IAM Challenges in the Modern IoT Landscape

With the number of connected devices projected to exceed 20 billion by 2020, there’s a growing need for secure identities and strategic identity management. Users now interact with internet of things (IoT) devices in every area of life, and each point of connectivity presents another challenge for cybersecurity professionals. To implement appropriate security measures, it’s necessary to examine the various aspects of the current digital landscape.

Smart Home Security Challenges

The number of smart homes in North America will grow to 73 million by 2021, suggesting a continuing shift toward reliance on digital technology and automation for daily task management. A smarter home, however, doesn’t automatically mean smarter security. Millions of devices collect data every day, including information about personal habits and routines, which could give hackers all they need to appropriate users’ identities.

Each device in a home is a possible entry point for an attack, yet many devices fail to offer appropriate security. The innocuous nature of small devices, such as wireless doorbells and garage door openers, makes them prime targets for enterprising cybercriminals, and devices controlled via apps and computer interfaces are similarly vulnerable. In 2017, the average IoT device was attacked once every two minutes during times of peak activity, suggesting hackers are taking active approach to infiltrate smart homes and obtain login credentials and personal information.

Securing Smart Buildings

Smart technologies are bridging the gaps between critical systems in public buildings. Managed separately in the past, services like HVAC, power and physical access control can now be handled through a single building automation system (BAS). As of early 2019, 35,000 such systems were already connected to public internet around the world, giving rise to new security concerns.

Although a BAS can provide numerous benefits for building managers, the data collected by these systems can also be leveraged to launch attacks. Tools like Shodan, dubbed “Google for the internet of things,” can point hackers to vulnerabilities in smart building systems, allowing for the introduction of malware or the complete takeover of essential functions. Hackers with access to smart buildings have the power to cut off utilities or hold the entire system for ransom. Because institutions like health care facilities may rely on smart systems to manage infrastructure, such a takeover could be devastating.

Cybersecurity in Smart Cities

The concept of a smart city is no longer as futuristic as it once seemed. Many people already spend their days surrounded by sensors and IoT devices in public places, and an estimated 70% of the global population will live in connected cities by 2050.

Smart homes and buildings are just part of the equation. Smart traffic lights, street lights, gunshot sensors and even waste management devices are in use around the world, and many of the cars traveling city streets also contain connected sensors or devices. While this growing web of connectivity has great potential to improve safety and efficiency, it also introduces an extensive new threat landscape. The potential for compromise exists in all smart city devices and systems, which could allow hackers to cripple essential emergency services or shut down entire city sectors.

To further complicate security, smart city devices have much longer life cycles than other smart devices and require ongoing management to ensure they remain up to date. An attack on a single vulnerable device could lead to the compromise of the entire system and put the city’s population at risk.

Where Does Identity Management Come In?

Every interaction within a smart home, building or city environment requires authentication to confirm the identity of the person or device initiating the request. The security of such systems is tied to these digital identities, which means identity and access management (IAM) must be an integral part of all devices and networks to minimize the risk of attack. Stolen credentials can not only compromise the devices or systems to which they allow access but also allow hackers to obtain data from apparently unrelated areas of the network.

Moving toward unified digital identities will support seamless interactions with smart home, building and city devices by allowing users to digitize important identity information, such as driver’s licenses and bank account numbers. However, until such unification is achieved, multiple forms of authentication are required for secure network access, particularly remote requests. Producers and providers of smart devices and services will need to shift focus to developing stronger, more reliable security measures to support the growing reliance on IoT in all areas of society.

CIMP grandfathering is available to qualified technical identity management professionals – Learn More

As IoT adoption continues to increase, cybersecurity professionals must prepare to meet the challenge of protecting wide networks of devices and the data they collect. Threat awareness and prevention are critical focus areas, and digital identity holds the key to managing the numerous interactions necessary for the success of these complex systems.