Still in a random fashion, the number of measures to improve the security of connected objects and systems is increasing. The first contests, labels, CERTtm and measures are leading the way.
“A webcam or a DVD player can now be a part of a zombie cyber-army’s arsenal which exploits the Internet of Things,” say Digital Security in their 2016 report on IoT attacks. Attacks have become more diverse and more frequent, targeting critical sites such as nuclear power plants, industrial structures such as dams, and there will most likely be more attacks in 2017. These cyber-threats can come from seemingly harmless everyday objects. It seems obvious that “industrials, regulators and companies must quickly address this issue”. This issue is becoming more concrete through a few initiatives, which are not coordinated yet.
The IoT Home Inspector Challenge in the USA
The kick-off of the event, initiated by the USA’s Federal Trade Commission (FTC), was widely covered by the media. The telecom regulating organisation has created a contest for developers, to provide customers with protection solutions for smart home objects, and devices such as computers and smartphones.
Application, Cloud service, physical devices: the solutions on offer/offered can be of these three types and will have to prevent security breaches due to outdated software. The contest runs until 22 May and the winner will be awarded $25,000, while the three runners-up will get $3,000. The results will be published by the end of June.
The FTC has also filed a complaint against D-Link, a manufacturer of IP cameras and routers. The organisation criticises the company for not taking necessary action against the vulnerability of its devices. One of these breaches led to the Mirai botnet, which infected more than a million connected systems and blocked the OVH host among others in autumn 2016.
IOT.BZH deals with connected cars, Gwagenn deals with communications
Securing on-board connected systems is what gets things moving in western France. Innovation for smart cars and more widely for cyber-defence and cyber-security mainly comes from Brittany, where the sector is developing. In December 2016 in Vannes, candidates of the Cyber West Challenge had to work on both “technical and non-technical measures” for the cyber-protection of people and devices.
The first winner of the contest is IOT.BZH. This start-up which was created in 2015 has since shown impressive growth thanks to its speciality: securing connected vehicles. In barely two years, IOT.BZH has entered the big league of the European, American and Japanese car industry, which includes manufacturers of both cars and parts. IOT.BZH’s expertise and ambitions also target sectors such as telecoms, healthcare, agriculture and defence.
Gwagenn, another candidate of the Cyber West Challenge is a member of FrenchTech Rennes Saint-Malo. It specialises in applying electromagnetism to the protection of wireless communication systems in the defence, telecoms and naval sectors. Gwagenn is a very young structure that was also created in 2015.
Digital Security’s ‘IoT Qualified Security’ label
92% of players in the IoT sector are asking for security standards to cover privacy, integrity and availability of connected systems, according to the European Commission’s public consultation.
To design IoT security from the outset, the ‘IoT Qualified Security’ label by Digital Security, a subsidiary of Econocom Group, will allow future acquirers, companies or private individuals, to identify a connected solution’s security level according to a reliable, neutral, independent indicator.
This labelling system is expected during the first quarter of 2017 and deals with “the reliable, objective identification of the security level of connected solutions,” through a monitoring plan based on the evaluation platform of the CET-UBIK, the first CERTtm that specialises in IoT security. This programme also aims at teaching good practices for cyber-security, in terms of a Security by Design approach.
Sources: FTC.gov, Cyber West Challenge