, routers and IoT devices for mining activities.

    Healthcare industry is a lucrative one that remained highly vulnerable to attacks due to both the nature of the data they keep and the state of network and supply chain security, particularly in connected hospitals.

    Trend Micro uncovered exposed HMIs in oil, gas, biogas, power, and water companies, where there was little or no authentication required to view or interact with consoles. This finding is especially concerning because of the nature of the services these companies supply; for instance, an attack on the water supply of a certain region can have disruptive results and may lead to several knockoff effects.

    Trend Micro concluded that the industry remained highly vulnerable to attacks due to both the nature of the data they keep and the state of network and supply chain security, particularly in connected hospitals.

    The security vendor drew up several attack scenarios related to the exposure of the communication protocols Message Queuing Telemetry Transport (MQTT) and Constrained Application Protocol (CoAP). Organizations need to stop using default configuration settings and need to deploy encryption and authentication methods.

    Singapore: SEA hub for malicious URLs in SEA

    2018 Trend Micro survey identifies Singapore as top stop for compromised business email.

    As part of its 2018 annual security roundup Trend Micro identified Singapore as the most vulnerable (68.1%) country in Southeast Asia (SEA). Malicious URLs hosted locally were blocked more than 3 million times, and over 15 million attempts by Singaporeans to access malicious URLs were blocked by Trend Micro.

    Attacks that capitalize on the human desire to respond to urgent requests from authority are on the rise. The number of business email compromise (BEC) attacks in 2018 increased by 28% globally. While these attacks are less frequent than phishing attacks, they are more sophisticated and take more careful planning for cybercriminals.

    BEC scams are a pressing issue amongst Singapore-based companies. The nation ranked first in SEA for experiencing the most BEC attacks (consisting of CEO fraud) last year (27.3%), followed by Malaysia (26.1%) and Indonesia (25%). On average, they yield approximately S$177,000 per attack.

    Vietnam, Indonesia and Singapore were the three SEA countries with the highest numbers of email threats blocked by Trend Micro at 46.2%, 21.3% and 10.9% respectively. Trend Micro detected more than 55 million malware attacks in SEA. Malaysia took top spot at 29.6%, followed by Singapore (19.8%) and Thailand (16.4%).

    Those are the bad news. The good news is there is rising interest in machine learning and artificial intelligence technologies to enable enterprises to circumvent these threats.

    Nilesh Jain, vice president, Southeast Asia and India, Trend Micro said: “Previously, attackers relied on spray and pray style attacks. Today, they can be more effective with targeted phishing emails to infect victims who click the links or open the attachments. Enterprises need to strengthen their cyber defences at every touchpoint, namely, on the endpoint, in the cloud, and at the network layer.”

    Making the digital world a safe place for information exchange requires several approaches. Not least of these is a deep understanding of the current landscape, especially around public service sector equipment and systems, to which connectedness introduces notable risks even as it provides expansive efficiency.

    The post Routers and IoT proven path to hacking insecure smart homes and businesses appeared first on FutureIoT.

    ]]>
    https://futureiot.tech/routers-and-iot-proven-path-to-hacking-insecure-smart-homes-and-businesses/feed/ 2
    Sensors in the era of cloud connectivity https://futureiot.tech/sensors-in-the-era-of-cloud-connectivity/ https://futureiot.tech/sensors-in-the-era-of-cloud-connectivity/#comments Tue, 19 Mar 2019 00:12:19 +0000 https://futureiot.tech/?p=3341 Swift Sensors CEO talks about the implications of technologies like cloud computing on the manufacturing process, including the use of evolving technologies like IoT and NB-IoT.

    The post Sensors in the era of cloud connectivity appeared first on FutureIoT.

    ]]>
    History.com reports that the first industrial revolution (circa 18th and 19th century) saw the introduction of automation in the manufacturing process. The premise of making things better, faster and with greater volume hasn’t really changed much.

    The fourth industrial revolution, also referred to as Industry 4.0, continues this trend albeit with more advanced tools and technologies that facilitate greater automation and in today’s information-dependent business models more accurate data exchanges.

    Industry 4.0 has given rise to the development of “smart factories” where modular structures are the norm, as is the convergence of cyber-physical systems to enable better monitoring of physical processes.

    A key technology that will see greater development is in the Internet of Things (IoT) – highly specialized devices that perform a simple task, but do it well, fast and cheaply – and combined with other innovations like artificial intelligence, virtual reality, advanced analytics and improved sensor / telemetry will, hopefully, mean even better, faster, cheaper way of producing products.

    It is anticipated that the commercial rollout of 5G will further fuel adoption of IoT and related technologies as connectivity may finally become nearly ubiquitous

    Sam Cece co-founder and ceo of Swift Sensors spoke to FutureIoT on the implications of technologies like cloud computing on the manufacturing process, including the use of evolving technologies like IoT and NB-IoT.

    Sensors, including telemetry, have been around for some time. What benefits/improvement do the cloud offer that is significantly better than legacy implementations?

    Sam Cece: The cloud offers several benefits to measurement and monitoring systems.  I’ll address each of the areas separately.

    1. Better Reliability -- Clouds services, such as Amazon Web Services, have “five nines” availability and redundancy so there’s never a concern regarding access or storage of data.
    2. Better Security -- Cloud services incorporate the leading edge security techniques not available or not affordable to vendors of most on-premise storage systems.
    3. Lower Total Cost of Ownership (TCO) -- With a cloud-based system there’s no installation, maintenance, or upgrade costs. The system is always up to date and always has the latest features available without a costly upgrade process.
    4. Easier integration with 3rd-party apps, tools, and libraries -- A large and growing community of cloud tools exists for integration of capabilities such as artificial intelligence (AI), data analytics, mapping, and predictive maintenance. Most if not all vendors of these tools offer standard APIs, which allow easy and seamless integration.

    Part of the allure of open systems today is the ability to bring in best of breed solutions. In the case of the sensors as used in, for example, a manufacturing environment, is it better to go all out with multi-vendor solutions? Are closed systems still viable in the era of cloud?

    Sam Cece: In the era of the cloud, it’s difficult to find or imagine a completely closed system.   Even the large, highly proprietary systems offer some level of interoperability, perhaps through a standard sensor interface (e.g 4-20mA, HART), through a wireless protocol (e.g. BLE, ZigBee, WiFi, or LoRaWAN), or with Restful APIs that provide access to the system’s data on the cloud.

    There’s no perfect solution along the continuum of open multi-vendor to proprietary closed systems.  Most important is a thorough level of integration and system testing of the solution. The fundamental elements of the system must work reliably, all of the time.  This is particularly important with Industrial IoT systems. Industrial and manufacturing plants cannot afford downtime and maintenance of an IoT system that is not fully integrated.  It’s the basic starting point from which an industrial customer views an acceptable solution.

    We designed our system at Swift Sensors to be fully end-to-end ready to deploy and run from sensor to cloud without any modifications.   We see this is critical to meet our industrial customer’s needs. We build our system on standard technologies, including WiFi, ethernet, BLE, ZigBee, and Web APIs so our system can easily incorporate new hardware and software functionality as well as export data from our hardware and cloud-based software.

    A key concern around IoT is the lack of attention paid to securing these devices. How are vendors like Swift Sensor addressing this concern?

    Sam Cece: Security has to be designed into the system from the beginning.  The most critical elements of the system are the communication between the wireless access points and the internet.  It is at this interface where attacks and intrusions typically occur. We use SSL encryption in the communication between our Bridge (wireless access point) and the Cloud (internet).  We are fortunate to have one of the leading experts in cybersecurity for banking systems who has architected our entire security system.

    There is never a perfect solution and blockade from cyber-attacks, but a continued vigilant approach in the design, and continuous testing of an IoT system can minimize the cybersecurity risk.

    Swift Sensors claims that its cloud wireless sensor system that can be configured and deployed at one-tenth of the cost of traditional systems. How do you keep this cost down?

    Sam Cece: The significantly lower costs of our system is a factor of three elements:

    1. Cloud-based architecture -- Storing data and configuring the wireless system on the cloud completely obviates the hassle of installing and maintaining software on-premise. This also removes the need to purchase and maintain capital equipment in the form of servers, workstations, or on-premise data acquisition systems. Software maintenance and feature enhancements are seamless and silent and do not require any resource.   The total cost of ownership of a cloud-based monitoring system is at least 1/10th of an on-premise alternative.
    2. Lower installation and cabling costs -- Wireless sensors, by definition, do not need cabling back to the central data acquisition system. The sensors can be placed in locations not accessible by wired sensors and are not restricted by a cable that could make the installation more difficult.  Cabling costs are eliminated and installation costs are lowered with a wireless sensor system.
    3. Lower cost hardware design using high volume wireless SoCs and sensor ICs -- We use a common radio architecture in our sensor and bridge hardware using industry standard ICs and SoCs. The high volume use of these chips reduce the cost of our hardware platform and ensure compatibility with current and future standards, such as BLE, ZigBee, WiFI, LoraWAN, and NB-IoT.

    In your view, what will be the key trend for manufacturers to pay attention to in 2019?

    Sam Cece: The key question for all manufacturers in 2019 is “How will you implement Industry 4.0 in your factory?”  Industry 4.0 includes improvements in processes including Interconnection--the industrial IoT), Information Transparency--using data to make decisions, Technical assistance--using data and machines to assist humans in difficult decisions and tasks, and Decentralization--autonomous decisions and tasks.

    Implementing Industry 4.0 doesn’t have to mean disrupting the entire manufacturing process or paying consultants to implement an overarching (and probably unrealistic) digital strategy.  Our wireless system, for example, allows a manufacturing company to start small, monitoring equipment and process to gain insight into how to improve operational efficiency and a machine or shift by shift level.  Getting started with Industry 4.0 is often the hardest part, and critical for all manufacturers to say competitive.

    The post Sensors in the era of cloud connectivity appeared first on FutureIoT.

    ]]>
    https://futureiot.tech/sensors-in-the-era-of-cloud-connectivity/feed/ 1
    Influence of IoT on security https://futureiot.tech/influence-of-iot-on-security/ Mon, 18 Mar 2019 07:29:28 +0000 https://futureiot.tech/?p=3338 Simon Piff, Vice President of IT Security Practice at IDC Asia-Pacific, any discussion on IoT and security will naturally lead to questions of where the devices [or sensors] are and what kind of trusted security controls around the device exists, and who should have access to these.

    The post Influence of IoT on security appeared first on FutureIoT.

    ]]>
    The introduction of Internet of Things (IoT) devices may herald deeper insight into operations or customer behaviour, but most certainly it will introduce even greater risks to organizations and operations. In part it is because security was never an integral part of the design at the beginning.

    Things get complicated quickly as the number of connected IoT devices balloon becoming difficult to monitor and manage.

    According to Simon Piff, Vice President of IT Security Practice at IDC Asia-Pacific, any discussion on IoT and security will naturally lead to questions of where the devices [or sensors] are and what kind of trusted security controls around the device exists, and who should have access to these.

    Raising the concept of distributed integrity, he opines that if we want to access data coming from IoT devices, how do we validate the data? For sure the data is collected at the edge and only brought to the core system after being vetted.

    “That data layer, what it is, becomes important,” he remarked.

    He agrees that the arrival of 5G is only going to increase the amount and speed by which data is acquired.

    “We need to start thinking more in terms of how we can manage and manipulate that information in a secure environment at the edge before we bring it in, and process it in our core data centres. So it's putting layers of security in place and understanding the risk for those discrete components and applying security accordingly,” he concluded.

    The post Influence of IoT on security appeared first on FutureIoT.

    ]]>
    Monetary Authority of Singapore moves to strengthen technology risk management https://futureiot.tech/monetary-authority-of-singapore-moves-to-strengthen-technology-risk-management/ Mon, 11 Mar 2019 22:46:43 +0000 https://futureiot.tech/?p=3284 The plan is to expand its Technology Risk Management (TRM) Guidelines issued in 2013 and the Business Continuity Management (BCM) Guidelines issued in 2003.

    The post Monetary Authority of Singapore moves to strengthen technology risk management appeared first on FutureIoT.

    ]]>
    The Monetary Authority of Singapore is eyeing to strengthen its capability to handle technology risk by putting in place measures that would require financial institutions to develop operational resilience.

    The plan is to expand its Technology Risk Management (TRM) Guidelines issued in 2013 and the Business Continuity Management (BCM) Guidelines issued in 2003.

    MAS said the two guidelines continue to emphasize the importance of risk culture, and the roles of board of directors and senior management in technology risk and business continuity management.

    However, the regulator sees the need to take into account the rapidly changing physical and cyber threat landscape.

    “A cyber-attack can result in a prolonged disruption of business activities. Threats are constantly present and evolving in sophistication. We cannot afford to be complacent,” said Tan Yeow Seng, Chief Cyber Security Officer, MAS, in a media statement.

    MAS proposes to expand the TRM Guidelines to include guidance on effective cyber surveillance, secure software development, adversarial attack simulation as well as the management of cyber risks posed by the Internet of Things (IoT).

    It also proposes to update the BCM Guidelines to raise standards for FIs in the development of business continuity plans that will better account for interdependencies across

    Last week, it released the consultation papers for the TRM and BCM plans, which it said were developed in close partnership with the financial industry.

    The public consultation will run from 7 March to 8 April 2019.  

    In a speech last January at the launch of the Cyber Risk Management (CyRiM) Project Scenario, Elean Chin, Division Head of the Monetary Authority of Singapore said that in an increasingly digitised world, cyber attacks are becoming an almost daily occurrence and one of the biggest threats to doing business.

    "Asia is one of the most digital connected economic blocks, with high internet connectivity and smartphone penetration levels. Yet, cybersecurity investment and data breach protection laws remain inadequate, she said.

    "As a result, Asia-Pacific saw the highest number of compromised records and security events in the first half of last year, accounting for close to 40 percent of global cybersecurity incidents and 30 percent of compromised records worldwide," she added.

    Chin said in Singapore, the Cyber Security Act came into force in August 2018, which created a regulatory framework for the monitoring and reporting of cybersecurity threats.

    The initiative of MAS in updating its TRM and BCM Guidelines is a move along this goal.

    Moreover, within the financial services sector, MAS has partnered the Financial Services Information Sharing and Analysis Centre (FS-ISAC) to establish its Asia Pacific Regional Analysis Centre in Singapore.

    "The Regional Centre, which supports member financial institutions across nine Asia-Pacific countries, allows its members to share and receive cyber threat intelligence," she said.

    The post Monetary Authority of Singapore moves to strengthen technology risk management appeared first on FutureIoT.

    ]]>
    Report: Half of top 12 global exploits target IoT devices https://futureiot.tech/report-half-of-top-12-global-exploits-target-iot-devices/ https://futureiot.tech/report-half-of-top-12-global-exploits-target-iot-devices/#comments Mon, 11 Mar 2019 03:52:16 +0000 https://futureiot.tech/?p=3282 The convergence of physical things and cybersecurity is creating an expanded attack surface, one that cybercriminals are increasingly targeting, a new report on the threat landscape revealed.

    The post Report: Half of top 12 global exploits target IoT devices appeared first on FutureIoT.

    ]]>
    The convergence of physical things and cybersecurity is creating an expanded attack surface, one that cybercriminals are increasingly targeting, a new report on the threat landscape revealed.

    The Fortinet Threat Landscape Report Q4 2018 showed that half of the top 12 global exploits targeted internet of things (IoT)  devices, and four of the top 12 were related to IP-enabled cameras.

    “Access to these devices could enable cybercriminals to snoop on private interactions, enact malicious onsite activities, or gain an entry point into cyber systems to launch DDoS or ransomware attacks,” the report noted.

    “It is important to be aware of hidden attacks even in devices we use to monitor or provide security,” it added.

    This confirms FutureIoT’s earlier reports on the vulnerability of even everyday objects such as connected toys or smart home devices.

    Fortinet said that “a security fabric is needed to span the entire networked environment from the IoT endpoint to multi-clouds to integrate each security element to address today’s growing threat environment and to protect the expanding attack surface.”

    “This approach enables actionable threat intelligence to be shared at speed and scale, shrinks the necessary windows of detection, and provides the automated remediation required for today’s threats,” the report explained.

    Fortinet Threat Landscape Report is a quarterly view that represents the collective intelligence of FortiGuard Labs drawn from Fortinet’s vast array of global sensors during Q4 2018. Research data covers global and regional perspectives.

    Also included in the report is the Fortinet Threat Landscape Index (TLI), comprised of individual indices for three central and complementary aspects of that landscape which are exploits, malware, and botnets, showing prevalence and volume in a given quarter.

    According to the Fortinet Threat Landscape Index, the Index hit an all-time high during Q4, which it says is indicative of the constant ebbs and flows of cyberthreat activity.

    “While cyber adversary activity overall subsided slightly, the number of exploits per firm grew 10 percent, while unique exploits detected increased 5 percent. At the same time, botnets become more complex and harder to detect,” Fortinet said.

    “Time for infection of botnets increased by 15 percent, growing to an average of nearly 12 infection days per firm. As cybercriminals employ automation and machine learning to propagate attacks, security organizations need to do the same to combat these advanced methods,” it added.

    The post Report: Half of top 12 global exploits target IoT devices appeared first on FutureIoT.

    ]]>
    https://futureiot.tech/report-half-of-top-12-global-exploits-target-iot-devices/feed/ 1
    digitalSTROM’s uses TIBCO Cloud to create safe, smart home https://futureiot.tech/digitalstroms-uses-tibco-cloud-to-create-safe-smart-home/ Thu, 07 Mar 2019 01:58:25 +0000 https://futureiot.tech/?post_type=case-study&p=3251 The sophisticated digitalSTROM system uses the platform to integrate electrical (IoT) home devices with partner capabilities, supplying reliable two-way communication and control. All this is possible via TIBCO Cloud.

    The post digitalSTROM’s uses TIBCO Cloud to create safe, smart home appeared first on FutureIoT.

    ]]>
    The sophisticated digitalSTROM system uses the platform to integrate electrical (IoT) home devices with partner capabilities, supplying reliable two-way communication and control. All this is possible via TIBCO Cloud.

    Accessing FutureIoT Premium Content

    Welcome! To access Premium content and more, please login below.

    Not a Premium member yet? Register now for a free account!

    Forgot Password

    Alternatively,

    The post digitalSTROM’s uses TIBCO Cloud to create safe, smart home appeared first on FutureIoT.

    ]]>
    Deloitte: Safeguarding the Internet of Things https://futureiot.tech/deloitte-safeguarding-the-internet-of-things/ Thu, 07 Mar 2019 00:47:21 +0000 https://futureiot.tech/?post_type=whitepaper&p=3240 Deloitte believes that adopting this secure, vigilant and resilient approach is a key step to helping leaders continue to identify risks and responses, as well as to drive performance at their organizations.

    The post Deloitte: Safeguarding the Internet of Things appeared first on FutureIoT.

    ]]>
    Deloitte believes that adopting this secure, vigilant and resilient approach is a key step to helping leaders continue to identify risks and responses, as well as to drive performance at their organizations.

    Accessing FutureIoT Premium Content

    Welcome! To access Premium content and more, please login below.

    Not a Premium member yet? Register now for a free account!

    Forgot Password

    Alternatively,

    The post Deloitte: Safeguarding the Internet of Things appeared first on FutureIoT.

    ]]>
    Guide for assessing security maturity of industrial IoT systems launched https://futureiot.tech/guide-for-assessing-security-maturity-of-industrial-iot-systems-launched/ Mon, 04 Mar 2019 03:40:04 +0000 https://futureiot.tech/?p=3203 The Industrial Internet Consortium (IIC) has launched the Security Maturity Model (SMM) Practitioner’s Guide, which provides a detailed guidance for assessing and managing the security maturity of Internet of Things  (IoT) systems.

    The post Guide for assessing security maturity of industrial IoT systems launched appeared first on FutureIoT.

    ]]>
    Fresh from joining forces with the OpenFog Consortium, the Industrial Internet Consortium (IIC) has launched the Security Maturity Model (SMM) Practitioner’s Guide, which provides a detailed guidance for assessing and managing the security maturity of Internet of Things  (IoT) systems.

    IIC said that as organizations connect their systems to the internet, they become vulnerable to new threats, and they are rightly concerned with security.

    Building on concepts identified in the IIC Industrial Internet Security Framework published in 2016, the SMM Practitoner’s Guide defines levels of security maturity for a company to achieve based on its security goals and objectives as well as its appetite for risk.

    “This is the first model of its kind to assess the maturity of organizations’ IoT systems in a way that includes governance, technology and system management,” said Stephen Mellor, CTO of IIC.

    The guide includes descriptions of scenarios and what must be done to reach a given security comprehensiveness for each security domain, subdomain and practice.

    An example given is an automotive manufacturer considering the possible threats interfering with the operations of a vehicle key fob.

    The manufacturer sets its target maturity comprehensiveness level to “1” as it considers some IT threats, such as a Denial of Service attack that may prevent a driver from opening the car door using the key fob.

    Over time, as new threats emerge, the manufacturer realizes it needs additional threat modeling and enhanced practices so raises its target maturity comprehensiveness level to a higher level “2.”

    Along with the publication of the SMM Practitioner’s Guide is an update to the IoT SMM: Description and Intended Use White Paper, which provides an introduction to the concepts and approach of the SMM.

    The white paper has been updated for consistency with the SMM Practitioner’s Guide, including revised diagrams and updated terminology, according to the IIC.

    The IIC said it is collaborating with various industry groups to develop industry profiles that extend the model. 

    In a news release, Moscow-based cybersecurity and anti-virus provider Kaspersky Lab said it had joined forces with industry leaders in developing the SMM Practitioner’s Guide.

    “The prioritization of security measures, goal setting, and the development of a strategy for making a system “secure enough” is an objective that affects organizations’ long-term economic planning, along with investment, the choice of insurance program, or any other task with conflicting stimuli,” said Ekaterina Rudina, senior system analyst at Kaspersky Lab ICS CERT.

    The post Guide for assessing security maturity of industrial IoT systems launched appeared first on FutureIoT.

    ]]>
    Cisco opens innovation hub, cybersecurity center in Singapore https://futureiot.tech/cisco-opens-innovation-hub-cybersecurity-center-in-singapore/ Wed, 27 Feb 2019 02:40:51 +0000 https://futureiot.tech/?p=3127 Cisco has broadened its focus on innovation, cybersecurity and the Internet of Things (IoT) with the launch of a Co-Innovation Centre and a Cybersecurity Centre of Excellence (CCX) in Singapore.

    The post Cisco opens innovation hub, cybersecurity center in Singapore appeared first on FutureIoT.

    ]]>
    Cisco has broadened its focus on innovation, cybersecurity and the Internet of Things (IoT) with the launch of a Co-Innovation Centre and a Cybersecurity Centre of Excellence (CCX) in Singapore.

    Both located at Cisco's office in Mapletree Business City, the centers are expected to strengthen its innovation push and boost Asia-Pacific threat intelligence research and security incidence response capabilities.

    Chng Kai Fong, managing director of the Economic Development Board, welcomed the move and was quoted in the news release as saying the centers will also “provide opportunities for Singaporeans to work with the best minds in Cisco.”

    Cisco confirmed in an email interview with FutureIoT that at the Singapore Co-Innovation Center, Singaporeans will get to work on state-of-the art innovation and the company looks forward to building a high-energy, motivated team.

    “This includes the exploration of new technologies, which includes blockchain, drones, cognitive computing, AR / VR and other areas of interest,” said Alex Goryachev, Managing Director, Cisco Innovation Centres.

    Transformative ideas

    According to Cisco, its Co-Innovation Centres co-create digital solutions to solve business and social problems, bring transformative ideas to market, engage with key customers, partners, startups, governments, universities and other innovators.

    They also serve as the local hub for Cisco ’s internal innovation programs and contribute to national and regional technology and innovation priorities, including training, funding, and investing in promising startups and public ventures.

    Cisco’s other innovation centers are located in Tokyo, Sydney, Perth, Rio de Janeiro, Toronto, London, Manchester, Berlin, Paris, Rome, Barcelona, Dubai, and Istanbul.

    “As the first in Southeast Asia, the Singapore Co-Innovation Centre is envisioned to bring together customers, industry partners, startups, application developers, accelerators, government organizations and universities to work on problems unique to the region, with a particular focus on Cybersecurity and IoT,” said Goryachev.

    Co-sponsored by the Singapore Economic Development Board, the center will catalyze and develop digital innovations in line with the focus areas of Singapore’s Digital Economy Framework for Action, including smart nation, smart transportation, and cybersecurity.

    “Given rapid digitalization across the globe, particularly in Asia-Pacific, businesses and organizations are looking to innovate at a tremendous pace,” Goryachev explained. “Our commitment remains to nurture a space for co-creation and prototyping of new solutions addressing future needs to fuel Singapore’s economic growth.”

    Beyond Singapore

    Collectively, Goryachev said Cisco’s Co-Innovation Centres had contributed a wide range of digital breakthroughs for customers across multiple industries.

    These include innovations on reducing energy consumption, pollution, and operational costs while also improving traffic flows, management of crops, and sustainable resources, among many others.

    “As just one example, The Cisco Tokyo Co-Innovation Centre partnered with FANUC, one of the largest makers of industrial robots in the world, to deploy connected Internet of Things technologies in a manufacturing facility that prevented downtime and increased uptime of robotic operations,” Goryachev said.

    Cybersecurity and IoT

    Simultaneous with the launch of the innovation center, Cisco also unveiled the Cybersecurity Centre of Excellence (CCX) in Singapore to boost its Asia-Pacific threat intelligence research and security incidence response capabilities.  

    According to the Cisco 2018 Asia Pacific Security Capabilities Benchmark Study, in the Asia Pacific region, companies receive six threats every minute, but only 50 percent of alerts are being investigated.

    “The CCX comprises a new Talos threat intelligence headquarters and Cisco Security Operations Centre (SOC) that will partner with government, industry, and universities to improve national cybersecurity posture and grow regional talent,” said Goryachev.

    The post Cisco opens innovation hub, cybersecurity center in Singapore appeared first on FutureIoT.

    ]]>
    Arm, lab partners launch security certification for IoT devices https://futureiot.tech/arm-lab-partners-launch-security-certification-for-iot-devices/ Tue, 26 Feb 2019 08:29:06 +0000 https://futureiot.tech/?p=3100 Arm has launched  a security certification for internet of things (IoT) devices with its security testing lab partners.

    The post Arm, lab partners launch security certification for IoT devices appeared first on FutureIoT.

    ]]>
    British semiconductor and software design company Arm has launched a security certification for internet of things (IoT) devices with its security testing lab partners.

    Security lab Brightsight, the China Academy of Information and Communications Technology (CAICT), Paris-based software company Prove&Run, global IoT advisor Riscure, and security solutions provider UL have worked with Arm in developing PSA Certified.

    The partners said PSA Certified enables IoT solution developers and device makers to establish the security and authenticity of the data collected from a diverse world of IoT devices.

    Paul Williamson, vice president and general manager, Emerging Businesses Group, Arm, said the certification will enable trust in individual devices, in their data, and in the deployment of these devices at scale in IoT services.

    “PSA gave the industry a framework for standardizing the design of secure IoT devices, and PSA Certified brings together the leading global independent security testing labs to evaluate the implementation of these principles,” he said.

    According to Arm, PSA Certified  comprises two elements: a multi-level security robustness scheme and a developer focused API test suite.

    “The security testing is based on third-party lab-based evaluation that builds trust through independent checking of the generic parts of an IoT platform, including PSA Root of Trust (the Root of Trust is the source of integrity and confidentiality), the real-time operating system (RTOS) and the device itself,” it explained.

    As part of the program, the PSA Functional API Certification enables standardized access to essential security services, making it easier to build secure applications.

    Free test suites have been published for chip vendors, RTOS providers and device makers to test their PSA APIs and harness the hardware security of the latest silicon platforms.

    “We should expect that anything connected to the internet could be hacked eventually, and to implement security in a trusted manner, independent testing is crucial,” said CAICT's Vicky Guo.

    “CAICT is committed to working closely with partners such as Arm to build a secure IoT ecosystem, and PSA Certified is an important step towards that, enabling customers to achieve the security they need for their specific use case.”

    The post Arm, lab partners launch security certification for IoT devices appeared first on FutureIoT.

    ]]>
    IDC: Singapore to spend $1 billion on smart city program in 2019 https://futureiot.tech/idc-singapore-to-spend-1-billion-on-smart-city-program-in-2019/ Thu, 14 Feb 2019 07:00:10 +0000 https://futureiot.tech/?p=2996 These cities represent a big opportunity for providers of smart city solutions that can be replicated and adapted to address specific use cases in different cities, leveraging the experience gained in a similar context.

    The post IDC: Singapore to spend $1 billion on smart city program in 2019 appeared first on FutureIoT.

    ]]>
    In the Worldwide Semiannual Smart Cities Spending Guide, IDC forecasts worldwide spending on smart cities initiatives to reach $95.8 billion in 2019, an increase of 17.7% over 2018. Singapore, New York City, Tokyo, and London will each invest more than $1 billion in smart cities programs this year.

    "The smart cities market is extremely dynamic, and while only a small number of cities have the budget for large scale integrated projects, our database of 100 cities, which includes most of the largest capitals and innovative cities around the world, only represents around one quarter of global smart city spending," said Serena Da Rold, program manager in IDC's Customer Insights & Analysis group.

    RELATED: 70 smart city initiatives at full speed in Hong Kong this year

    "There is a long tail of cities focusing on specific issues or looking for cross-departmental transformation on a smaller scale. These cities represent a big opportunity for providers of smart city solutions that can be replicated and adapted to address specific use cases in different cities, leveraging the experience gained in a similar context," she commented.

    Initiatives related to data-driven public safety, intelligent transportation, and resilient energy and infrastructure will attract the largest share of funding in 2019, but key use cases in the areas of economic development and civic engagement, and sustainable planning and administration will also see considerable investments.

    The smart cities use cases that will receive the most funding in 2019 include fixed visual surveillance, advanced public transit, smart outdoor lighting, intelligent traffic management, and connected back office.

    ANALYST: Ovum: Transforming the smart city with IoT

    Together, these five use cases will represent 34% of worldwide spending this year. Strong investment growth in intelligent traffic management solutions will make it the third largest use case in 2020, overtaking smart outdoor lighting.

    The use case that will see the fastest spending growth over the 2017-2022 forecast period is officer wearables, which includes smart apparel, smart headsets and glasses, and smart holsters. Other use cases that will experience significant spending growth include digital twin and vehicle-to-everything (V2X) connectivity.

    IDC says Asia/Pacific represents over 40% of total spending on smart cities initiatives, while the Americas represent around one third, and Europe, Middle East and Africa around one quarter of the global opportunity.

    At the city level, 11 cities in China will exceed the $300 million forecast spending in 2019 compared to four in the US.

    "In the Asia/Pacific region, the exponential growth and diversity of smart city initiatives in second- and third-tier cities are continually challenging many first-tier cities to transform. With competition for talent and foreign direct investment being even more intense today, these socioeconomic hubs provide huge openings for solution providers to aid in seamless connectivity and collaborations, enhanced productivity and automation, as well as address security and privacy concerns," said Gerald Wang, head of IDC Asia Pacific Public Sector research.

    "By identifying and forecasting the key projects and initiatives being funded worldwide by Smart Cities and Communities, IDC has a depth and breadth of data that allows us to offer unique intelligence to suppliers and buyers of technologies in this high-growth market," added Ruthbea Yesner, vice president of IDC Government Insights and Smart Cities programs. "As the market keeps evolving via new offerings, new entrants, and new partnerships, this information will become increasingly valuable."

    The post IDC: Singapore to spend $1 billion on smart city program in 2019 appeared first on FutureIoT.

    ]]>
    New study highlights cybersecurity risks in automotive industry https://futureiot.tech/new-study-highlights-cybersecurity-risks-in-automotive-industry/ Wed, 13 Feb 2019 00:30:13 +0000 https://futureiot.tech/?p=2929 Eighty-four percent of automotive professionals surveyed said their organizations’ cybersecurity practices are not keeping pace with evolving technologies.

    The post New study highlights cybersecurity risks in automotive industry appeared first on FutureIoT.

    ]]>
    A survey of global automotive manufacturers and suppliers highlighted the critical cybersecurity risk in the automotive industry, with 84 percent of professionals surveyed saying their organizations’ cybersecurity practices are not keeping pace with evolving technologies.

    The survey, conducted by Ponemon Institute for software firm Synopsys and SAE International, a global association of engineers and related technical experts in the aerospace, automotive and commercial-vehicle industries,   also found that 30 percent of organizations do not have an established cybersecurity program or team.

    More than half of respondents say their organization doesn’t allocate enough budget and human capital to cybersecurity, while 62 percent say they don’t possess the necessary cybersecurity skills in product development.

    Proactive cybersecurity testing is also not a priority. Less than half of organizations test their products for security vulnerabilities. Meanwhile, 71 percent believe that pressure to meet product deadlines is the primary factor leading to security vulnerabilities.  

    Only 33 percent of respondents reported that their organizations educate developers on secure coding methods. Additionally, 60 percent say a lack of understanding or training on secure coding practices is a primary factor that leads to vulnerabilities.

    Seventy-three percent of respondents expressed concern about the cybersecurity of automotive technologies supplied by third parties. Meanwhile, only 44 percent say their organization imposes cybersecurity requirements for products provided by upstream suppliers.

    The report, “Securing the Modern Vehicle: A Study of Automotive Industry Cybersecurity Practices,” provides a more comprehensive view of the cybersecurity practices in the industry.

    Jack Pokrzywa, SAE International director of Ground Vehicle Standards, said that SAE members have sought to address cybersecurity challenges in the automotive systems development lifecycle for the last decade and worked together to publish SAE J3061, the world’s first automotive cybersecurity standard.

    “Armed with the findings of the study, SAE stands ready to convene the industry and lead the development of targeted security controls, technical training, standards, and best practices to improve the security, and thus the safety, of modern vehicles,” he added.

    Ponemon surveyed 593 professionals from global automotive manufacturers, suppliers and service providers. All respondents are involved in assessing or contributing to the security of automotive technologies, including infotainment systems, telematics, steering systems, cameras, SoC-based components, driverless and autonomous vehicles, and RF technologies such as wi-fi and Bluetooth, among others.

     

    The post New study highlights cybersecurity risks in automotive industry appeared first on FutureIoT.

    ]]>
    As 5G, IoT networks evolve, Singapore rethinks regulatory approach to telecom security https://futureiot.tech/as-5g-iot-networks-evolve-singapore-rethinks-regulatory-approach-to-telecom-security/ Wed, 06 Feb 2019 00:05:01 +0000 https://futureiot.tech/?p=2789 Singapore’s industry regulator is preparing a multi-year roadmap to identify threats to the country’s connectivity infrastructure. Dr. Janil Puthucheary, Senior Minister of State for Communications and Information, made the announcement at the inaugural Infocomm Media Cybersecurity Conference on January 25, 2019. Puthucheary said the Infocomm Media Development Authority (IMDA) will develop the roadmap to build […]

    The post As 5G, IoT networks evolve, Singapore rethinks regulatory approach to telecom security appeared first on FutureIoT.

    ]]>
    Singapore’s industry regulator is preparing a multi-year roadmap to identify threats to the country’s connectivity infrastructure.

    Dr. Janil Puthucheary, Senior Minister of State for Communications and Information, made the announcement at the inaugural Infocomm Media Cybersecurity Conference on January 25, 2019.

    Puthucheary said the Infocomm Media Development Authority (IMDA) will develop the roadmap to build the cybersecurity capabilities of Singapore’s telecommunication operators through the formation of the Telecom Cybersecurity Strategic Committee (TCSC).

    “The TCSC is tasked to identify challenges, as well as key telecommunication technologies and market developments that will shape the cyber threat landscape,” he said.

    The Minister cited that in 2015, IMDA launched the Infocomm Singapore Computer Emergency Response Team (ISG-CERT) to respond to cybersecurity threats within the telecommunication and media sectors.

    In 2018, it revised the Telecommunications Cybersecurity Code of Practice (TCS-CoP) to ensure that it can apply the best practices from the industry to the telco space.

    However, the changing needs of the digital economy will require a trusted, secure and resilient next-generation connectivity infrastructure, including 5G and narrowband Internet-of-Things (NB-IoT) sensor networks.

    Tan Kiat How, Chief Executive, IMDA, said the organization is partnering the industry and international thought leaders to develop the roadmap.

    IoT cybersecurity guide

    Aside from the roadmap, the IMDA has also introduced the IoT Cyber Security Guide, which will help instill greater confidence in the use of IoT systems.

    “This guide will list baseline recommendations provide checklists, assisting users to secure IoT systems against unintentional and malicious threats for the acquisition, operation and maintenance of the systems,” Puthucheary said.

    In addition, the guide offers two checklists to help organizations systematically assess the security state of their IoT systems and to help IoT vendors develop better products and solutions to benefit Singapore homeowners.

    IMDA said it will launch a public consultation on the IoT Cyber Security Guide to ensure that the recommendations in the guide are useful and comprehensive.

    “Adopting an IoT approach will result in more devices in our ecosystem such as power sensors and power environmental infrastructure,” Puthucheary said.

    “We need to rethink what is our regulatory approach and what is the way in which we can assure customers and users of the security of our IoT systems,” he added.

    The post As 5G, IoT networks evolve, Singapore rethinks regulatory approach to telecom security appeared first on FutureIoT.

    ]]>
    Ahead of Tokyo Olympics, Japan to test consumer IoT devices https://futureiot.tech/ahead-of-tokyo-olympics-japan-to-test-consumer-iot-devices/ Tue, 05 Feb 2019 01:50:44 +0000 https://futureiot.tech/?p=2777 A revised Japanese law passed recently authorized the government to test internet of Things (IoT) devices that may be exploited for cyber attacks.

    The post Ahead of Tokyo Olympics, Japan to test consumer IoT devices appeared first on FutureIoT.

    ]]>
    A revised Japanese law passed recently authorized the government to test internet of Things (IoT) devices that may be exploited for cyber attacks.

    According to the announcement posted on the government website, the Ministry of Internal Affairs and Communications (MIAC) and the National Institute of Information and Communications Technology (NICT) will cooperate with Internet providers to conduct the security survey.

    The government acknowledges that while IoT devices have become widespread, cyber attacks targeting IoT devices are on the rise.

    It said IoT devices, which includes sensors, routers, and web cameras, have features that are limited in performance, difficult to manage, long in the life cycle, and easy to be targeted by cyber attacks. And equipment with poorly installed security measures may be infected with malware and used for cyber attacks.

    The announcement specifically mentions the heightened need for security countermeasures as the country is hosting the 2020 Olympic Games, the Paralympic Games Tokyo Convention, and many other high-profile international events.

    Based on the conduct of the investigation or survey, the post said strict safety control measures are to be taken based on the implementation plan of NICT and approved by the Minister for Internal Affairs and Communications.

    According to the document, testing will begin by mid-February and users of these IoT devices that are found vulnerable to attacks will be notified.

    A report from Japan’s national broadcaster NHK World stated that NICT “will generate IDs and passwords in its attempt to randomly break into about 200 million devices, such as routers and webcams.”

    NHK also quoted a communications ministry official asking the public for its support and understanding, especially as “researchers might unintentionally gain access to webcam images or stored data” and may constitute a violation of “the device owners' constitutional right to privacy if their identities were revealed.”

    The government, however, has given assurances that no data will be leaked.

    According to a report from MIAC Cybersecurity Office, two-thirds of all attacks in 2016 were targeted at IoT devices; hence, the necessity for countermeasures. And one way to detect device vulnerability is to test for inadequate password settings, among others.

    Trust certifications for IoT devices have been gaining ground. In November 2018, Mozilla issued a comprehensive guide on smart connected things as they might pose some online risks to consumers at the height of the year's online shopping season.

    Mozilla’s gadget guide provides a framework for understanding the risk factors to consider before buying a connected device.

    In December 2018, ThingsCon Berlin launched the "Trustable Technology Mark," the goal of which was to help consumers make informed purchases.

    Governments have also started introducing regulations on the sale and manufacture of internet-connected things, such as the law passed in California in September mandating built-in security features to protect devices against unauthorized access.

    The UK followed suit with the introduction of the world-first IoT Code of Practice to ensure the security of connected consumer devices at the design stage.

    In Asia, the Bangkok Post reported in November 2018 that that regulatory conditions for IoT and related devices will start to be implemented this year.

     

    The post Ahead of Tokyo Olympics, Japan to test consumer IoT devices appeared first on FutureIoT.

    ]]>
    Threat report warns consumers of fake apps, adversarial AI, IoT attacks https://futureiot.tech/threat-report-warns-consumers-of-fake-apps-adversarial-ai-iot-attacks/ Mon, 04 Feb 2019 00:17:47 +0000 https://futureiot.tech/?p=2728 The Avast Threat Labs team sees roughly one million new files a day and prevents two billion attacks every month.

    The post Threat report warns consumers of fake apps, adversarial AI, IoT attacks appeared first on FutureIoT.

    ]]>
    The Internet of Things seem to be more vulnerable than ever, with more threat actors forecast in 2019.

    A report highlighting the threat landscape for 2019 released by digital security firm Avast shows what its threat labs team sees: more attacks aimed at infiltrating an IoT device.

    “From connected lights to coffee makers, and smart speakers to toothbrushes, IoT devices will continue to drive a class of attacks aimed at exploiting their weaknesses in configuration, security flaws, and consumers’ low engagement with their security settings,” the report noted.

    The Avast Threat Labs team sees roughly one million new files a day and prevents two billion attacks every month.  

    “This volume provides valuable insights into the most prevalent threats, as well as the ability to map trends to predict future attacks,” the company said.

    Adversarial AI

    In 2018, the Avast team said it observed many examples of adversarial AI algorithms used to fool humans, such as the fake Obama video created by Buzzfeed where President Obama is seen delivering fake sentences.

    There were also examples of AI deliberately confounding the smartest object detection algorithms, such as fooling an algorithm into thinking that a stop sign was a 45-mph speed limit sign.

    “In 2019, we expect to see DeepAttacks deployed more commonly in an attempt to evade both human detection and smart defenses,” Avast said.

    Deep Attacks use AI-generated content to evade AI security controls.

    As most appliances or home electronics are now connected to the internet, Avast warns that their research shows security is often an afterthought in manufacturing these devices.

    “Considering a smart home is only as secure as its weakest link, this is a mistake. So we can expect to see IoT malware evolve and become more sophisticated and dangerous, similar to how PC and mobile malware developed,” Avast said.

    Routers, for example, have proven to be a simple and fertile target for a growing wave of attacks.

    “Not only have we seen an increase in router-based malware in 2018, but also changes in the characteristics of those attacks,” it said. “In 2019, we expect to see the increased hijacking of routers used to steal banking credentials, for example, where an infected router injects a malicious HTML frame to specific web pages when displayed on mobile.”

    Fake apps

    In 2018, the Avast team said it tracked and flagged countless fake apps using its apklab.io platform.

    “Some were even found on the Google Play Store. Fake apps are the zombies in mobile security, becoming so ubiquitous that they barely even make the headlines as new fake apps pop up to take the place of the ones already flagged for removal,” it said.

    This trend is expected to continue to persist in 2019, exacerbated by fake versions of popular app brands doing their rounds on the Google Play Store.

    Well known tactics such as advertising, phishing and fake apps are also projected  to dominate the mobile threat landscape.

    “This year, we celebrated the 30th anniversary of the World Wide Web. Fast forward thirty years and the threat landscape is exponentially more complex, and the available attack surface is growing faster than it has at any other point in the history of technology,” commented Ondrej Vlcek, President of Consumer at Avast.

    “PC viruses, while still a global threat, have been joined by a multitude of malware categories that deliver more attacks. People are acquiring more and varied types of connected devices, meaning every aspect of our lives could be compromised by an attack. Looking ahead to 2019, these trends point to a magnification of threats through these expanding threat surfaces.” 

    The post Threat report warns consumers of fake apps, adversarial AI, IoT attacks appeared first on FutureIoT.

    ]]>
    Kaspersky Lab identifies 7 vulnerabilities in industrial IoT platform https://futureiot.tech/kaspersky-lab-identifies-7-vulnerabilities-in-industrial-iot-platform/ Sun, 03 Feb 2019 23:08:12 +0000 https://futureiot.tech/?p=2726 Cybersecurity firm Kaspersky Lab experts have helped to identify and patch seven previously unknown vulnerabilities in the ThingsPro Suite, an industrial IoT (IIoT) platform designed for industrial control systems (ICS) data acquisition and remote analysis.

    The post Kaspersky Lab identifies 7 vulnerabilities in industrial IoT platform appeared first on FutureIoT.

    ]]>
    Cybersecurity firm Kaspersky Lab experts have helped to identify and patch seven previously unknown vulnerabilities in the ThingsPro Suite, an industrial IoT (IIoT) platform designed for industrial control systems (ICS) data acquisition and remote analysis.

    All vulnerabilities identified were reported to and patched by platform developer Moxa.

    Of the seven zero-day vulnerabilities found, Kaspersky said one of the most severe could allow a remote attacker to execute any command on the target IIoT gateway.

    Another vulnerability made it possible for cybercriminals to gain root privileges, providing the ability to change the device’s configuration. Its exploitation could be automated, which means that cybercriminals could automatically compromise multiple Moxa ThingsPro IoT gateways in different enterprises and to even potentially gain access to industrial networks of the organizations.

    Moreover, some of the vulnerabilities found could potentially allow threat actors to gain highly privileged access to industrial IoT gateways and execute deadly commands.

    “Moxa is a trusted and respected brand in the industrial systems world. However, despite the company’s vast expertise and experience, its new product had a number of vulnerabilities, which shows that it is important even for industry leaders to conduct proper cybersecurity tests,” said Alexander Nochvay, security researcher at Kaspersky Lab.

    “We highly advise ICS officers to be proactive in ensuring that the stability of these critical infrastructure is protected in the face of frequent and severe cyber attacks," added Yeo Siang Tiong, General Manager at Kaspersky Lab Southeast Asia.

    ThingsPro Suite is an industrial internet of things platform that automatically gathers data from Operational Technology (OT) devices running at the industrial facility and submits it to an IoT cloud for further analysis.

    However, as much as such platforms are useful to ease Industrial IoT (IIoT) integration and maintenance, they can also be dangerous, unless they are developed and integrated with adequate security concerns in mind.

    As such solutions work as a connecting point between IT and OT security domains, vulnerabilities found in them can potentially allow attackers to gain access to an industrial network.

    To keep industrial control systems safe, Kaspersky Lab advises companies to:

    1. Restrict access of IIoT gateway devices to components of the enterprise’s OT and IT networks to the extent possible;
    2. Restrict access to IIoT gateway devices from the enterprise network and the internet to the extent possible;
    3. Set up monitoring of remote access to the enterprise’s OT network, as well as monitoring of access to individual ICS components (workstations, servers, and other equipment) inside the OT network;
    4. Use solutions designed to analyze network traffic, detect and prevent network attacks – at the boundary of the enterprise network and at the boundary of the OT network;
    5. Use dedicated solutions to monitor and perform deep analysis of network traffic on the OT network and detect attacks on industrial equipment;
    6. Ensure the security of hosts on the enterprise’s IT and OT networks using solutions that provide protection from malware and cyberattacks.
    7. Provide cyber-hygiene training to employees, partners and suppliers who have access to the enterprise’s OT network.

    The post Kaspersky Lab identifies 7 vulnerabilities in industrial IoT platform appeared first on FutureIoT.

    ]]>
    Cost continues to disrupt commercial IoT adoption in New Zealand https://futureiot.tech/cost-continues-to-disrupt-commercial-iot-adoption-in-new-zealand/ Tue, 22 Jan 2019 01:00:48 +0000 https://futureiot.tech/?p=2536 Tech research firm IDC says remains the biggest barrier to commercial adoption of Internet of Things (IoT) solutions in New Zealand. The latest IDC report titled 2018-2019 Global IoT Decision Maker Survey, revealed that while one third of New Zealand enterprises already have at least one IoT solution, cost barriers are slowing the deployment of […]

    The post Cost continues to disrupt commercial IoT adoption in New Zealand appeared first on FutureIoT.

    ]]>
    Tech research firm IDC says remains the biggest barrier to commercial adoption of Internet of Things (IoT) solutions in New Zealand.

    The latest IDC report titled 2018-2019 Global IoT Decision Maker Survey, revealed that while one third of New Zealand enterprises already have at least one IoT solution, cost barriers are slowing the deployment of commercial solutions.

    Monica Collier, IDC's ANZ Practice Research Manager, says, "The cost barriers aren't just the direct costs related to IoT devices, connectivity and implementation. Companies are finding that their proof-of-concept projects are uncovering wider issues around security and infrastructure that must be addressed before they can deploy commercial IoT systems."

    Collier says New Zealand enterprises have told IDC that they want IoT vendors to improve their security offerings and expertise.

    "Of those companies with active IoT pilot projects, 75% are planning on expanding their trial systems into full scale solutions. But they can't easily do that until security concerns are addressed and infrastructure barriers removed,” says Collier.

    IDC observed that security concerns are neither uniform nor consistent.

    "Across the IoT ecosystem industry it is becoming plain that security is a complex topic with many layers across applications, network, data and devices. Interestingly, while companies said they are concerned about security at the application and data level, there is little or no concern about device security. Endpoints can be quite vulnerable and organisations should not overlook this potential weakness. We need more IoT platforms that do a good job of IoT endpoint device management."

    "To move past the barriers inhibiting production scale IoT, organisations have to solve the broader security and upgrade issues. IoT vendors should be supporting enterprises with IoT-specific security expertise, more comprehensive analytics and better guidance on measuring how the solution is performing against business requirements," says Collier.

    The post Cost continues to disrupt commercial IoT adoption in New Zealand appeared first on FutureIoT.

    ]]>
    Growing security concerns over smart devices boosts APAC biometrics market https://futureiot.tech/growing-security-concerns-over-smart-devices-boosts-apac-biometrics-market/ Tue, 22 Jan 2019 00:45:40 +0000 https://futureiot.tech/?p=2543 Growing concerns about security in smart devices and the rising number of cyber threats are driving the growth of the biometrics market in Asia-Pacific.

    The post Growing security concerns over smart devices boosts APAC biometrics market appeared first on FutureIoT.

    ]]>
    Growing concerns about security in smart devices and the rising number of cyber threats are driving the growth of the biometrics market in Asia-Pacific.

    In a report, market research firm Frost & Sullivan has noted the increasing adoption of biometrics in smartphones, tablets, and wearable technology in the region.

    “The mobile biometrics market in Asia-Pacific is experiencing strong growth, accounting for 10 percent of the total global market in 2016,” said Mei Lee Quah, Industry Principal Analyst, Information & Communication Technologies Practice, at Frost & Sullivan.

    “The increasing use of smartphones and wearable technologies in the region, especially in highly populous countries such as India and China, are also strong drivers of the mobile biometrics market,” she added.

    The market is projected to grow between 2016 and 2021, mainly driven by four key factors: security concerns, innovative industry collaboration, increasing update of biometrics in smart devices, and increasing mobile banking penetration.

    Among the growth opportunities that Frost & Sullivan sees in the Asia-Pacific market includes: cloud-based biometrics, which grants users access to infrastructure in remote locations and has flexible cost structure; and mobile identification technologies, including fingerprint authentication or facial scans.

    It also sees strong growth in biometric authentication for mobile banking transactions, and the increasing use of mobile wallets, which eliminates the need for Personal Identification Numbers (PINs) and passwords. Enables convenient and secure cashless payment in retail and consumer market.   

    The post Growing security concerns over smart devices boosts APAC biometrics market appeared first on FutureIoT.

    ]]>
    Blockchain gains pace as an IoT security tool, says Gemalto https://futureiot.tech/blockchain-gains-pace-as-an-iot-security-tool-says-gemalto/ Fri, 18 Jan 2019 04:03:43 +0000 https://futureiot.tech/?p=2514 Digital security provider Gemalto said in a report that blockchain is emerging as a potential technology for securing IoT devices.

    The post Blockchain gains pace as an IoT security tool, says Gemalto appeared first on FutureIoT.

    ]]>
    As the IT industry awaits regulation that will strengthen measures to secure the Internet of Things (IoT), digital security provider Gemalto said in a report that blockchain is emerging as a potential technology for securing IoT devices.

    “Adoption of blockchain has doubled from 9 percent  to 19 percent in the last 12 months. What's more, a quarter (23 percent) of respondents believe that blockchain technology would be an ideal solution to use for securing IoT devices, with 91 percent of organizations that don't currently use the technology are likely to consider it in the future,” it said.

    Blockchain is a system of keeping a record of all data exchanges, which is deemed secure because it is resistant to modification or alteration.

    Gemalto’s statement on blockchain came on the heels of a survey it conducted with 950 IT and business decision makers globally, which reveals that only around half (48 percent) of businesses can detect if any of their IoT devices suffers a breach.

    Nevertheless, the poll revealed that more corporate spending on protection has grown from 11 percent of IoT budget in 2017 to 13 percent in 2018.

    “Nearly all (90 percent) also believe that it security a big consideration for customers; and almost three times as many now see IoT security as an ethical responsibility (14 percent), compared to a year ago (4 percent),” the State of IoT Security report noted.

    The poll also shows that as blockchain technology finds its place in securing IoT devices, businesses continue to employ other methods to protect themselves against cybercriminals.

    The majority (71 percent) encrypt their data, while password protection (66 percent) and two factor authentication (38 percent) remain prominent, according to Gemalto.

    "Businesses are clearly feeling the pressure of protecting the growing amount of data they collect and store. But while it's positive they are attempting to address that by investing in more security, such as blockchain, they need direct guidance to ensure they're not leaving themselves exposed,” said Jason Hart, CTO, Data Protection at Gemalto.

    “In order to get this, businesses need to be putting more pressure on the government to act, as it is them that will be hit if they suffer a breach," he added.

    The post Blockchain gains pace as an IoT security tool, says Gemalto appeared first on FutureIoT.

    ]]>
    Trend Micro report finds flaws in RF remote controllers https://futureiot.tech/trend-micro-report-finds-flaws-in-rf-remote-controllers/ Thu, 17 Jan 2019 06:28:21 +0000 https://futureiot.tech/?p=2503 Cybersecurity expert Trend Micro has detailed inherent flaws and new vulnerabilities in radio frequency (RF) remote controllers in a new report. RF remote controllers are handheld, wireless devices used to operate electronic equipment using radio frequency transmission. They are mostly used in heavy industrial machinery, including cranes, drills, mining machinery and other industrial devices. “These […]

    The post Trend Micro report finds flaws in RF remote controllers appeared first on FutureIoT.

    ]]>
    Cybersecurity expert Trend Micro has detailed inherent flaws and new vulnerabilities in radio frequency (RF) remote controllers in a new report.

    RF remote controllers are handheld, wireless devices used to operate electronic equipment using radio frequency transmission. They are mostly used in heavy industrial machinery, including cranes, drills, mining machinery and other industrial devices.

    “These types of devices have become a major point of security weakness because of their connectivity. Long lifespans, high replacement costs, and cumbersome patching processes compound this problem,” the company said in a media release.

    Bill Malik, VP of infrastructure strategies for Trend Micro, said that by testing the vulnerabilities, the company’s researchers discovered the ability to move full-sized industrial equipment deployed at construction sites, factories, and transportation businesses.

    “This is a classic example of both the new security risks that are emerging, as well as how old attacks are being revitalized, to attack the convergence of OT and IT.”

    In the report, “A Security Analysis of Radio Remote Controllers for Industrial Applications,” Trend Micro demonstrates how an attacker could persistently and remotely take control of, or simulate the malfunction of, the attacked machinery.

    It said the three basic failings in RF controllers are: no rolling code; weak or no cryptography; and a lack of software protection.  

    “The core of the problem lies in how, instead of depending on wireless, standard technologies, these industrial remote controllers rely on proprietary RF protocols, which are decades old and are primarily focused on safety at the expense of security. It wasn’t until the arrival of Industry 4.0, as well as the continuing adoption of the industrial internet of things (IIoT), that industries began to acknowledge the pressing need for security,” the report noted.

    The security firm advised security  and risk management leaders to “identify key industrial assets and systems, and prioritize protection of these assets based upon their mission criticality and integrated risks to OT and IT systems.

    It recommends implementing comprehensive security measures, including software and firmware patching, as well as building on standardized protocols. 

    The post Trend Micro report finds flaws in RF remote controllers appeared first on FutureIoT.

    ]]>
    EY: true value of IoT to financial services https://futureiot.tech/ey-true-value-of-iot-to-financial-services/ Thu, 17 Jan 2019 00:15:49 +0000 https://futureiot.tech/?post_type=whitepaper&p=2492 [...] Accessing FutureIoT Premium Content Welcome! To access Premium content and more, please login below. Not a Premium member yet? Register now for a free account! Username or Email Password  Remember Me Forgot Password Alternatively,

    The post EY: true value of IoT to financial services appeared first on FutureIoT.

    ]]>
    [...]

    Accessing FutureIoT Premium Content

    Welcome! To access Premium content and more, please login below.

    Not a Premium member yet? Register now for a free account!

    Forgot Password

    Alternatively,

    The post EY: true value of IoT to financial services appeared first on FutureIoT.

    ]]>
    Consumers will pay more if connected devices could protect their privacy https://futureiot.tech/consumers-will-pay-more-if-connected-devices-could-protect-their-privacy/ Tue, 08 Jan 2019 22:44:27 +0000 https://futureiot.tech/?p=2430 Consumers are more likely to choose a product or do business with a company that had a strong reputation for data security and privacy and would support a “seal” or “stamp of approval” for Internet-connected devices. These were among the findings of an online survey conducted by Atomik Research in the past 30 days for […]

    The post Consumers will pay more if connected devices could protect their privacy appeared first on FutureIoT.

    ]]>
    Consumers are more likely to choose a product or do business with a company that had a strong reputation for data security and privacy and would support a “seal” or “stamp of approval” for Internet-connected devices.

    These were among the findings of an online survey conducted by Atomik Research in the past 30 days for Canadian handset maker BlackBerry.

    The poll revealed that 80 percent of respondents in the United States, United Kingdom, and Canada do not trust their current Internet-connected devices to secure their data and privacy.

    More than half of these respondents (58 percent) said they would be willing to pay more for Internet-connected products such as Alexa-speakers, home security products, wearables, and more if they know their data is protected.

    When asked how much more are they are willing to spend, 10 percent of respondents said they were willing to pay up to 20 percent more, but the majority preferred 10 percent or less.

    “This survey shows there is a real opportunity for companies to differentiate their products by providing a higher level of security and data privacy,” said Mark Wilson, Chief Marketing Officer at BlackBerry.

    “Similar to the rise in demand for organic food and sustainable goods, we believe that educated consumers – many of whom have been victims of cyberattacks and uninvited use of personal data – will help drive the private and public sectors to align on a safety and security standard,” he added.

    In the area of connected cars, BlackBerry said the majority of poll respondents also stated that they would pay more to know their vehicle used the highest safety and security software.  

    When asked which voice assistant they would trust the most in a car, Google (25 percent) was chosen the most, followed by Apple’s Siri (19 percent), Amazon’s Alexa (16 percent), Microsoft’s Cortana (5 percent) and IBM’s Watson (3 percent).

    “That being said, 32 percent of respondents selected ‘none of the above,’ with most votes coming from people over the age of 54. Notably, only 20 percent of millennials chose ‘none of the above,’” BlackBerry noted.

    In addition, more than one-third (36 percent) of those surveyed admitted to not knowing what security certifications to look for when purchasing an Internet-connected device.

    This was even more profound for respondents from Canada and the United Kingdom, with 41 percent of respondents from each country admitting they did not know what security certifications to look for, compared to 32 percent of Americans.

    In 2018, the state of California enacted the first cybersecurity law on the Internet of Things (IoT) in the US. The law provides that connected devices should have built-in security features designed to protect against unauthorized access by January 2020.

    The UK, for its part, released the world's first IoT Code of Practice that is expected to guide manufacturers secure internet-connected devices, including home alarm systems, refrigerators, and toys.

    In Asia, the Bangkok Post reported in November that IoT regulations may be out this year.

    The post Consumers will pay more if connected devices could protect their privacy appeared first on FutureIoT.

    ]]>
    DigitalSTROM turns data from IoT into fast data for the home https://futureiot.tech/digitalstrom-turns-data-from-iot-into-fast-data-for-the-home/ Wed, 02 Jan 2019 02:26:36 +0000 https://futureiot.tech/?p=2391 Martin Vesper, CEO, and Miguel Rodriguez, Head of R&D, talk about making homes energy-efficient, comfortable, and safe using a scalable, event-enabled platform that easily integrates services and partners. Martin Vesper:  DigitalSTROM connects in a home and makes them smart so that they can have very flexible application to control their home to be energy efficient […]

    The post DigitalSTROM turns data from IoT into fast data for the home appeared first on FutureIoT.

    ]]>
    Martin Vesper, CEO, and Miguel Rodriguez, Head of R&D, talk about making homes energy-efficient, comfortable, and safe using a scalable, event-enabled platform that easily integrates services and partners.

    Martin Vesper:  DigitalSTROM connects in a home and makes them smart so that they can have very flexible application to control their home to be energy efficient and safe. Our business goal to reach is that customer actually can enable his infrastructure we sell to him by using services which are available in the cloud combining his smart-home with really high tech solutions like weather forecast will bring him a lower insurance premium and make sure that everything is protected in his home in case of a storm for example.

    Miguel Rodriguez: The integration platform that we need to have needs to talk to many different technologies because we have many different partners. It has to be able to interoperate across operating systems that of types and also to be very easy to integrate the functionality.

    Watch the video to learn more about how automation only works when you are able to access, manage and query IoT data efficiently and in real-time.

    The post DigitalSTROM turns data from IoT into fast data for the home appeared first on FutureIoT.

    ]]>
    Bigmate uses embedded BI to solve IoT asset management challenge https://futureiot.tech/bigmate-uses-embedded-bi-to-solve-iot-asset-management-challenge/ Wed, 02 Jan 2019 01:20:21 +0000 https://futureiot.tech/?post_type=case-study&p=2383 Click here to download this case study to find out how using TIBCO Jaspersoft embedded BI, Bigmate is able to consume IoT and IoA data and blend it to deliver answers to business problems.

    The post Bigmate uses embedded BI to solve IoT asset management challenge appeared first on FutureIoT.

    ]]>
    Click here to download this case study to find out how using TIBCO Jaspersoft embedded BI, Bigmate is able to consume IoT and IoA data and blend it to deliver answers to business problems.

    Accessing FutureIoT Premium Content

    Welcome! To access Premium content and more, please login below.

    Not a Premium member yet? Register now for a free account!

    Forgot Password

    Alternatively,

    The post Bigmate uses embedded BI to solve IoT asset management challenge appeared first on FutureIoT.

    ]]>
    Corporate losses associated with IoT missteps rising https://futureiot.tech/corporate-losses-associated-with-iot-missteps-rising/ Sun, 30 Dec 2018 12:51:05 +0000 https://futureiot.tech/?p=2353 Companies have started sustaining significant monetary losses due to lack of good practices as they incorporate IoT into business models.

    The post Corporate losses associated with IoT missteps rising appeared first on FutureIoT.

    ]]>
    Companies have started sustaining significant monetary losses due to lack of good practices as they incorporate the Internet of Things (IoT) into business models.

    This was among the findings of a poll conducted by IoT security solutions provider DigiCert.

    DigiCert’s 2018 State of IoT poll revealed that among companies surveyed that are struggling the most with IoT security, 25 percent reported IoT security-related losses of at least $34 million in the last two years.

    The top five areas for costs incurred within the past two years were: monetary damages, lost productivity, legal/compliance penalties, lost reputation, stock price.

    Meanwhile, although the top-tier enterprises experienced some security missteps, an overwhelming majority (almost 80 percent) reported no costs associated with those missteps.

    Top-tier enterprises attributed their security successes to these practices: encrypting sensitive data, ensuring integrity of data in transit, scaling security measures, securing over-the-air updates, securing software-based encryption key storage.

    “This study shows that enterprises that are implementing security best practices have less exposure to the risks and resulting damages from attacks on connected devices,” Mike Nelson, vice president of IoT security at DigiCert, said in a news release.  

    Still, a high 82 percent of respondents stated that they were “somewhat to extremely concerned about security challenges.”

    Nelson said securing IoT devices is still a top priority that many enterprises are struggling to manage.

    “Integrating security at the beginning, and all the way through IoT implementations, is vital to mitigating rising attacks, which can be expected to continue. Due diligence when it comes to authentication, encryption and integrity of IoT devices and systems can help enterprises reliably and safely embrace IoT,” he said.

    The survey noted that the difference between the top- and bottom-tiers enterprises was unmistakable.

    Companies struggling the most with IoT implementation are much more likely to get hit with IoT-related security incidents. Every single bottom-tier enterprise experienced an IoT-related security incident in that time span, versus just 32 percent of the top-tier.

    The survey was conducted by ReRez Research in September 2018, with 700 enterprise organizations in the US, UK, Germany, France and Japan.

    The post Corporate losses associated with IoT missteps rising appeared first on FutureIoT.

    ]]>
    Gartner lists top 10 strategic technology trends for 2019 https://futureiot.tech/gartner-lists-top-10-strategic-technology-trends-for-2019/ Fri, 28 Dec 2018 02:30:05 +0000 https://futureiot.tech/?p=2305 As we close 2018, it would do no harm for us to have a peek at what’s coming in 2019 and quite possible in the next couple of years. For business and technology leaders, understand what technology trends may be of consequence to their business may provide some guidance as they lay out their strategic […]

    The post Gartner lists top 10 strategic technology trends for 2019 appeared first on FutureIoT.

    ]]>
    As we close 2018, it would do no harm for us to have a peek at what’s coming in 2019 and quite possible in the next couple of years. For business and technology leaders, understand what technology trends may be of consequence to their business may provide some guidance as they lay out their strategic plans for 2019 and beyond.

    Gartner defines a strategic technology trend as one with substantial disruptive potential that is beginning to break out of an emerging state into broader impact and use, or which are rapidly growing trends with a high degree of volatility reaching tipping points over the next five years.

    “The Intelligent Digital Mesh has been a consistent theme for the past two years and continues as a major driver through 2019. Trends under each of these three themes are a key ingredient in driving a continuous innovation process as part of a ContinuousNEXT strategy,” said David Cearley, vice president and Gartner Fellow.

    Gartner defines ContinuousNEXT as the future evolution of concepts introduced by the analyst in recent years, and that will build momentum through digital transformation and beyond.

    “For example, artificial intelligence (AI) in the form of automated things and augmented intelligence is being used together with IoT, edge computing and digital twins to deliver highly integrated smart spaces. This combinatorial effect of multiple trends coalescing to produce new opportunities and drive new disruption is a hallmark of the Gartner top 10 strategic technology trends for 2019,” elaborated Cearley.

    The top 10 strategic technology trends for 2019 are:

    Autonomous Things, such as robots, drones and autonomous vehicles, use AI to automate functions previously performed by humans. Their automation goes beyond the automation provided by rigid programing models and they exploit AI to deliver advanced behaviors that interact more naturally with their surroundings and with people.

    “As autonomous things proliferate, we expect a shift from stand-alone intelligent things to a swarm of collaborative intelligent things, with multiple devices working together, either independently of people or with human input,” said Cearley.

    Augmented analytics focuses on a specific area of augmented intelligence, using machine learning (ML) to transform how analytics content is developed, consumed and shared. Augmented analytics capabilities will advance rapidly to mainstream adoption, as a key feature of data preparation, data management, modern analytics, business process management, process mining and data science platforms.

    Automated insights from augmented analytics will also be embedded in enterprise applications — for example, those of the HR, finance, sales, marketing, customer service, procurement and asset management departments — to optimize the decisions and actions of all employees within their context, not just those of analysts and data scientists. Augmented analytics automates the process of data preparation, insight generation and insight visualization, eliminating the need for professional data scientists in many situations.

    AI-Driven Development refers to a future business model where a professional application developer can operate alone using predefined models delivered as a service – without the need for support from data scientists. This provides the developer with an ecosystem of AI algorithms and models, as well as development tools tailored to integrating AI capabilities and models into a solution.

    Gartner forecasts that by 2022, at least 40% of new application development projects will have AI co-developers on their team.

    “Ultimately, highly advanced AI-powered development environments automating both functional and non-functional aspects of applications will give rise to a new age of the ‘citizen application developer’ where non-professionals will be able to use AI-driven tools to automatically generate new solutions. Tools that enable non-professionals to generate applications without coding are not new, but we expect that AI-powered systems will drive a new level of flexibility,” said Cearley.

    A digital twin refers to the digital representation of a real-world entity or system. By 2020, Gartner estimates there will be more than 20 billion connected sensors and endpoints and digital twins will exist for potentially billions of things. Organizations will implement digital twins simply at first. They will evolve them over time, improving their ability to collect and visualize the right data, apply the right analytics and rules, and respond effectively to business objectives.

    “One aspect of the digital twin evolution that moves beyond IoT will be enterprises implementing digital twins of their organizations (DTOs). A DTO is a dynamic software model that relies on operational or other data to understand how an organization operationalizes its business model, connects with its current state, deploys resources and responds to changes to deliver expected customer value,” said Cearley.

    Empowered Edge refers to the growing trend of bringing computing resources (or topology) and content closer to the edge where it is needed. One of the goals is to keep the traffic and processing local, with the goal being to reduce traffic and latency.

    In the near term, edge is being driven by IoT and the need to keep the processing close to the end rather than on a centralized cloud server. However, rather than create a new architecture, cloud computing and edge computing will evolve as complementary models with cloud services being managed as a centralized service executing, not only on centralized servers, but in distributed servers on-premises and on the edge devices themselves.

    Over the next five years, specialized AI chips, along with greater processing power, storage and other advanced capabilities, will be added to a wider array of edge devices. The extreme heterogeneity of this embedded IoT world and the long life cycles of assets such as industrial systems will create significant management challenges.

    Longer term, as 5G matures, the expanding edge computing environment will have more robust communication back to centralized services. 5G provides lower latency, higher bandwidth, and (very importantly for edge) a dramatic increase in the number of nodes (edge endpoints) per square km.

    Conversational platforms are changing the way in which people interact with the digital world. Virtual reality (VR), augmented reality (AR) and mixed reality (MR) are changing the way in which people perceive the digital world. This combined shift in perception and interaction models leads to the future immersive user experience.

    “Over time, we will shift from thinking about individual devices and fragmented user interface (UI) technologies to a multi-channel and multi-modal experience. The multi-modal experience will connect people with the digital world across hundreds of edge devices that surround them, including traditional computing devices, wearables, automobiles, environmental sensors and consumer appliances,” said Cearley.

    Blockchain, a type of distributed ledger, promises to reshape industries by enabling trust, providing transparency and reducing friction across business ecosystems potentially lowering costs, reducing transaction settlement times and improving cash flow.

    Today, trust is placed in banks, clearinghouses, governments and many other institutions as central authorities with the “single version of the truth” maintained securely in their databases. The centralized trust model adds delays and friction costs (commissions, fees and the time value of money) to transactions. Blockchain provides an alternative trust mode and removes the need for central authorities in arbitrating transactions.

    ”Current blockchain technologies and concepts are immature, poorly understood and unproven in mission-critical, at-scale business operations. This is particularly so with the complex elements that support more sophisticated scenarios,” said Cearley. “Despite the challenges, the significant potential for disruption means CIOs and IT leaders should begin evaluating blockchain, even if they don’t aggressively adopt the technologies in the next few years.”

    Cearly many blockchain initiatives today are positioned as a means to achieve operational efficiency by automating business processes, or by digitizing records. They have the potential to enhance sharing of information among known entities, as well as improving opportunities for tracking and tracing physical and digital assets. However, these approaches miss the value of true blockchain disruption and may increase vendor lock-in.

    A smart space is a physical or digital environment in which humans and technology-enabled systems interact in increasingly open, connected, coordinated and intelligent ecosystems. Multiple elements — including people, processes, services and things — come together in a smart space to create a more immersive, interactive and automated experience for a target set of people and industry scenarios.

    “This trend has been coalescing for some time around elements such as smart cities, digital workplaces, smart homes and connected factories. We believe the market is entering a period of accelerated delivery of robust smart spaces with technology becoming an integral part of our daily lives, whether as employees, customers, consumers, community members or citizens,” said Cearley.

    Digital ethics and privacy is a growing concern for individuals, organizations and governments. People are increasingly concerned about how their personal information is being used by organizations in both the public and private sector, and the backlash will only increase for organizations that are not proactively addressing these concerns.

    Clarley cautioned that while privacy and security are foundational components in building trust, trust is actually about more than just these components. Trust is the acceptance of the truth of a statement without evidence or investigation. Ultimately an organization’s position on privacy must be driven by its broader position on ethics and trust. Shifting from privacy to ethics moves the conversation beyond ‘are we compliant’ toward‘ to ‘are we doing the right thing’.”

    Quantum computing (QC) is a type of non-classical computing that operates on the quantum state of subatomic particles (for example, electrons and ions) that represent information as elements denoted as quantum bits (qubits). The parallel execution and exponential scalability of quantum computers means they excel with problems too complex for a traditional approach or where a traditional algorithm would take too long to find a solution.

    “CIOs and IT leaders should start planning for QC by increasing understanding and how it can apply to real-world business problems. Learn while the technology is still in the emerging state. Identify real-world problems where QC has potential and consider the possible impact on security,” said Cearley. “But don’t believe the hype that it will revolutionize things in the next few years. Most organizations should learn about and monitor QC through 2022 and perhaps exploit it from 2023 or 2025.”

    The post Gartner lists top 10 strategic technology trends for 2019 appeared first on FutureIoT.

    ]]>
    Cryptominers leveraging IoT devices — McAfee https://futureiot.tech/cryptominers-leveraging-iot-devices-mcafee/ Wed, 26 Dec 2018 08:56:04 +0000 https://futureiot.tech/?p=2323 McAfee Labs saw an average of 480 new threats per minute and a sharp increase in malware targeting IoT devices.

    The post Cryptominers leveraging IoT devices — McAfee appeared first on FutureIoT.

    ]]>
    Cryptocurrency mining, or cryptomining, which Webopedia defines as a process in which transactions for various forms of cryptocurrency are verified and added to the blockchain digital ledger, has attracted cybercriminals.

    A recent report from McAfee revealed that among the threat activities recorded in the third quarter of 2018 involves cryptomining and the internet of things (IoT).

    During the period, McAfee Labs saw an average of 480 new threats per minute and a sharp increase in malware targeting IoT devices.

    The report noted that IoT devices such as cameras or video recorders have not typically been used for cryptomining because they lack the CPU power of desktop and laptop computers.

    “However, cybercriminals have taken notice of the growing volume and lax security of many IoT devices and have begun to focus on them, harnessing thousands of devices to create a mining super-computer,” the report revealed.

    McAfee said new malware targeting IoT devices grew 72 percent, with total malware growing 203 percent in the last four quarters. New coinmining malware, on the other hand, grew nearly 55 percent, with total malware growing 4,467 percent in the last four quarters.

    Cryptomining malware has also increased 71 percent as miners leverage lax security and the volume of IoT devices.

    Threats to IoT target a variety of hardware, including IP cameras, home routers, and smart devices. These threats generally affect Linux-based systems, according to McAfee.

    “We would not usually think of using routers or IoT devices such as IP cameras or video recorders as cryptominers because their CPUs are not as powerful as those in desktop and laptop computers. However, due to the lack of proper security controls, cybercriminals can benefit from volume over CPU speed. If they can control thousands of devices that mine for a long time, they can still make money,” the report read.

    McAfee Labs, however, noted fewer security incidents in Q3, reporting only 215 publicly disclosed security incidents, a decrease of 12 percent from Q2. Forty-four percent of all publicly disclosed security incidents took place in the Americas, followed by 17 percent in Europe and 13 percent in Asia-Pacific.

    Incidents targeting financial institutions rose 20 percent, as McAfee researchers observed an increase in spam campaigns leveraging uncommon file types, an effort to increase chances of evading basic email protections.

    Disclosed incidents targeting health care remained stagnant, while the public sector decreased 2 percent, and education sector decreased 14 percent.

    The post Cryptominers leveraging IoT devices — McAfee appeared first on FutureIoT.

    ]]>
    Cybeats secures $3M investment for IoT security, lifecycle management https://futureiot.tech/cybeats-secures-3m-investment-for-iot-security-lifecycle-management/ Wed, 26 Dec 2018 02:17:44 +0000 https://futureiot.tech/?p=2310 Canadian cybersecurity company Cybeats Technologies has raised US$3 million in funding to expand its team in Toronto and overseas.

    The post Cybeats secures $3M investment for IoT security, lifecycle management appeared first on FutureIoT.

    ]]>
    Canadian cybersecurity company Cybeats Technologies has raised US$3 million in funding to expand its team in Toronto and overseas.

    The Ontario-based company which provides security and lifecycle management for Internet of Things (IoT) devices was founded in 2016. Its technologies allow devices to detect threats instantly and gather data to neutralize threats and monitor for new ones.

    The seed round announced this month was led by early-stage venture capital fund Ripple Ventures, with investment from real estate technology venture capital fund GreenSoil Building Innovation Fund, and participation from MaRS IAF, MLA48, ScaleX and inovia capital.

    The company said the funding will be used to expand sales, research and development, and Cybeats’ enterprise capabilities with a focus on smart buildings, medical devices and critical infrastructure.

    “With the proliferation of IoT devices where we work, live, travel and shop, and increase in the number of access points prone to malware attacks, it is critical that we adopt a new approach to cybersecurity for all network-connected devices,” said Dmitry Raidman, co-founder and CEO of Cybeats.

    “The security certification of IoT devices is imperative in order to detect and neutralize these growing threats. Cybeats provides an efficient, simple solution to monitor and overcome security threats,” he added.

    As part of the financing, Cybeats welcomes to its board Matt Cohen, Founder and Managing Partner, Ripple Ventures and Susan McArthur, Managing Partner, GreenSoil Building Innovation Fund.

    “Ripple Ventures is extremely excited to be leading this investment in Cybeats as they help detect and prevent more cyber attacks from occurring,” said Matt Cohen, Founder and Managing Partner, Ripple Ventures. “We look forward to working closely with Cybeats as they expand their solutions globally.”

    Co-founded by former Israeli IT infosec professionals, Dmitry Raidman, Peter Pinsker and Vlad Kharbash, Cybeats is the recipient of the 2018 IoT Global Awards in both the Security IoT and Big Data, Cloud and Analytics categories.

    The post Cybeats secures $3M investment for IoT security, lifecycle management appeared first on FutureIoT.

    ]]>
    How eUICC addresses challenges of connected cars https://futureiot.tech/how-euicc-addresses-challenges-of-connected-cars/ Thu, 20 Dec 2018 04:01:19 +0000 https://futureiot.tech/?post_type=whitepaper&p=2279 [...] Accessing FutureIoT Premium Content Welcome! To access Premium content and more, please login below. Not a Premium member yet? Register now for a free account! Username or Email Password  Remember Me Forgot Password Alternatively,

    The post How eUICC addresses challenges of connected cars appeared first on FutureIoT.

    ]]>
    [...]

    Accessing FutureIoT Premium Content

    Welcome! To access Premium content and more, please login below.

    Not a Premium member yet? Register now for a free account!

    Forgot Password

    Alternatively,

    The post How eUICC addresses challenges of connected cars appeared first on FutureIoT.

    ]]>
    IoT deployments driving calls for better digital security https://futureiot.tech/iot-deployments-driving-calls-for-better-digital-security/ Mon, 17 Dec 2018 04:07:22 +0000 https://futureiot.tech/?p=2231 Critical infrastructures are radically transforming on an unprecedented scale, boosted by a rapid adoption of ‘smart’ operational technologies. Cybersecurity is a growing part of that evolution. ABI Research forecasts security spending for the protection of critical infrastructures will hit $125 billion globally by 2023. Three primary drivers are pushing better digital security in sectors such […]

    The post IoT deployments driving calls for better digital security appeared first on FutureIoT.

    ]]>
    Critical infrastructures are radically transforming on an unprecedented scale, boosted by a rapid adoption of ‘smart’ operational technologies. Cybersecurity is a growing part of that evolution. ABI Research forecasts security spending for the protection of critical infrastructures will hit $125 billion globally by 2023.

    Three primary drivers are pushing better digital security in sectors such as utilities, transport, and healthcare: digital transformation and increased connectivity of operational technologies; democratisation of cyber attacks targeting critical infrastructure; and a maturing market for industrial and IoT security.

    “Connected OT has enabled optimization and greater efficiency for decades-old legacy systems, cutting costs and vastly improving operations for operators,” said Michela Menting, Research Director at ABI Research.

    But it has also introduced new vulnerabilities and opened new threat vectors to previously air-gapped technologies. The first specialized attacks against industrial control systems are over a decade old, and the attack tools and methods are accessible to even the most common cybercriminals.

    Fortunately, the cybersecurity industry has been working in parallel to address that security gap between IT and OT. As a result, security solutions for industrial control systems and IoT have been fast maturing, rendering them more widely available and affordable.

    “So, while critical infrastructure operators face an expanding threat landscape, they also have greater choice and support in terms of digital protection of their OT and IT systems. Security budgets have increased significantly, which is encouraging news for those sectors which have long lagged in digital security,” Menting explained.

    However, these positive developments face-off against several obstacles plaguing critical infrastructures: a macro-focus slowdown by governments regarding national cybersecurity strategies, especially in the U.S., and the E.U., continued resistance to cybersecurity regulation and sectoral information sharing, and cyber threat fatigue leading to general apathy regarding cybersecurity by the private sector. Many stakeholders view cybersecurity as a check-box exercise for one-time spending rather than investing on a continuous basis.

    “Consequently, while current security spending levels are significantly higher compared to just a few years ago, there is still significant room for further investment, both from an awareness and an implementation perspective,” she concluded.

    These findings are from ABI Research’s Critical Infrastructure Security report. This report is part of the company’s Digital Security research service, which includes research, data, and Executive Foresights.

    The post IoT deployments driving calls for better digital security appeared first on FutureIoT.

    ]]>
    Botnets rising: Nokia warns of surging IoT malware activity https://futureiot.tech/botnets-rising-nokia-warns-of-surging-iot-malware-activity/ Fri, 07 Dec 2018 01:22:45 +0000 https://futureiot.tech/?p=2155 IoT botnet activity accounted for 78 percent of malware detection events in communication service provider (CSP) networks in 2018.

    The post Botnets rising: Nokia warns of surging IoT malware activity appeared first on FutureIoT.

    ]]>
    Can someone stop the bots?

    IoT botnet activity accounted for 78 percent of malware detection events in communication service provider (CSP) networks in 2018, according to Nokia's Threat Intelligence Report 2019.

    A botnet is a system of computers that can be infected with malicious software and controlled by a single computer for doing things like stealing bank account information and shuttering websites.

    The Finnish telecommunications company has warned that malware threats against IoT devices could get worse as consumer adoption of internet-connected devices such as smart home security monitoring system grows.

    This will be exacerbated by new 5G capabilities — including extreme broadband, ultra-low latency connectivity, and massive networking.

    "Cybercriminals are switching gears from the traditional computer and smartphone ecosystems and now targeting the growing number of vulnerable IoT devices that are being deployed,” said Kevin McNamee, director of Nokia's Threat Intelligence Lab and lead author of the report.

    In 2018, he said IoT bots made up 16 percent of infected devices in CSP networks, up significantly from the 3.5 percent observed in 2017.

    However, there are thousands more of connected gadgets IoT device manufacturers want to move from production to market.

    "Cybercriminals have increasingly smart tools to scan for and to quickly exploit vulnerable devices, and they have new tools for spreading their malware and bypassing firewalls. If a vulnerable device is deployed on the internet, it will be exploited in a matter of minutes," McNamee said.

    The  5G connection

    Since the sale of its mobile device business to Microsoft in September 2013, Nokia has focused on its mobile network equipment business. It has since re-entered the consumer electronics business, with HMD Global becoming the exclusive manufacturer of Nokia-branded phones and tablets outside Japan.

    The Finnish company has also started working on 5G networks.

    In its 3Q earnings report, it said that while it expects a 1 to 3 percent decline in the market for its network business in 2018, it sees customer demand for 5G, with commercial 5G network deployments expected to begin near the end of 2018.

    Industry analysts widely expect IoT device adoption to accelerate with 5G. The high bandwidth, large-scale and ultra-low latency capabilities of 5G greatly facilitate connecting billions of things to the internet, including smart home security monitoring systems, vehicles, drones, and medical devices.

    The post Botnets rising: Nokia warns of surging IoT malware activity appeared first on FutureIoT.

    ]]>
    Voice startup Pindrop raises $60M to secure IoT devices https://futureiot.tech/voice-startup-pindrop-raises-60m-to-secure-voice-enabled-iot-devices/ Thu, 06 Dec 2018 01:45:36 +0000 https://futureiot.tech/?p=2147 Singapore's EDBI, the corporate investment arm of the Singapore Economic Development Board, is among Pindrop's new investors.

    The post Voice startup Pindrop raises $60M to secure IoT devices appeared first on FutureIoT.

    ]]>
    Atlanta-based voice security startup Pindrop has raised US$60 million in Series D funding to bring security to internet of things (IoT) devices.

    Singapore's EDBI, the corporate investment arm of the Singapore Economic Development Board, is among the investors.

    Voice interaction has become the de facto interface for human-to-machine communication, and Pindrop sees future possibilities for voice biometrics security.

    Pindrop currently provides security and authentication for calls in banks, insurers, and retailers. It secures call centers and claims that 8 of the 10 largest banks and 5 of the 7 largest insurance companies in the United States are its customers.

    Co-Founder and CEO Vijay Balasubramaniyan is looking at the future of voice as it moves beyond the voice channel and towards voice-enabled devices.

    “This investment enables us to quickly boost our advancements in consumer IoT and voice technology while also continuing to strengthen our market-leading solutions for anti-fraud and authentication solutions for the global enterprise,“ he said in a media statement.

    Investors' vote of confidence

    The latest funding round has brought to US$212.8 million the total funding received by Pindrop since it was founded in 2011, according to Crunchbase,

    European equity firm Vitruvian Partners led the funding round, which include other strategic investors such as Allegion Ventures, Cross Creek, Dimension Data, Singapore-based EDBI, and Goldman Sachs. Existing investors — CapitalG, IVP, Andreessen Horowitz, GV  (formerly Google Ventures), and Citi Ventures also invested in the round.

    David Nahama, Senior Partner at Vitruvian Partners, said the London-headquartered firm is confident that Pindrop is “poised for massive expansion given the company’s engineering expertise, pioneering efforts in machine learning technology, and patent portfolio.”

    Pinboard sees the new infusion of capital would help advance its security and identity solutions for voice-assisted smart devices ranging from Google Home to smart locks to connected cars.

    Regional presence

    The mix of investors hints at the company’s intention to boost presence in different markets.  

    Manama said one of Vitruvian’s key goals for the investment is to see the company’s growth and expansion in key European markets.

    In the Asia-Pacific, Singapore’s EDBI, a global technology investor, is expected to drive the company’s growth progress in Asian markets, according to Pindrop.

    “Voice is fast emerging as the next generation human user interface (UI) with wide consumer and commercial applications, yet security remains a major concern,” said Chu Swee Yeok, Chief Executive and President of EDBI.

    “Our investment in Pindrop is in line with Singapore’s trusted position as both a leading global financial center in Asia and a development hub for new human-centric digital services,” Chu added.  

    Meanwhile, global technology integrator Dimension Data, a subsidiary of Japan's NTT Docomo, is expected to “accelerate and scale Pindrop’s go to market strategy across the global enterprise.”

    Pindrop said it will also be working with Allegion Ventures, a corporate venture fund of global security products and solutions provider Allegion plc.

    “Voice-enabled interfaces are expanding how consumers interact with IoT devices in their everyday lives – as well as IoT manufacturers’ ability to offer smarter and stronger solutions,” said Allegion Ventures President Rob Martens.

    “We’re excited about the future of voice technology and see Pindrop as a pioneer in the space. We look forward to working with Vijay and his team to accelerate the adoption of voice technology into new markets,” he added.

    Beyond call center fraud

    In an interview with Bloomberg in February 2017, Balasubramaniyan disclosed that US companies are losing US$10 billion to voice fraud a year.

    "When we started the company, 1 in every 2000 calls into call centers are fraudulent, but now it has dropped to 1 in every 900," he said.

    In September 2018, Pindrop released a voice intelligence report which finds, among others, that "with advancements in technology, the average fraudster's toolbox is more advanced than ever" because of developments in machine learning and AI technology.

    “The opportunity for voice to serve as a primary interface is becoming a reality due to integrations with IoT devices, the takeoff of voice assistants and more,” Balasubramaniyan said in a media statement then.

    “In turn, advanced voice technology is falling into the hands of bad actors and we’re seeing a dramatic spike in voice fraud,” he added.

     

    The post Voice startup Pindrop raises $60M to secure IoT devices appeared first on FutureIoT.

    ]]>
    Top IoT protocols MQTT, CoAP have major flaws, warns Trend Micro https://futureiot.tech/top-iot-protocols-mqtt-coap-have-major-flaws-warns-trend-micro/ Wed, 05 Dec 2018 17:27:14 +0000 https://futureiot.tech/?p=2145 Japanese cybersecurity firm has uncovered major design flaws and vulnerabilities two popular machine-to-machine (M2M) protocols — Message Queuing Telemetry Transport (MQTT) and Constrained Application Protocol (CoAP). Trend Micro researchers have identified more than 200 million MQTT messages and more than 19 million CoAP messages being leaked by exposed brokers and servers in the past four […]

    The post Top IoT protocols MQTT, CoAP have major flaws, warns Trend Micro appeared first on FutureIoT.

    ]]>
    Japanese cybersecurity firm has uncovered major design flaws and vulnerabilities two popular machine-to-machine (M2M) protocols — Message Queuing Telemetry Transport (MQTT) and Constrained Application Protocol (CoAP).

    Trend Micro researchers have identified more than 200 million MQTT messages and more than 19 million CoAP messages being leaked by exposed brokers and servers in the past four months.

    “Using simple keyword searches, malicious attackers could locate this leaked production data, identifying lucrative information on assets, personnel and technology that can be abused for targeted attacks,” the security company said.

    The report, which is co-branded with Politecnico di Milano, “The Fragility of Industrial IoT’s Data Backbone,” shows how attackers could remotely control IoT endpoints or deny service by leveraging security issues in the design, implementation and deployment of devices using the two protocols.

    According to the report, MQTT is a communication protocol that facilitates one-to-many communication mediated by brokers. CoAp, on the other hand, is a client-server protocol that, unlike MQTT, is not yet standardized.

    It further stated that MQTT is preferred over CoAP for mission-critical communications because it can enforce quality of service and ensure message delivery. CoAP, for its part, is preferred for gathering telemetry data transmitted from transient, low-power nodes like tiny field sensors.

    “What we found was striking: Hundreds of thousands of MQTT and CoAP hosts combined are reachable via public-facing IP addresses. Overall, this provides attackers with millions of exposed records. Finding exposed endpoints in virtually every country is feasible due to the inherent openness of the protocols and publicly searchable deployments,” the study emphasized.

    Greg Young, Vice President of Cybersecurity for Trend Micro, said in a media statement this should be cause for organizations to take a serious, holistic look at the security of their OT environments.

    “These protocols weren’t designed with security in mind, but are found in an increasingly wide range of mission critical environments and use cases. This represents a major cybersecurity risk. Hackers with even modest resources could exploit these design flaws and vulnerabilities to conduct reconnaissance, lateral movement, covert data theft and denial-of-service attacks,” he said.

    The post Top IoT protocols MQTT, CoAP have major flaws, warns Trend Micro appeared first on FutureIoT.

    ]]>
    Visual analytics power the smart city vision https://futureiot.tech/visual-analytics-power-the-smart-city-vision/ Tue, 04 Dec 2018 04:37:50 +0000 https://futureiot.tech/?p=2089 The impression many people hold of an Asian city is one of unplanned, unregulated, and uncontrolled growth. Whether this is fair comment or not, the rapid and increasing pace of urbanisation across the region means Asian cities have no choice but to become more organised and efficient. Improved management of every aspect of city life, […]

    The post Visual analytics power the smart city vision appeared first on FutureIoT.

    ]]>
    The impression many people hold of an Asian city is one of unplanned, unregulated, and uncontrolled growth.

    Whether this is fair comment or not, the rapid and increasing pace of urbanisation across the region means Asian cities have no choice but to become more organised and efficient. Improved management of every aspect of city life, from socio-economic issues to the provision of infrastructure, the delivery of public services and the ensuring of public safety and security is essential if Asia’s vast urban conglomerations are to fulfil their potential.

    [ihc-hide-content ihc_mb_type="show" ihc_mb_who="2" ihc_mb_template="3"]

    How are these lofty aims to be accomplished?

    Smart governments are starting to recognise that a significant investment in ICT is needed to tackle the huge variety of issues their cities face. In order to transform themselves into efficient, people-centric metropolises, they will increasingly need to leverage data analytic technologies across various information sources. This will allow them to extract reliable, predictable and actionable insights, assist in strategic decision-making, and deliver improved performance management.

    According to IDC, 92% of public sector offices in the region believe in using ICT as a means to meet their operational and strategic objectives.

    Asia Pacific, ahead of the curve

    A good example of a city that is already putting ICT technologies to work is Singapore. Here, the government has embraced the potential of data analytics to help solve the multi-faceted challenges of urban planning in the 21st century.

    Singapore’s reputation as one of Asia’s best-managed cities is the result of a constant pro-active effort by the authorities to stay ahead of the curve, managing the demands of population growth against a constant factor of space constraint. With a mere 710 square kilometre (sq km) at its disposal, the government must allow for both city and country functions, taking into account the sometimes conflicting needs of housing, recreational space, industrial land, commercial and retail space, military training, transportation and more.

    Another city that is ahead is Hong Kong. Here, the government’s Digital 21 Strategy forms the blueprint for the development of ICT in the Special Administrative Region of Hong Kong (SAR). It sets out the framework for Hong Kong to leverage the use of data analytics to help solve the multi-faceted challenges of urban planning in the 21st century.

    Similarly, with an area of just over 1,100 sq km at its disposal, Hong Kong is the fourth most densely populated city on earth. The SAR needs a constant pro-active effort by the authorities to stay ahead of the curve, managing the demands of population growth against a constant factor of space constraint.

    The question is how the application of ICT can translate raw data into effective action, to improve the lives of citizens in the real world.

    The New Urban Map

    Hong Kong’s 2030 Plus planning strategy is a case in point. The Plan, published in October 2016, envisions transforming the city into a more livable place with larger flats, more public space for relaxing, a cycling- and pedestrian-friendly transport system, and scenic country parks protected from development. These moves will require land reclamation as well as tackling the difficulties in developing brownfield sites – degraded agricultural land occupied by things like car parks, container storage, vehicle repair sites, and recycling yards[1].

    While for Singapore, the Urban Redevelopment Authority is using urban planning and predictive systems to understand the implications of different land use scenarios, and new predictive tools for city planning are also being tested locally. The URA sees geospatial technology, data and analytics as strategic tools for urban planning.

    Security is another area that will benefit from the application of data analytics. For example, accurate high-resolution feeds from building sensors and CCTV cameras can allow a city to make decisions on how to improve district-level security.

    Technology as an enabler

    A starting point in this, as well as all implementations of technology, is to recognise that technology is only an enabler driven by business outcomes. These outcomes are integrated planning, optimised infrastructure and engaged stakeholders.

    The technology to gather and analyse massive amounts of data is already here, and is constantly evolving. What is needed to put this to practical use for the residents of Asian cities is a commitment on the human level – to share data feeds and sensor information among different agencies and authorities, in both the public and private sectors.

    City planners need to embrace the technology that is available and demonstrate a willingness to experiment and test-bed new ideas, using analytics to measure the effectiveness of each idea in contributing to a process of constant improvement.

    [1] https://www.scmp.com/news/hong-kong/economy/article/2040744/hong-kong-governments-plan-new-towns-and-reclaimed-islands

    [/ihc-hide-content]

    The post Visual analytics power the smart city vision appeared first on FutureIoT.

    ]]>
    IoT 2018: statistics, use cases and trends https://futureiot.tech/iot-2018-statistics-use-cases-and-trends/ Fri, 30 Nov 2018 00:50:28 +0000 https://futureiot.tech/?post_type=whitepaper&p=2047 Calsoft Inc, product engineering and consulting services provider, has put together an ebook from various industry sources to provide insights into the development of Internet of Things (IoT) including use cases and trends. The ebook describes the IoT platform, IoT stack, advancements in IoT, IoT ecosystem and the technologies underway around IoT. It also presents […]

    The post IoT 2018: statistics, use cases and trends appeared first on FutureIoT.

    ]]>
    Calsoft Inc, product engineering and consulting services provider, has put together an ebook from various industry sources to provide insights into the development of Internet of Things (IoT) including use cases and trends.

    The ebook describes the IoT platform, IoT stack, advancements in IoT, IoT ecosystem and the technologies underway around IoT. It also presents current challenges for the technology as well as a list (not exhaustive) of vendors offering IoT products and platforms.

    Download the ebook here.

    The post IoT 2018: statistics, use cases and trends appeared first on FutureIoT.

    ]]>
    IoT 2020: Smart and secure IoT platform https://futureiot.tech/iot-2020-smart-and-secure-iot-platform/ Fri, 30 Nov 2018 00:37:23 +0000 https://futureiot.tech/?post_type=whitepaper&p=2044 Internet of Things (IoT) market forecasts show that IoT is already making an impact on the global economy. While estimates of the economic impact during the next five to ten years vary slightly (IDC estimates US$1.7 trillion in 2020, Gartner sees a benefit of US$2 trillion by that time, and McKinsey predicts growth of US$4 trillion […]

    The post IoT 2020: Smart and secure IoT platform appeared first on FutureIoT.

    ]]>
    Internet of Things (IoT) market forecasts show that IoT is already making an impact on the global economy. While estimates of the economic impact during the next five to ten years vary slightly (IDC estimates US$1.7 trillion in 2020, Gartner sees a benefit of US$2 trillion by that time, and McKinsey predicts growth of US$4 trillion to USD 11 trillion by 2025), there seems to be a consensus that the impact of IoT technologies is substantial and growing.

    This International Electrotechnical Commission (IEC) White Paper provides an outlook on what the next big step in IoT – the development of smart and secure IoT platforms – could involve. These platforms offer significant improvements in capabilities in the field of security and bridge the gaps between different existing IoT platforms, which usually consist of “legacy” systems that have not been designed for IoT purposes.

    IEC concludes by formulating recommendations both of a general nature as well as specifically addressed to the IEC and its committees. The principal recommendations proposed for the IEC include:

    • Taking the lead in establishing an IoT standardization ecosystem environment with IEC exercising a key role.
    • Assigning tasks to the ISO/IEC JTC 1 leadership concerning key IoT standardization activities.
    • Working more closely with government entities to increase their level of participation and to identify the related requirements and concerns to be addressed by IEC deliverables.

    Download the whitepaper here.

    The post IoT 2020: Smart and secure IoT platform appeared first on FutureIoT.

    ]]>
    Bain: The real battleground in IoT https://futureiot.tech/bain-the-real-battleground-in-iot/ Fri, 30 Nov 2018 00:15:38 +0000 https://futureiot.tech/?p=2041 Bain & Company predicts that the Internet of Things (IoT) market will more than double to US$520 billion by 2021. However, optimistic growth predictions should be tempered by expectations about the pace of adoption. [ihc-hide-content ihc_mb_type="show" ihc_mb_who="2" ihc_mb_template="3"] The consultancy says a key to unlocking pent-up demand lies in IoT vendors addressing barriers to adoption, […]

    The post Bain: The real battleground in IoT appeared first on FutureIoT.

    ]]>
    Bain & Company predicts that the Internet of Things (IoT) market will more than double to US$520 billion by 2021. However, optimistic growth predictions should be tempered by expectations about the pace of adoption.

    [ihc-hide-content ihc_mb_type="show" ihc_mb_who="2" ihc_mb_template="3"]

    The consultancy says a key to unlocking pent-up demand lies in IoT vendors addressing barriers to adoption, providing more targeted solutions, and easing integration concerns.

    “Our survey found that vendors are aligned with customers’ concerns about some barriers, such as security, returns on investment, but less so on others – notably integration, interoperability and data portability,” Ann Bosche, a partner in Bain & Company’s Global Technology Practice and an IoT expert.

    “Based on our experience with previous technology cycles, the key to addressing these concerns lies in focusing on fewer industries in order to learn what customers really want and need to ease adoption,” she added.

    Bain highlights three areas holding back Industrial IoT adoption: security, integration with existing technology, and uncertain returns on investment.

    On a positive note, Bain also lists out three universal themes for IoT vendors: Focus on getting a few industries and use cases right; offer end-to-end solutions to ease adoption; prepare to scale by removing barriers to adoption.

    Michael Schallehn, a partner in Bain's Technology practice, shares the three things executives should consider when deciding how to expand into the industrial IoT sector.

    [/ihc-hide-content]

    The post Bain: The real battleground in IoT appeared first on FutureIoT.

    ]]>
    How safe are consumer IoT devices? Mozilla’s guide shows what’s creepy https://futureiot.tech/how-safe-are-consumer-iot-devices-mozillas-guide-shows-whats-creepy/ Sun, 25 Nov 2018 03:31:33 +0000 https://futureiot.tech/?p=1941 The Mozilla guide, aptly called ‘Privacy Not Included,’ reviews about 86 connected devices that most consumers may want to purchase this Christmas

    The post How safe are consumer IoT devices? Mozilla’s guide shows what’s creepy appeared first on FutureIoT.

    ]]>
    Asia’s Single’s Day festival and the United State’s Black Friday sales have come and gone. But the retail frenzy isn’t over.

    A cursory look at what the major retailers are offering for Cyber Monday, or the Monday after Thanksgiving which marketers have cooked up as a day for online shopping, reveals a flood of gadgets riding the crest of the popularity of consumer electronic devices.

    Mozilla, however, cautions that these smart connected things might pose some online risks to consumers.

    “Teddy bears that connect to the internet. Smart speakers that listen to commands. Great gifts—unless they spy on you. We created this guide to help you buy safe, secure products this holiday season,” Mozilla said in its website.

    Now on its second edition, Mozilla’s gadget guide provides a framework for understanding the risk factors to consider before buying a connected device.

    Creepy or not?

    Mozilla’s guide has three basic questions to assess a device’s ability to spy on its users: Does it have a camera? How about a microphone? Is it tracking your location?

    Cameras, microphones, and location tracking capability are either embedded in the device or in the accompanying app used to control the device or both. 

    Mozilla also asks users as well to evaluate a product based on whether it uses product encryption, share information with third parties, allows a user or parental controls, provide security update and delete data its stores about the user.

    The guide wants users to dig deeper and take time to learn how a company manages security vulnerabilities, and what it would do if something goes wrong with the device.

    ‘Privacy not Included’

    The Mozilla guide, aptly called ‘Privacy Not Included,’ reviews about 86 connected devices that most consumers may want to purchase this Christmas under six categories — Toys and Games (18), Smart Home (20), Entertainment (14), Wearable (14), Health & Exercise (11), and Pets (9).


    Of this number, less than half (38 percent) or just 33 devices have been given the seal of approval as they were deemed to have met Mozilla’s minimum security requirements.

    These gadgets include the popular gaming devices Nintendo Switch, PS4, Xbox One, and fashionable wearables Samsung Gear Sport, the Fitbit 3 Tracker, the Garmin Vivo Sport, and Apple Watch.

    Many Amazon gadgets also received Mozilla's seal, including the Amazon Fire TV, Amazon Fire HD Kids Edition, Amazon Fire HD Tablet, and the Amazon Echo & Dot, and even the Amazon Cloud Cam Security Camera.

    Interestingly, many of the connected toys and baby monitors didn’t get Mozilla's nod, but most home products that receive voice commands were deemed safe.

    Consumer opinion, however, may diverge. The Mozilla guide features a Creep-O-Meter for the public to share their opinion on whether they judge the devices as creepy, a little creepy, somewhat creepy, very creepy or super creepy. 

    Security awareness needed

    A Trend Micro poll recently revealed that only 14 percent of organizations globally have complete awareness of the threat of the Internet of Things (IoT). How much more consumers?

    In Asia-Pacific, consumers are conflicted about the promise of the IoT as shown in the findings of an Internet Society study that shows nine in 10 do not trust IoT manufacturers and service providers to secure their device.

    Earlier this year, security firms Kaspersky Lab and Sophos have sounded out the growing and continued threat of mobile and IoT malware.

    In this undated blog post, Kaspersky Lab has offered an insight into why and how connected mobile devices pose a security threat to users.

    Ultimately, the consumers decide. But let it not be said that they haven't been warned.

    The post How safe are consumer IoT devices? Mozilla’s guide shows what’s creepy appeared first on FutureIoT.

    ]]>
    Sophos sees continued threat of mobile, IoT malware in 2019 https://futureiot.tech/sophos-sees-continued-threat-of-mobile-iot-malware-in-2019/ Fri, 23 Nov 2018 09:18:54 +0000 https://futureiot.tech/?p=1949 “As homes and businesses adopt more internet-connected devices, criminals have been devising new ways to hijack those devices to use as nodes in huge botnet attacks,” security firm Sophos said in its most recent threat report. The report, produced by SophosLabs researchers, explores changes in the threat landscape over the past 12 months, uncovering trends […]

    The post Sophos sees continued threat of mobile, IoT malware in 2019 appeared first on FutureIoT.

    ]]>
    “As homes and businesses adopt more internet-connected devices, criminals have been devising new ways to hijack those devices to use as nodes in huge botnet attacks,” security firm Sophos said in its most recent threat report.

    The report, produced by SophosLabs researchers, explores changes in the threat landscape over the past 12 months, uncovering trends and how they are expected to impact cybersecurity in 2019.

    Sophos said that among the many trends that SophosLabs saw in 2018 is the significant growth in the volume of attacks targeting internet of things (IoT) devices.

    Though many of the cases simply involve changing default passwords to prevent reinfection, there were a few standout cases such as the VPNFilter, which was first discovered as an unexpected process running on a family of home routers.

    “A discovery of malware that affected a broad class of home and small business networking devices in 2018 brought home the potential impact of malware that could persist on, and in some cases, permanently destroy those devices,” Sophos said.

    With illegal Android apps on the increase, 2018 has seen also an increased focus in malware being pushed to phones, tablets, and other IoT devices.

    “Elsewhere, Mirai Aidra, Wifatch, and Gafgyt delivered a range of automated attacks that hijacked networked devices to use as nodes in botnets to engage in distributed denial-of-service attacks, mine cryptocurrency and infiltrate networks,” Sophos said.

    The report added that criminals can likewise leverage botnets to engage in distributed denial-of-service attacks (DdoS), mine cryptocurrency, infiltrate networks for the purposes of espionage or data theft, or even create chaos by “bricking” the device, taking it permanently offline or demanding a ransom to restore it to full functionality.”

    Joe Levy, CTO, Sophos, as referenced in the SophosLabs 2019 Threat Report,  said that the threat landscape is undoubtedly evolving.

    “Less-skilled cybercriminals are being forced out of business, the fittest among them step up their game to survive and we’ll eventually be left with fewer, but smarter and stronger, adversaries,” he was quoted as saying.

    The post Sophos sees continued threat of mobile, IoT malware in 2019 appeared first on FutureIoT.

    ]]>
    Asia-Pacific consumers want IoT devices, but security concerns cloud purchase decisions https://futureiot.tech/asia-pacific-consumers-want-iot-devices-but-security-concerns-cloud-purchase-decisions/ Thu, 22 Nov 2018 01:15:08 +0000 https://futureiot.tech/?p=1928 It looks like consumers in Asia-Pacific are conflicted about the promise of the internet of Things (IoT). A recent survey in 22 countries across the region reveals that the majority of respondents already own devices connected to the internet and have plans to purchase more. Yet, nine in 10 said they do not trust IoT […]

    The post Asia-Pacific consumers want IoT devices, but security concerns cloud purchase decisions appeared first on FutureIoT.

    ]]>
    It looks like consumers in Asia-Pacific are conflicted about the promise of the internet of Things (IoT).

    A recent survey in 22 countries across the region reveals that the majority of respondents already own devices connected to the internet and have plans to purchase more.

    Yet, nine in 10 said they do not trust IoT manufacturers and service providers to secure their device.

    The Internet Society, a non-profit organization dedicated to ensuring the open development and use of the Internet, polled nearly 1,000 Internet users on IoT security and privacy risks.

    The results reveal a wide chasm between a burgeoning appetite for connected things — other than the smartphone — and concerns on the perceived lack of security features of these new connected devices.

    Device ownership

    For the longest time, the smartphone is the darling of the consumer world, desired by the geeks and the not-so-geeks of almost equal measure. Hence, the world has over five billion mobile subscribers and counting. But perhaps, not for long.

    The Internet Society Survey on Policy Issues in Asia-Pacific 2018 reveals that the majority of respondents already own devices connected to the internet and have plans to purchase more.

    Seven in 10 respondents own at least one IoT device, close to half own three or more devices,  and close to three-fourths plan to purchase an IoT device in the next 12 months, the poll noted.

    The most popular of these IoT devices were internet-connected appliances like smart TVs and refrigerators; connected wearables; fitness monitors; and voice command systems like Google Home and virtual reality headsets.

    There are differing opinions on whether or not consumer IoT has gone beyond the early adopter stage, but at this stage, some insecurities have set in.

    Device insecurity

    The poll revealed that 60 percent of those who do not own an IoT device now said they are unlikely to use an IoT device if there are no guarantees that the personal information collected will be fully protected.

    Eighty-one percent were worried about their personal information being leaked while 73 percent were worried that hackers may take control of their devices and used them to commit crimes.

    Seventy-two percent have concerns about hackers gaining access to personal information, and a further 71 percent were worried about being monitored without their knowledge or consent

    These findings have an impact in purchase decisions as two in three respondents say that security is one of the key factors that would influence their decision to purchase an IoT device. The device features, pricing, and device brand were other considerations.

    Device insecurity
    INFOGRAPHIC by FutureIoT

    Desire for control

    The survey noted that despite overwhelming concerns about security and privacy, consumers in APAC feel they do not have the ability to protect themselves or fail to do so.

    Only half of those who own an IoT device have changed default passwords, and only a third have read the privacy and policy terms and conditions of their device.  

    Of those who did not change device passwords, 30 percent decided not to, 10 percent did not know how, and close to 50 percent claimed their device did not have one.

    Despite this seeming lack of a proactive stance to secure their devices, 9 in 10 consumers would like security and privacy protections to come as standard across all IoT devices, and the same number wished for a security guarantee through a trust mark of certification label to be implemented.

    The poll also noted that 84 percent of respondents desire the option to delete personal data collected.

    Other wish lists include: knowing what kinds of personal data the IoT device captures (84 percent), knowing who can access this information (83 percent), knowing how this information is used (77 percent), knowing where this information is stored (72 percent). 

    "There is a need to ensure that manufacturers and suppliers of IoT products and services protect consumers and the privacy of their data. Currently, the measures that are in place do not match the degree of concern from current and future owners of IoT devices," said Rajnesh Singh Regional Director of the Asia-Pacific Regional Bureau at the Internet Society, said in a media statement.

    The post Asia-Pacific consumers want IoT devices, but security concerns cloud purchase decisions appeared first on FutureIoT.

    ]]>
    Gartner IoT from the edge to the cloud https://futureiot.tech/gartner-iot-from-the-edge-to-the-cloud/ Tue, 20 Nov 2018 22:34:39 +0000 https://futureiot.tech/?p=1910 A coherent Internet of Things strategy is key to the success of an organization's digital business transformation. Gartner Research VP Mark Hung says successful implementation and management of that strategy involve both new technical and organizational know-how. Click above to watch Mark Hung, Research VP, Gartner talks about the implementation process that follow an IoT […]

    The post Gartner IoT from the edge to the cloud appeared first on FutureIoT.

    ]]>
    A coherent Internet of Things strategy is key to the success of an organization's digital business transformation. Gartner Research VP Mark Hung says successful implementation and management of that strategy involve both new technical and organizational know-how.

    Click above to watch Mark Hung, Research VP, Gartner talks about the implementation process that follow an IoT journey.

    The post Gartner IoT from the edge to the cloud appeared first on FutureIoT.

    ]]>
    Trend Micro poll reveals organizations' lack of IoT security awareness https://futureiot.tech/trend-micro-poll-reveals-organizations-lack-of-iot-security-awareness/ Tue, 20 Nov 2018 03:19:31 +0000 https://futureiot.tech/?p=1899 A Trend Micro poll highlights the need to improve awareness of IoT threats in the enterprise.

    The post Trend Micro poll reveals organizations' lack of IoT security awareness appeared first on FutureIoT.

    ]]>
    As organizations begin to deploy IoT projects to drive innovation, agility and digital transformation, a Trend Micro poll highlights the need to improve awareness of IoT threats in the enterprise.

    The survey noted that only 14 percent of respondents say they have a complete organizational awareness of IoT threats.

    Meanwhile, 37 percent claimed they are not always able to define their security needs before implementing IoT solutions. This despite the fact that 59 percent of corporate IoT attacks target office devices.

    Overall, 86 percent of surveyed IT and security decision-makers across the globe believe their organization needs to improve its awareness of IoT threats.  

    The survey, jointly conducted with research firm Vanson Bourne, polled 1,150 IT and security decision-makers across five countries, including USA, UK, France, Germany, and Japan, between 1 April and 25 May 2018.

    Kevin Simzer, chief operating officer for Trend Micro, said in a media statement that a common theme in cyber attacks today is that many are driven by a lack of security awareness.

    “It’s a good first step to see that IT leaders recognize awareness levels need to rise across the organization,” he said.

    The survey noted that the lack of IoT security awareness leaves companies increasingly exposed to potentially damaging cyber attacks. This is because aside from office devices, manufacturing and the supply chain are also the next likely targets of attacks.

    The study noted that “when an attacker compromises these devices, they can also gain access to the greater corporate network to conduct even more damaging attacks.”  

    “We recommend business leaders clearly acknowledge the IoT security challenges affecting their company, understand where their security requirements, and invest accordingly to make their security goals a reality,” Simzer said.

     

    The post Trend Micro poll reveals organizations' lack of IoT security awareness appeared first on FutureIoT.

    ]]>
    BlackBerry acquires Cylance for $1.4 B to strengthen IoT security push https://futureiot.tech/blackberry-acquires-cylance-for-1-4-b-to-strengthen-iot-security-push/ Sun, 18 Nov 2018 23:27:20 +0000 https://futureiot.tech/?p=1888 BlackBerry has announced the acquisition of California-based cybersecurity provider Cylance for US$1.4 billion in cash.

    The post BlackBerry acquires Cylance for $1.4 B to strengthen IoT security push appeared first on FutureIoT.

    ]]>
    BlackBerry has announced the acquisition of California-based cybersecurity provider Cylance for US$1.4 billion in cash.

    The announcement on November 16, 2018 closely followed the September launch of BlackBerry Spark, an Enterprise of Things (EoT) platform which the company said is designed for ultra-security and industry-specific safety-certifications.

    The Ontario-based BlackBerry is taking its push into software and services a notch higher with the new AI-based cybersecurity platform that Cylance will be bringing into the company.

    “Cylance’s leadership in artificial intelligence and cybersecurity will immediately complement our entire portfolio," said John Chen, Executive Chairman and CEO of BlackBerry, in a statement.

    Founded in 2012, Cylance has over 3,500 active enterprise customers, including more than 20 percent of the Fortune 500. It was no. 18 on Forbes’ Cloud 100 list and No. 10 on Deloitte’s Technology Fast 500. It also has over 100 patents and patent applications in cyber security and machine learning.

    Moreover, Cylance’s technical team of over 300 software engineers and data scientists will be joining BlackBerry.

    Cylance Co-Founder and CEO Steve McClure said its skilled cybersecurity workforce will be a perfect fit within BlackBerry.

    “Our customers, teams, and technologies will gain immediate benefits from BlackBerry’s global reach,” he said in a statement.

    Though the company he co-founded will operate as a separate business unit within BlackBerry Limited, McClure will continue to lead Cylance, reporting to Chen.

    According to data from Crunchbase, Cylance has raised a total of US$297 million in five founding rounds before the BlackBerry acquisition, the latest of which is the Series E funding from Blackstone Tactical Opportunities in June 2018 for US$120 million.

    Eye on security

    Security has been cited as the top barrier to the success of the internet of things (IoT). In its most recent IoT Backbone Survey, research firm Gartner revealed that 35 percent of poll respondents cited security as a challenge.

    Privacy concerns (25 percent), and potential risks, and liabilities in (25 percent) in the top five.

    At the BlackBerry Security Summit 2018 in New York in October, Chen talked about the BlackBerry Spark as a “most secure” platform for EOT.

    The post BlackBerry acquires Cylance for $1.4 B to strengthen IoT security push appeared first on FutureIoT.

    ]]>
    BlackBerry is back; unveils plans, partnerships in IoT https://futureiot.tech/blackberry-is-back-unveils-plans-partnerships-in-iot/ Fri, 19 Oct 2018 01:56:30 +0000 https://futureiot.tech/?p=1601 BlackBerry launched BlackBerry Spark, an Enterprise of Things (EoT) platform, which it said is “built for ultra-secure hyperconnectivity from the kernel to the edge.”

    The post BlackBerry is back; unveils plans, partnerships in IoT appeared first on FutureIoT.

    ]]>
    Moving from 'mobile-first' to 'thing-first,' Canadian smartphone maker BlackBerry has been transitioning to become a software and services company for years, the path it has taken since its handset empire has been overtaken in the market by Android and iOs devices.

    It’s focus this time: providing secure access to the Internet of Things (IoT).

    This year, it appears to be moving faster and closer to this new corporate core. In September, it launched BlackBerry Spark, an Enterprise of Things (EoT) platform, which it said is “built for ultra-secure hyperconnectivity from the kernel to the edge.”

    It said this platform will allow original equipment manufacturers (OEMs) to “make complex things” such as autonomous vehicles and industrial equipment securely.” The bigger claim, however, is that it would “allow people to use and trust any hyperconnected thing.”

    BlackBerry envisions its EoT to work in diverse fields, including healthcare, human resources, transportation, financial services, and government.

    Early this month, new partnerships and milestones were announced to push forward with this EoT vision.

    First, it launched an operating system for secure medical devices, QNX OS for Medical 2.0, which it said is meant for developing robotic surgical instruments, patient monitoring systems, infusion pumps, blood analysis systems, and other safety-critical products that must pass stringent regulatory approval.

    It also announced that its carrier-grade network operation center (NOC) will power a blockchain digital ledger, provided by ONEBIO, to create an ultra-secure global ecosystem for the storing and sharing of medical data.

    To leverage these resources in real-industry settings, BlackBerry has partnered with the Mackenzie Innovation Institute (Mi2) to drive innovation in healthcare through research, education, and training.

    Richard Tam, Chief Financial Officer of Mi2, said the two organizations will focus on comprehensive security, patient privacy, and intelligent connectivity.

    “By developing a deeper understanding and exploring how our ‘smart’ systems operate with BlackBerry Spark, we aim to uncover new ways to connect, protect and intuitively manage smart technologies in a hospital and positively impact high-quality patient care,” Tam said.

    Another partnership unveiled was its collaboration with the Melanoma Institute Australia (MIA) to advance skin care research.

    Under the agreement, scientists and doctors in different hospitals can use BlackBerry Workspaces to save and share data from medical histories and clinical trials to assess the effectiveness of treatments and interventions.

    Ernie White, Chief Information Officer of Melanoma Institute of Australia, said that any new technology must support its clinical journey as it expands its research network.

    Managing IoT endpoints may be the core focus now of the Ontario-based BlackBerry, but it has yet to nail solid long-term growth.

    For the quarter ending on August 31, 2018, BlackBerry reported revenues of just $214 million, primarily because of the continued fall of its legacy device business. Software and services, however, brought in $197 million, just around 1 percent from a year ago but still a substantial 92 percent of the business.

    John Chen, Executive Chairman and CEO of BlackBerry, affirmed in a media statement that the growth was driven by sequential growth in the BlackBerry Technology Solutions and Enterprise Software and Services business.

    The outlook moving forward is further software and services revenue growth of between 8 to 10 percent year-over-year.

    The post BlackBerry is back; unveils plans, partnerships in IoT appeared first on FutureIoT.

    ]]>
    UK gov’t releases ‘world first’ IoT Code of Practice https://futureiot.tech/uk-govt-releases-world-first-iot-code-of-practice/ Wed, 17 Oct 2018 00:31:41 +0000 https://futureiot.tech/?p=1582 The UK government has unveiled a 'world first' Internet of Things (IoT) Code of Practice to ensure the security of connected consumer devices at the design stage.

    The post UK gov’t releases ‘world first’ IoT Code of Practice appeared first on FutureIoT.

    ]]>
    The UK government has unveiled a 'world first' Internet of Things (IoT) Code of Practice to ensure the security of connected consumer devices at the design stage.

    This came on the heels of the introduction of a landmark legislation in the US state of California — the IoT cybersecurity law — that also aims to have built-in security features that can guard against attack or intrusion.

    The UK measure is also expected to guide manufacturers secure internet-connected devices, including home alarm systems, refrigerators, and toys.

    The British government disclosed that the within the next three years, the projection is that over 420 million IoT devices will be in use in the country, and poorly secured devices can leave people exposed to security issues and even large scale-cyber attacks.

    Prior to the release of the Code of Practice, the Department for Digital, Culture, Media and Sport (DCMS) and the National Cyber Security Centre (NCSC) have undertaken a ‘Secure by Design’ review "to embed security in the design process of new technology rather than bolt it on as an afterthought."

    While adherence to the code is voluntary, tech companies HP Inc. and Centrica Hive Ltd. have signed up to partner with the government in putting together the building blocks of IoT cybersecurity.

    “The pledges by HP Inc. and Centrica Hive Ltd are a welcome first step but it is vital other manufacturers follow their lead to ensure strong security measures are built into everyday technology from the moment it is designed,” said Margot James, Minister for Digital.

    Hence, the government has also published a mapping document to make it easier for other manufacturers to join the initiative.

    13 guidelines

    The document released by the Department of Digital, Culture, Media and Sport outlines 13 guidelines manufacturers of consumer devices can implement into their product’s design.

    These include making sure that devices have no factory default passwords, which had been a source of many security issues in the past; implementing a vulnerability disclosure policy so that any issues can be acted on in a timely manner; keeping the software updated throughout the product lifecycle and ensuring software integrity; and making installation and maintenance of devices easy.

    The Code wants manufacturers as well to design devices that can securely store credentials and security-sensitive data, ensure that personal data is protected, make it easy for consumers to delete personal data, communicate securely, and make systems resilient to outages.

    The Code also defines the kind of devices that the ruling may be applied to and these include connected children’s toys and baby monitors; safety  products such as smoke detectors and door locks; smart cameras, TVs and speakers; wearable health trackers; connected home automation and alarm systems; connected appliances (e.g. washing machines, fridges); and smart home assistants.

    “With the amount of connected devices we all use expanding, this world-leading Code of Practice couldn’t come at a more important time,” said Dr. Ian Levy, the NCSC’s Technical Director.

    “We want retailers to only stock internet-connected devices that meet these principles so that UK consumers can trust that the technology they bring into their homes will be properly supported throughout its lifetime,” he added.

    The Code, however, acknowledges that "supply chains of IoT products can be complex and international, often involving multiple component manufacturers and service providers."

    As such, the code, at this stage, is only meant to initiate and facilitate a security mindset among stakeholders.

    This initiative is a key part of the government’s five-year, £1.9-billion National Cyber Security Strategy.

     

    The post UK gov’t releases ‘world first’ IoT Code of Practice appeared first on FutureIoT.

    ]]>
    California’s new IoT cybersecurity law could have broader implications in Asia https://futureiot.tech/californias-new-iot-cybersecurity-law-could-have-broader-implications-in-asia/ Thu, 11 Oct 2018 02:26:22 +0000 https://futureiot.tech/?p=1552 California Governor Jerry Brown signed on September 28, 2018, the first cybersecurity law on the Internet of Things (IoT) enacted in the United States.

    The post California’s new IoT cybersecurity law could have broader implications in Asia appeared first on FutureIoT.

    ]]>
    [vc_row][vc_column][vc_column_text]Effective January 1, 2020, connected devices sold in California would have built-in security features designed to protect against unauthorized access, destruction, use, modification, or disclosure.

    This was among the provisions of Senate Bill No. 327 signed into law by California Governor Jerry Brown on September 28, 2018, the first cybersecurity law on the Internet of Things (IoT) enacted in the United States.

    According to the law, “connected device” means any device or other physical objects that is capable of connecting to the Internet, directly or indirectly, and that is assigned an Internet Protocol address or Bluetooth address.”

    These devices could be anything from phones to microwave ovens to refrigerators to thermostats and voice assistants to cars.

    Setting a security standard for device manufacturers may have been a timely move as the installed base of IoT devices is forecast to grow to almost 31 billion worldwide by 2020, with the IoT market projected to be worth over $1 billion annually from 2017 onwards, according to Statista.

    Mixed Reactions

    Security firm Trend Micro commented in a corporate blog post that California's IoT law highlights the need for built-in security and the growing move toward security-by-design.

    “Its enforcement could help reduce attacks through device vulnerabilities, incidents in which users are the frequent victims. More importantly, this law can reduce the burden of users who have had to compensate for the unstandardized level of security in currently available connected devices,” Trend Micro said.

    The MIT Technology Review commented that “it’s not hard to see why such legislation is needed.”

    It explained, “Barely a day goes by without some new report of hackers compromising all kinds of products, from web-connected dolls to security cameras. And billions of new connected devices will be flooding onto the market over the next few years.”

    FutureIoT reported on October 8, 2018, that IoT-malware grew three-fold in the first half of the year.

    Among the provisions of the new law is that “preprogrammed password is unique to each device manufactured” and the “device contains a security feature that requires a user to generate a new means of authentication before access is granted to the device for the first time.”

    A Washington Post article, however, said that the law only protects against a small portion of cyber threats.

    “But eliminating weak default passwords is an elementary move that only offers a basic safeguard against a sliver of digital threats,” the article stated.

    “The fact that it's only California that's taking action — and is considered a trailblazer for such a simple step that many security experts think should already be a best practice — underscores the challenges facing policymakers and manufacturers when it comes to improving the notoriously poor security of connected devices,” it added.

    The article, however, acknowledged that setting IoT security standards is “a step toward defending against cyber attacks such as the massive Mirai botnet that harnessed the power of hijacked devices to disable major websites in 2016.”

    Broader implications

    An article in the China Law Blog pointed out that “most IoT products being made in China by foreign companies are being sold in the United States, including California,” the new law has broader implications in China and maybe in other parts of Asia as well.

    SB 327 defined device manufacturers as “persons who manufacture, or contract with another person to manufacture on the person’s behalf, connected devices that are sold or offered for sale in California.”

    This places the burden of “equipping devices with a reasonable security feature” not only to contractors but more specifically the manufacturers of the device.

    As the blog post pointed out: “It is important to emphasize that SB-327 does not impose any requirements on users of IoT devices, but rather on manufacturers. This will essentially mean that companies that manufacture qualifying devices may need to re-do or re-develop or maybe even re-invent their IoT products.”

    Security-by-design has a long way to go, and both supporters and critics of the landmark California law are one in saying that this could just be the beginning of a long journey.

    “It demonstrates the role governments and their respective regulatory bodies play in promoting security through guiding principles that can usher the safer development and deployment of IoT devices,” Trend Micro said.

    Photo by Kai Pilger from Pexels[/vc_column_text][/vc_column][/vc_row]

    The post California’s new IoT cybersecurity law could have broader implications in Asia appeared first on FutureIoT.

    ]]>
    IoT-malware grew three-fold in H1 2018 https://futureiot.tech/iot-malware-grew-three-fold-in-h1-2018/ Mon, 08 Oct 2018 03:57:30 +0000 https://futureiot.tech/?p=1481 IoT malware is on the rise. Malware attacking connected devices has tripled in the first half of 2018, Kaspersky Lab’s IoT report reveals. During the period, the security firm found more than 120,000 modifications of malware in IoT devices, which it said is more than triple the IoT malware seen in the whole of 2017. […]

    The post IoT-malware grew three-fold in H1 2018 appeared first on FutureIoT.

    ]]>
    IoT malware is on the rise.

    Malware attacking connected devices has tripled in the first half of 2018, Kaspersky Lab’s IoT report reveals.

    During the period, the security firm found more than 120,000 modifications of malware in IoT devices, which it said is more than triple the IoT malware seen in the whole of 2017.

    “Compared to personal computers and smartphones, IoT devices might not seem powerful enough to attract cybercriminals and be used in their illegal activity. However, their lack of performance is more than outweighed by their number, and the fact that some smart gadget manufacturers are still not paying enough attention to the security of their products,” said Mikhail Kuzin, a security researcher at Kaspersky Lab.

    He added that even if vendors begin to provide their devices with better security now, it will be a while before old vulnerable devices have been phased out of homes.

    “In addition, IoT malware families are customizing and developing very fast, and while previously exploited breaches have not been fixed, criminals are constantly discovering new ones,” he added.

    The security expert explained that cybercriminals can turn simple machines into a powerful device for illegal activity, such as spying, stealing, and blackmailing.

    In Kaspersky’s research, the smart devices most often attacked were routers. The remaining share of compromised IoT gadgets included a variety of gadget types such as DVR-devices and printers and even washing machines.

    The statistics also show that the most popular method of IoT malware propagation is still the brute forcing of passwords or repetitive attempts at various password combinations.

    Cybercriminals may have different reasons to exploit IoT, according to Kaspersky, but the most popular goal is to facilitate DDoS-attacks by creating botnets. Some malware modifications are also tailored to turn off competing malware, fix its own vulnerabilities, and shut down vulnerable services on the device.

    It said the brute force was used in 93 percent of detected attacks. In most of the remaining cases, access to an IoT device was gained using well-known exploits.

    Photo by rawpixel.com from Pexels

    The post IoT-malware grew three-fold in H1 2018 appeared first on FutureIoT.

    ]]>
    Smart home journey: consumer hold up https://futureiot.tech/smart-homer-journey-consumer-hold-up/ Mon, 01 Oct 2018 07:59:11 +0000 https://futureiot.tech/?p=1460 Seven years ago, I embarked on my smart home journey, although I didn’t know it at the time. Being an avid gamer and student in college, I subscribed to a broadband internet service and setup my wireless home network. This allowed me to compete in online video games through my gaming console, connect my laptop […]

    The post Smart home journey: consumer hold up appeared first on FutureIoT.

    ]]>
    Seven years ago, I embarked on my smart home journey, although I didn’t know it at the time. Being an avid gamer and student in college, I subscribed to a broadband internet service and setup my wireless home network. This allowed me to compete in online video games through my gaming console, connect my laptop to the internet, and stream movies on my tablet. What I didn’t realize back then was that I had just laid the necessary infrastructure in my home to support a lifestyle of comfort, convenience, security, and cost savings that I would come to enjoy seven years later.

    Today my smart home consists of a rich ecosystem of Internet of Things (IoT) devices – including five smart speakers, four smart thermostats, three streaming media players, two smart cameras, one robot vacuum, and a bevy of internet-connected light bulbs – that collectively make my life more organized, informed, entertained, secure, and save my household money.

    My smart thermostats respond to my habits and adjust accordingly, saving me money and reducing my energy consumption. I have peace of mind that my packages won’t be stolen from my front door thanks to my smart cameras. In the basement, a robot vacuum cleaner allows me to exercise in comfort without stepping in cat litter every day.

    When I frequently forget to turn the lights off in my home office, I can simply open an app on my phone and turn them off without having to walk up three flights of stairs, and even set a schedule to turn them off automatically. I save money on my cable bill by choosing a basic package and instead stream most of my TV shows and movies through my streaming sticks and video game consoles.

    Most importantly, my experiences with all these devices are dramatically enhanced by my smart speakers, through which I use my smart assistant to access services and control everything with just my voice.

    In light of all the benefits I enjoy from having a smart home today, however, my journey has not been easy, and I find myself wanting more. Not just more devices, which would be nice, but more richer experiences where my devices can all communicate with each other and adjust according to my preferences, habits, and interactions of other devices.

    Like many consumers, I have found it has been an expensive and complex journey thus far, and I’m finding it increasingly difficult to justify the costs to push my smart home to the next level. For example, to equip all the lights in my home with smart bulbs will cost several hundreds of dollars.

    I also worry about my privacy and the security of my devices, and as both an industry analyst and consumer I find myself wondering: what’s holding others back from embarking on their own smart home journeys, and what’s stopping those that already have from moving to the next level?

    The smart home market by the numbers

    IDC’s recent smart home forecast shows the total number of smart home device shipments reaching 306.2 million units by the end of 2018, and up to 591.9 million devices by the end of 2022. This includes devices ranging from smart lights, thermostats, and speakers, to home monitoring and security devices, video entertainment devices, appliances, and others.

    The market for these devices is still in its early days, however, with IDC’s recent Consumer IoT Survey indicating that only two in five respondents that have a wireless home network engage with at least one home automation, monitoring and control application.

    Figure 1: U.S. smart home device shipments by product type, 2017-2022

    Smart devices by shipment

    Source: IDC’s Consumer Internet of Things Survey, June 2018 (N=296)

    Streaming video from the internet to the television remains a key stepping-stone for consumers in the evolution of their digital homes, moving from connected computing and communication devices to connected entertainment devices. Generally, consumers take on networked video entertainment applications, such as streaming online video to the television, before adopting home automation, video monitoring, and control applications.

    This segment currently represents the largest share of the volume of smart home device shipments each year and today accounts for almost half of the market. Given that broadband penetration for US households is nearing saturation, and networked video entertainment devices are much sought-after, what’s holding consumers back from pushing adoption rates higher for other devices?

    Leading barriers to smart home adoption

    IDC’s Consumer IoT Survey indicates that a perceived lack of need and value, concerns about privacy and security, and costs are the top concerns keeping them from translating interest in smart home applications into actually purchasing home IoT devices – issues that have dampened the category since its inception.

    Figure 2: Reasons why consumers are not using smart home devices

    Source: IDC’s Consumer Internet of Things Survey, June 2018 (N=296)

    Security and privacy are undoubtedly major concerns for most consumers. Top privacy concerns center around information collection and sharing without permission, while leading security concerns focus on identity theft and unauthorized control of devices. Most consumers are generally unhappy or unsure about sharing information with first-party device makers; but the majority of them are decidedly against sharing information with third-party companies and organizations.

    Among consumers that are not concerned about security, there is a high degree of comfort and trust in protections to remedy any security breach. Perhaps not surprisingly, the intensity of privacy and security concerns increases with age, peaking for those aged 55-64, and the willingness to share information or data with vendors and third-parties is strongest for millennials, high income households, and males.

    The journey ahead for consumers and vendors

    The road ahead for consumers in their smart home evolutions is paved with both promise and uncertainty. There is much to be gained from deploying smart home devices that can make a household more efficient in time, energy, and costs. But the threat of security breaches and having to sacrifice privacy – not to mention the total costs involved with deploying IoT-enabled devices – will continue to inhibit the market’s growth for the foreseeable future.

    On the supply side of the market, smart home device makers and service providers need to:

    • Demonstrate clear value by showing consumers the ways in which connected devices can work in concert to bring about newfound conveniences
    • Be mindful that consumers are sensitive to prices, security, and privacy issues
    • Remove the complexity and uncertainty that surround smart home ecosystems, build trust, and tailor their marketing efforts to the right audience

    On the demand side, consumers need to:

    • Do more to explore the ways in which smart home devices can enrich their lives by researching companies and products to make informed decisions
    • Talking to friends and family members that are further along in their smart home journeys can be a helpful way to better understand which products best meet their own needs

    Learn more about consumers’ adoption of and attitudes toward smart home devices and applications – including market drivers, inhibitors, leading use cases, and more – by downloading IDC’s 2018 Consumer Internet of Things Survey: Home Automation, Monitoring, and Control.

    This article is first published on IDC

    The post Smart home journey: consumer hold up appeared first on FutureIoT.

    ]]>
    IEC: Orchestrating infrastructure for sustainable smart cities https://futureiot.tech/iec-orchestrating-infrastructure-for-sustainable-smart-cities/ Thu, 13 Sep 2018 15:49:01 +0000 https://futureiot.tech/?post_type=whitepaper&p=1403 By 2050, it is projected that 67% of the global population will live in cities. Smart cities are necessary to reduce emissions and to handle this rapid urban growth. However cities, as we know them, are faced with a complex challenge – the traditional processes of planning, procuring and financing are not adequate for the […]

    The post IEC: Orchestrating infrastructure for sustainable smart cities appeared first on FutureIoT.

    ]]>
    By 2050, it is projected that 67% of the global population will live in cities. Smart cities are necessary to reduce emissions and to handle this rapid urban growth. However cities, as we know them, are faced with a complex challenge – the traditional processes of planning, procuring and financing are not adequate for the needs of smart cities. Their development requires the right environment for smart solutions to be effectively adopted and used.

    Electricity is core in any urban infrastructure system and the key enabler of cities development, so IEC has a specific role to play in the development of smart city standards. Delivering the full value of standards to accelerate the development of smart cities and lower its costs also clearly needs a strong collaboration of all city stakeholders.

    This White Paper explains what it needs to move cities to greater smartness; the what, who and how of smart city development. It calls for a wide collaboration between many stakeholders, including other international standardization bodies to ultimately lead to integrated, cost-efficient, and sustainable solutions.

    This White Paper was prepared by the IEC Market Strategy Board (MSB) project team on smart cities in cooperation with Centre for European Policy Studies (CEPS).

    Click here to download the whitepaper.

    The post IEC: Orchestrating infrastructure for sustainable smart cities appeared first on FutureIoT.

    ]]>
    IoT: too big and buggy to patch? https://futureiot.tech/iot-too-big-and-buggy-to-patch/ Thu, 13 Sep 2018 04:04:57 +0000 https://futureiot.tech/?p=1361 The Internet of Things (IoT) will never be too big to fail, although it is hard to conceive of the entire thing failing at once, unless every power grid on the planet goes down simultaneously. But it is in danger of increasing incremental failure because it is too big to patch, according to author, encryption […]

    The post IoT: too big and buggy to patch? appeared first on FutureIoT.

    ]]>
    The Internet of Things (IoT) will never be too big to fail, although it is hard to conceive of the entire thing failing at once, unless every power grid on the planet goes down simultaneously.

    But it is in danger of increasing incremental failure because it is too big to patch, according to author, encryption guru, and premier blogger Bruce Schneier.

    Schneier, CTO of IBM Resilient Systems, wrote a post this past June mainly focused on the disclosure of serious flaws in encryption standards OpenPGP and S/MIME, which are used by numerous email clients to keep communications private.

    Proof of Concept for IoT vulnerabilities

    A team of researchers had published a proof of concept that they could trick any of those vulnerable clients by altering an email sent to it, resulting in a plaintext copy of the email sent to a server controlled by an attacker.

    One reason it’s a serious problem is that dozens of email clients were using a standard that has been around for nearly three decades. The researchers said they found that plaintext exfiltration channels existed for 25 of the 35 tested S/MIME email clients and 10 of the 28 tested with OpenPGP.

    The other reason is that vulnerable people – journalists, political dissidents in repressive regimes, whistleblowers, and human rights advocates – rely on those clients to protect their privacy, and therefore their personal safety.

    And it is all going to take a while to fix since, as Schneier put it, it involves multiple, “communities without clear ownership.”

    “In this case, there's nothing wrong with PGP or S/MIME in and of themselves,” he wrote. “Rather, the vulnerability occurs because of the way many email programs handle encrypted email.”

    Which led Schneier to what he sees as a much bigger problem, given that, “the Internet is shifting from a set of systems we deliberately use – our phones and computers – to a fully immersive Internet-of-Things world that we live in 24/7 … (where) vulnerabilities will emerge through the interactions of different systems.”

    It also suffers, he said, from many vendors not even having the expertise and capability to patch the software in what they sell, because it is frequently designed by, “offshore teams that come together, create the software, and then disband …”

    Many devices, he noted, aren’t patchable at all – the only way to “fix” a digital video recorder that is vulnerable to being conscripted as part of a botnet is to, “throw it away and buy a new one.”

    Or, an example with a much higher risk to personal safety was the notice about a year ago from the federal Food and Drug Administration that 465,000 implantable cardiac pacemakers from Abbott (formerly St. Jude Medical) needed a firmware update to prevent an attacker from doing things like depleting the battery or causing “inappropriate pacing.”

    The FDA said it would only take three minutes to update the firmware, but it couldn’t be done remotely – it required a visit to a doctor’s office – something that might not be quickly accessible for every patient.

    Beyond that is the continuing explosive growth of the IoT – Intel has estimated that by 2020 – less than two years away – there will be more than 200 billion connected devices in use.

    Bottom line

    “Patching is starting to fail, which means that we're losing the best mechanism we have for improving software security at exactly the same time that software is gaining autonomy and physical agency,” he wrote.

    Which raises the obvious question: What should IoT developers, manufacturers, and the software security industry do about it?

    Schneier’s view is well known. He has testified before Congress in favour of government mandates for basic security standards for IoT devices because, as he as written on his blog numerous times, the market won’t do it. “It’s hard to see any other viable alternative (than government intervention),” he wrote.

    Differing opinion

    That gets mixed reviews from other security experts, in part because not everybody shares such a bleak view of the current state of the IoT.

    Zach Lanier, principal research consultant with Atredis Partners, says he doesn’t think the situation is as ominous as Schneier does, but agrees that “the gap between ‘patchability’ of disparate components – from overall firmware to specific components like OS/RTOS, drivers, applications, etc. – is very wide and may certainly be growing, especially with the introduction of niche IoT vendors and their respective devices.”

    But Jesse Victors, a security consultant with the Synopsys Software Integrity Group, said it simply isn’t the case that every, or even most, devices are built by a team that disbands as soon as it has completed a project.

    “I disagree with the premise,” he said. “I see the emergence of IoT devices managed by well-known companies, such as Samsung, Nest, Tesla, Apple, Google, or Amazon. These companies have dedicated teams to their IoT infrastructure, respond to security researchers, and push updates on their own initiative or when pressured to do so.”

    And regarding the design flaws in OpenPGP and S/MIME, Larry Trowell, associate principal consultant with Synopsys Software Integrity Group, said while, “patching the lack of authenticated encryption in the design at this stage would be a herculean task,” that the problem can be avoided simply by not using it, “in tangent with an automated software retrieval process, but for manual file verification and signature checks.

    “Sometimes pieces of software just don’t work correctly together,” he said.

    Useless regulation

    And neither Victors nor Trowell think government regulation and oversight will fix the security problems that ail the IoT.

    Indeed, the federal government has a poor track record securing its own data, never mind devices. Just two examples are the breach of the Office of Personnel Management (OPM), discovered in 2014, and the compromise of National Security Agency (NSA) hacking tools in 2016.

    “Government certification does not work for making cryptographic libraries secure,” Victors said, “and it will be equally ineffective for IoT security.”

    He said he has seen proposals for federal certification bodies, “but I foresee them falling behind in technical understanding, not adapting to new technologies and connectivity relationships, encouraging IoT manufacturers to hide infrastructure, or generally being toothless.”

    Trowell added that government involvement could, “infringe on the right to repair and the ability to tinker with devices.”

    And Victors believes there are other, and better, “viable alternatives” to government regulation.

    He said an independent, consumer-friendly organization could rank IoT devices in areas like, “whether it transmits user data overseas, whether it self-applies firmware updates, whether it is exposed to the public Internet, whether the company is maintaining it, and so on.”

    A body like that, he added, could also coordinate the sometimes contentious relationship between security researchers and vendors when it comes to reporting the discovery of vulnerabilities.

    Of course, a majority of the security failures that plague the IoT could be avoided by “building security in” to products from the start of the design phase throughout the development lifecycle.

    But even that wouldn’t eliminate every vulnerability. Lanier said it will likely take a systemic overhaul. It’s not just vendors and developers who need security expertise, but platform manufacturers and service operators do as well.

    “In some cases, they do provide sane and secure defaults, security features, appropriate feedback mechanisms for when something is ‘not okay,’ and robust, usable software/firmware update mechanisms,” he said.

    “I don't know that there's really a clear answer on how to fix this en masse, but the IoT-device-du-jour building on a platform/stack that "doesn't suck" is a good start.”

    Victors agrees that IoT devices must be designed to allow firmware upgrades easily – which is not the case in most WiFi routers in use today.

    A huge percentage of them, “are rarely upgraded; their owners are not aware or not technically savvy enough to perform the upgrade, or the device itself cannot download the patches and upgrade itself.

    “This absolutely needs to change,” he said. “We cannot assume that the first production version will be sufficient over the long term.”

    Trowell’s view is that even though the market hasn’t fixed the problem yet, it remains the only viable way to do it. “I don’t think one country or one government mandating the fix is going to do much,” he said. “I think it will only change when the majority of consumers care and demand it.”

    Will that happen? Lanier is dubious along with Schneier. “Outside of clued-in organizations or enterprises that actually do some kind of risk analysis on random IoT devices being introduced into their networks, I don't see most end users – consumers – really making security-conscious decisions any time soon,” he said.

    The post IoT: too big and buggy to patch? appeared first on FutureIoT.

    ]]>
    Do you really want IoT to see everything? https://futureiot.tech/do-you-really-want-iot-to-see-everything/ Thu, 13 Sep 2018 01:32:22 +0000 https://futureiot.tech/?p=1355 Imagine a world where your fridge will let the supermarket know that you're running out of milk, where the devices on you will let your doctor know that you're ready for a check-up. A connected, smarter world, where our online identity is created by the devices around us - that's the Internet of Things. But […]

    The post Do you really want IoT to see everything? appeared first on FutureIoT.

    ]]>
    Imagine a world where your fridge will let the supermarket know that you're running out of milk, where the devices on you will let your doctor know that you're ready for a check-up.

    A connected, smarter world, where our online identity is created by the devices around us - that's the Internet of Things. But will this be the age of convenience - or the end of privacy?

    The KPMG report “Risk or reward: What lurks within your IoT?” outlines some of the security issues arising from an IoT environment.

    Watch the video for a quick recap of the risks that come with IoT.

    The post Do you really want IoT to see everything? appeared first on FutureIoT.

    ]]>
    The dark side of smart devices https://futureiot.tech/the-dark-side-of-smart-devices/ Thu, 13 Sep 2018 01:24:31 +0000 https://futureiot.tech/?p=1352 We all like to have things more conveniently delivered to us. Hence applications like Siri and Google Home were designed to help realize this desire. But what happens when a device like a Google Home decides to take action based on what it hears? Jeremy Pizzala, Global Cybersecurity Leader, EY, discusses cyber risk and the […]

    The post The dark side of smart devices appeared first on FutureIoT.

    ]]>
    We all like to have things more conveniently delivered to us. Hence applications like Siri and Google Home were designed to help realize this desire. But what happens when a device like a Google Home decides to take action based on what it hears?

    Jeremy Pizzala, Global Cybersecurity Leader, EY, discusses cyber risk and the internet of things (IoT) with Nathan Lynch, Regional Bureau Chief, APAC, Financial Crime & Risk, Thomson Reuters at the Thomson Reuters Regulatory Summit, Hong Kong, held on 10 October 2017.

    Watch the video for a quick recap of the risks that come with IoT.

    The post The dark side of smart devices appeared first on FutureIoT.

    ]]>
    Deloitte Insights: data security and IoT https://futureiot.tech/deloitte-insights-data-security-and-iot/ Thu, 13 Sep 2018 01:15:28 +0000 https://futureiot.tech/?p=1349 Enterprises and businesses are racing to understand and develop solutions that will address issues like customer centricity, operational efficiency, safety at work, as well as lowering the cost of doing business. In a number of these scenarios, the Internet of Things (IoT) is envisioned to be a primary supporting technology driving innovation. Deloitte Insight wants […]

    The post Deloitte Insights: data security and IoT appeared first on FutureIoT.

    ]]>
    Enterprises and businesses are racing to understand and develop solutions that will address issues like customer centricity, operational efficiency, safety at work, as well as lowering the cost of doing business. In a number of these scenarios, the Internet of Things (IoT) is envisioned to be a primary supporting technology driving innovation.

    Deloitte Insight wants that while these smart, connected objects offer tremendous opportunities for value creation and capture, they can also create tremendous risk, demanding new strategies for value protection.

    The consultant warned that a single vulnerable device can leave an entire ecosystem open to attack, with potential disruptions ranging from individual privacy breaches to massive breakdowns of public systems.

    Watch the video for a quick recap of the risks that come with IoT.

    The post Deloitte Insights: data security and IoT appeared first on FutureIoT.

    ]]>
    CirrusLabs Internet of Things Security https://futureiot.tech/cirruslabs-internet-of-things-security/ Sun, 26 Aug 2018 07:06:14 +0000 https://futureiot.tech/?post_type=whitepaper&p=1073 In 2014, the Internet of Things (IoT) had a global market of US$2.99 trillion; by 2020, that number will reach $8.9T, growing at a 19.92% Compound Annual Growth Rate.” The number of IoT-type devices will increase from 6.6 billion in 2016 to 22.5 billion in 2021. As the IoT market grows with device deployments, concerns […]

    The post CirrusLabs Internet of Things Security appeared first on FutureIoT.

    ]]>
    In 2014, the Internet of Things (IoT) had a global market of US$2.99 trillion; by 2020, that number will reach $8.9T, growing at a 19.92% Compound Annual Growth Rate.” The number of IoT-type devices will increase from 6.6 billion in 2016 to 22.5 billion in 2021.

    As the IoT market grows with device deployments, concerns over security will grow with it. Spending on IoT security will reach US$547.2 million in 2018, up from US$433.95 in 2017.

    Such threats include: Communication protocols security, data sniffing and spoofing, denial-of-Service, Man-in-the-Middle attacks, brute forcing, weakened hardware, and weak encryption implementation.

    Download this CirrusLabs whitepaper (PDF) to know more.

    The post CirrusLabs Internet of Things Security appeared first on FutureIoT.

    ]]>
    Smart utilities highly vulnerable to cyber threats https://futureiot.tech/smart-utilities-highly-vulnerable-to-cyber-threats/ Sun, 26 Aug 2018 06:03:28 +0000 https://futureiot.tech/?p=1064 The modernization of utility infrastructures is enabling increased efficiencies and reliability through digitization, connectivity, and IT-based approaches. Smart cyber assets are transforming both power and water grids, allowing operators to deploy and leverage a new generation of functionality and customer services. But the future of these modernization efforts remains at risk as authorities ignore the […]

    The post Smart utilities highly vulnerable to cyber threats appeared first on FutureIoT.

    ]]>
    The modernization of utility infrastructures is enabling increased efficiencies and reliability through digitization, connectivity, and IT-based approaches. Smart cyber assets are transforming both power and water grids, allowing operators to deploy and leverage a new generation of functionality and customer services.

    But the future of these modernization efforts remains at risk as authorities ignore the cyber security posture of these projects. This is exasperated by issues with adapting cybersecurity to OT environments and an overall lack of knowledge and expertise in bridging these divides.

    The lack of sustained public support sends a deflated message to operators in the field about the importance of cybersecurity.

    “Worryingly, both power and water utilities have reported advanced persistent threats which exploit flaws in industrial control systems. More critically, run-of-the-mill cyberthreats such as ransomware and DDoS attacks are increasingly affecting operator’s cyber-assets, both on the back and front-end. Cybersecurity must be a concerted effort by all stakeholders, including the public. With only partial support, the risks intensify,” warned Michela Menting, Research Director of Digital Security at ABI Research.

    While power and water grid stakeholders will spend over US$8 billion globally on cyber-securing utility infrastructures in 2018, only a small portion of that will be dedicated to operational technologies and smart systems. Grid modernization efforts are an ideal time to start designing and integrating digital security and provide an opportunity for adapting existing mechanisms and processes to the OT space -  from industrial control systems to smart meters.

    “Operators and other stakeholders should remain firm in their commitment to cybersecurity, despite the backseat public support. Fortunately, from a private sector perspective, a growing vendor ecosystem –  including companies such as CY-OT, ForeScout, Nokia Networks, Nozomi Networks, OSIsoft, Radiflow, Sierra Nevada Corporation, SkyBox Security, and Smart Energy Networks – is emerging to hopefully address these issues,” Menting concludes.

    These findings and more can be found in ABI Research’s Cybersecurity in Smart Utilities report.

    The post Smart utilities highly vulnerable to cyber threats appeared first on FutureIoT.

    ]]>
    IoT to exacerbate ransomware attacks? https://futureiot.tech/iot-to-exacerbate-ransomware-attacks/ Thu, 09 Aug 2018 01:09:46 +0000 https://enterprisenews280918040.wordpress.com/?p=197 Image courtesy of iStockPhoto/LeoWolfert Cybersecurity Ventures noted that ransomware attacks were the most common type of malware in 2017, and it’s projected that, by the end of 2019, a business will be hit by a ransomware attack every 14 seconds with the resulting damage costs predicted to reach $11.5B annually. Most ransomware recovery solutions enforce […]

    The post IoT to exacerbate ransomware attacks? appeared first on FutureIoT.

    ]]>
    Image courtesy of iStockPhoto/LeoWolfert

    Cybersecurity Ventures noted that ransomware attacks were the most common type of malware in 2017, and it’s projected that, by the end of 2019, a business will be hit by a ransomware attack every 14 seconds with the resulting damage costs predicted to reach $11.5B annually.

    Most ransomware recovery solutions enforce a companywide rollback, meaning even users whose systems were not impacted may lose data. BlackBerry claims that its new ransomware recovery feature can freeze the accounts of affected users, not everyone in the organisation, should their PC computers and synced files become infected.

    With BlackBerry Workspaces, the administrator can check user logs to pinpoint exactly what workspaces, folders and files have been affected, and selectively roll impacted files back to pre-attack versions and without restrictions on how far back it can recover. The ability to precisely remove just the infected files helps organisations avoid the loss of work and productivity that often come with system-wide recovery mechanisms.

    “Beyond data loss, opportunity costs, and reputational risks, downtime resulting from ransomware attacks can inflict real harm on customers in any industry, including healthcare or public safety, where the consequences of any delay can be catastrophic,” said Billy Ho, Executive Vice President of Enterprise Products, BlackBerry.

    “Organisations need to have a strong culture of security to minimise the risk of an attack. And in a worst-case scenario, it’s critical that organisations also have a layered defence model in place and an enterprise technology stack that is designed with the inevitable breach in mind.”

    Connected endpoints in the Enterprise of Things (EoT) have transformed how companies work, deliver goods and services and solve problems, but they also leave companies vulnerable to cyberattacks.

    Alexander Ivanyuk, global director of business development and product marketing at Acronis, warns that laptops, PCs and mobile phones may have some form of protection today but other Internet of Things (IoT) devices remain at risk.

    In a blog post, Ivanyuk cites areas where connected cars, smart homes, medical equipment and wearable devices remain vulnerable from ransomware attacks.

    The post IoT to exacerbate ransomware attacks? appeared first on FutureIoT.

    ]]>
    Trend Micro says security is an afterthought in IoT strategies https://futureiot.tech/trend-micro-says-security-is-an-afterthought-in-iot-strategies/ Wed, 01 Aug 2018 06:55:27 +0000 https://enterprisenews280918040.wordpress.com/?p=177 52% of businesses surveyed report loss of customer trust as the top consequence that would result from a breach and yet 42% of IT and security decision makers say security is an afterthought in their IoT strategies A Trend Micro survey shows that businesses are most concerned about losing customer trust in the event of […]

    The post Trend Micro says security is an afterthought in IoT strategies appeared first on FutureIoT.

    ]]>
    52% of businesses surveyed report loss of customer trust as the top consequence that would result from a breach and yet 42% of IT and security decision makers say security is an afterthought in their IoT strategies

    A Trend Micro survey shows that businesses are most concerned about losing customer trust in the event of an Internet of Things (IoT) related cyberattack. The global survey of 1,150 IT and security decision makers also revealed that despite this prevailing fear the same respondents said their organizations remain unprepared for such an attack, focusing instead on investing in IoT systems and ignoring the security aspect of this emerging technology.

    The growth in the number of connected devices is also opening businesses to real cyber threats. Unfortunately awareness of the threat 43% of IT and security decision makers that took part in the survey admit that security remains an afterthought when implementing IoT projects (peaking at 46% in Germany).

    In addition, 63% agree that IoT-related cybersecurity threats have increased over the past 12 months (rising to 71% in the UK and the US), only 53% think connected devices are a threat to their own organisation (75% in Japan).

    The results suggest there could be minimal testing taking place ahead of implementation to ensure new devices added to corporate environments are secured.

    The survey also showed businesses are experiencing an average of three attacks on connected devices in the last 12 months.

    Thirty-eight percent of those that have already implemented, or plan to implement, an IoT solution enlist security decision-makers in the implementation process. This falls to one in three for smart factory implementation (32%), with a similar proportion enlisting the help of security teams for the roll out of smart utility (31%) and wearables (30%) projects. This suggests that a significant proportion of businesses globally could be unwittingly opening themselves up to a range of threats.

    “IoT systems are the future for businesses and many new types of connected devices are being introduced to corporate networks,” said Nilesh Jain, Vice President for Southeast Asia and India, Trend Micro. “While this is beneficial for business operations, the embedded operating systems of IoT devices aren’t designed for easy patching, which creates a universal cyber risk problem. The investment in security measures should mirror the investment in system upgrades to best mitigate the risk of a breach that would have a major impact on both the bottom line and customer trust.”

    With breaches having the potential for a significant impact on business operations – such as jeopardising GDPR compliance or taking critical networks offline – the research confirms that cybersecurity cannot be an afterthought and it must be key to the IoT implementation process from the offset.

    Jain warned that if security is not baked into the design of IoT solutions, and SDMs aren’t involved in the IoT implementation process, businesses could face damages far greater than the benefits this connected tech delivers.”

    The post Trend Micro says security is an afterthought in IoT strategies appeared first on FutureIoT.

    ]]>
    IOT security spending to top $6 billion by 2023 https://futureiot.tech/iot-security-spending-to-top-6-billion-by-2023/ Fri, 13 Jul 2018 01:33:32 +0000 https://enterprisenews280918040.wordpress.com/?p=169 Image courtesy of iStockPhoto/EtiAmmos The Juniper Research titled, The Internet of Things for Security Providers: Opportunities, Strategies & Forecasts 2018-2023, forecasts spending on IoT cybersecurity solutions to reach over US$6 billion globally by 2023. It highlighted rapid growth, with spending by product and service providers (in consumer markets) and end-customers (in industrial and public services […]

    The post IOT security spending to top $6 billion by 2023 appeared first on FutureIoT.

    ]]>
    Image courtesy of iStockPhoto/EtiAmmos

    The Juniper Research titled, The Internet of Things for Security Providers: Opportunities, Strategies & Forecasts 2018-2023, forecasts spending on IoT cybersecurity solutions to reach over US$6 billion globally by 2023. It highlighted rapid growth, with spending by product and service providers (in consumer markets) and end-customers (in industrial and public services markets) to rise nearly 300% over the forecast period.

    The researcher claimed that growing business risk and regulatory minimum standards would serve as key spending drivers.

    Differences

    Juniper cited major differences in the way in which IoT business risk is perceived and perceptions on how regulation should be applied. It cited the home as an example of where poor long-term device support and little fear of ramifications in case of a breach would serve to keep spending low.

    “The interconnected nature of the IoT means that even innocuous devices like the connected fridge can become a threat. Vendors see that risk as low, while little has been done from a regulatory perspective to protect consumers”, explained research author Steffen Sorrell.

    As a result, Juniper forecasts that smart home IoT security spending would be less than 17% of the consumer market in 2023.

    In contrast, the research identified glaring security issues in the smart energy market. However, it noted that strict minimum standards, such as those applied by Germany and the EU’s General Data Protection Regulation, would drive spending impetus, with IoT smart energy security spend reaching $1 billion annually in 2023.

    New challenges to come from edge

    The research forecasts that the rise of edge computing services to enable near-real-time IoT applications would present additional security challenges, which in turn will drive industry spend. It cited an increased attack surface as raising business risk. Meanwhile, the need to ensure data reliability would emphasise the need for lifecycle management and device security solutions.

    The post IOT security spending to top $6 billion by 2023 appeared first on FutureIoT.

    ]]>