#

The Hardware Blind Spot: Why IoT Security Fails in the Physical World

The vast amounts of data created and transmitted within our modern Internet of Things are perceived as weightless, as they are transmitted over the air and from server to server within milliseconds.

As such, most conversations about security within the enterprise revolve around software-centric solutions to protect data stored on servers in data centers from cyber threats. 

Powerful firewalls and security solutions are deployed on endpoints that access the network, as well as on servers in data centers and in cloud environments. 

A large portion of the focus is on the virtual world that serves these data centers and the cloud. 

However, in focusing so intently upon these digital physical systems, there exists a massive blind spot – the physical machines that process, transmit, and store this weightless data. Honestly, it is a massive risk. 

I guess it’s just easy to forget about the physical world when everything we do runs in the cloud. 

Security for IoT hardware must be implemented in the physical space where the hardware resides. If physical machines that process, store, and transmit data for a cloud-based network are left unsecured, then the entire cloud network is at risk. 

Why the Internet of Things is Uniquely Vulnerable

All things relating to IoT systems are physically distributed by nature. Most enterprise servers today sit within data centers that have excellent climate control, round-the-clock security guards, video monitoring, and a single entry point requiring a badge to gain access. So what? 

Your cloud-based system is unlikely to be of any value to a bad actor if your physical servers are attacked and all your data extracted. 

However, IoT systems are not as easily secured as their traditional server counterparts because they are widely distributed and can easily be left unsecured in many situations. 

They may reside on factory floors, or even be part of a smart utility meter outside a home or building, on a street corner, within a hospital, or within a warehouse or distribution center of a logistics provider. 

This physical distribution means that, by their very nature, IoT systems are easily compromised by unauthorized personnel and, often, by third parties who provide services within a facility, or by individuals who work in facilities where such devices have been deployed. 

A single device can pose a serious threat to an organization’s security if it is physically accessible to the public or to vendors that service the organization. 

This type of threat vector does not require a complex encryption key to be ‘cracked’ over the network. In most cases, a malicious actor can walk up to the gateway, insert a specialized flash drive into the appropriate port, or pull a memory card from the appropriate slot. 

After that, it takes only a few minutes to transfer all the data from that device. As we over-engineer our software defenses, we leave the front door unlocked and unsecured. 

The Realities of Hardware Tampering

What first comes to mind when someone speaks of a physical security breach is the image of stolen servers in a data center or cut cables in an enterprise network. 

We need to recognize, however, that asset theft poses merely a financial risk. It is generally much less detrimental than the often silent attacks on intellectual property through manipulated firmware or large-scale data mining and the subsequent misuse of the harvested information. 

As a rule, such breaches remain completely unnoticed for a very long time, and even security teams are often unaware that a compromise has occurred, as the affected hardware appears completely in order from the outside. 

Open ports and physical interfaces, such as USB and serial ports, on industrial hardware are another serious concern and should be disabled. Physical protection of industrial hardware is also critical. 

A tamper-resistant enclosure, along with tamper sensing and a corresponding action, such as a cryptographic wipe of the device’s data, can go a long way toward preventing serious damage from physical compromise of industrial hardware. 

These same local storage devices on IoT equipment contain cached data, such as recent telemetry information, current configurations, and even current credentials for accessing systems and other resources. 

In many cases, when an IoT gateway is taken out of service for any reason, it is thrown in the trash like so much other waste generated by equipment replacement, only to be found by some miscreant and used to access sensitive information. 

So what happens to all the legacy systems that have reached the end of life? Don’t assume that just because a legacy system has been replaced, it has gone away and is no longer of concern. 

Bridging the Gap: Physical Protocols for Digital Ecosystems

To begin securing distributed physical hardware, companies must create a physical security strategy that spans three areas of an organization’s operations: 1) the physical device, 2) the physical device’s chain of custody, and 3) the device’s physical lifecycle. 

Physical Hardening of the Device: The physical device must be engineered to harden all unused ports and interfaces (e.g., USB, serial, etc.). 

The device’s physical housing or enclosure must be tamper-resistant, including sensing of physical tampering (e.g., opening the case), which can trigger an alert and/or a remote cryptographic wipe of the device. 

Secure Chain of Custody: Log every transfer of ownership from the manufacturer to the installation at the customer’s site. 

Strict protocols for the transfer of physical architecture must be followed by all persons who service your IoT product.

Responsible Lifecycle Management: Security doesn’t end when a device is no longer operational. In fact, it is here that companies are most at risk of physical security breaches involving sensitive data. 

The physical remnants of data on outdated hardware must be treated with the same rigor as active data in cloud environments. 

Such devices must be physically destroyed to ensure that any residual data is permanently unrecoverable. 

Organizations should seek the expertise of physical data destruction specialists, such as those at Corodata, to ensure that outdated hardware is properly and securely shredded. 

Organizations must treat physical data remnants with the same respect as they would accord active cloud data. 

Be sure to destroy all storage media, server and computer hardware, and obsolete configuration modules through a qualified physical data destruction service such as https://corodata.com/.

The destruction of outdated hardware is the final step in a long lifecycle of protection of a company’s most valuable asset – its data. 

A Holistic Framework for IoT Resiliency

To develop a comprehensive operational security program, physical security must be integrated with, or incorporated into, the security program for distributed hardware systems, forming a continuous loop of physical and digital components and procedures that together comprise the complete security program for the corresponding portion of the distributed system. 

Thus, as previously noted, security for the cloud network is not merely about defending the screen of the cloud network — rather, the physical gateway that feeds the corresponding cloud network must also be hardened, secured, and protected. 

Thus, hardening of the corresponding portion of the distributed hardware system and physical security for that corresponding portion of the distributed hardware system and the corresponding cloud network in totality is a continuous process, i.e., as previously noted, a never-ending process of ensuring security for all of the corresponding components and corresponding hardware and software of the distributed system.

But change has to start at the organizational level. 

A further step required of organizations is regular physical security audits of all such deployed assets as part of the overall security vulnerability assessment of software and physical systems. 

In addition, onsite staff of such organizations should also be able to identify physical security anomalies such as wires that appear to have been recently added, are open or tampered, missing physical device seals, as well as any recently added hardware devices such as additional network switches, that appear to be out of place on the network or in the general work area, and report them to their management as well as the organization’s security department. 

As IoT continues to proliferate and reach the scale of billions of endpoints across the globe, securing the data flowing through these endpoints will be a challenge unlike anything seen before. 

Securing the network these endpoints connect to will require securing the machinery that runs it.

The post The Hardware Blind Spot: Why IoT Security Fails in the Physical World appeared first on IoT Business News.

Generated by Feedzy