Reply Assignments
The student must then post a reply of at least 250 words by 11:59 p.m. (ET) on Sunday of the assigned Module: Week. For each thread. Each reply must incorporate at least 2 scholarly citations in APA
Please see Students discussion below and reply to it:
BMIS 665 Information Operations and Security
Discussion Thread: Current Research of Information Security Topic
4:57pmOct 28 at 4:57pm
Introduction
In recent years, a significant increase of Internet-of-Things (IoT) devices have been placed onto the market from various vendors, countries, services, etc. Due to the capabilities, and sometimes convenience factors, IoT devices create; consumers are quick to purchase these devices before doing their due diligence from a security stand point. IoT devices can be considered any item that sends or receives data automatically utilizing the internet (CISA, 2017). These devices create a serious security risk to organizations and home networks if not managed correctly. It is my goal in this post to increase awareness of IoT associated security risks as well as to provide recommendations for simple mitigation measures on securing IoT devices within your organizations, and home networks, aimed to reduce vulnerabilities to your assets!
Results
A recent study concluded that by 2030, there will be an expected 82 billion IoT devices being utilized in the world (Anand et. al., 2020). This significant increase in IoT devices creates a massive increase of an attack surface for cybersecurity professionals to effectively manage with the currently known risk of devices, and newly created ones. Additionally, it was recently reported that 70 percent of smart devices are vulnerable to several different cyber attacks (Makhdoom et. al, 2019). With this percentage being reflected solely in the IoT space; 57.4 billion IoT devices are vulnerable to an attack. IoT devices are utilized across many things on an enterprise level such as industrial control systems (ICS), as well as other facility related items that serve customers in critical fields such as: nuclear power, health care, oil/gas facilities, automotive, and utilities (water and electricity), to name a few. IoT devices are created at such rapid pace they tend to have low complexity (lack of ability to add encryption), limited onboard power (lack of ability to process security algorithms), and are continuously operation in an always on/always connected manner (Hassan et al., 2017). All of this said, IoT devices are not manufactured with a “baked-in” security approach. It is up to the security professionals to do their due diligence when procuring these devices and connecting them to their networks.
Discussion
Security recommendations, and mitigation measures can be implemented to reduce the overall attack surface IoT devices create in an internetworking environment, wired or wireless. The National Institute for Standards and Technology (NIST) created a specific framework associated with IoT devices, NISTIR 8228 – Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks. This framework was created due to the large number of IoT devices being integrated into organizations networks to provide more understanding, and management abilities, for cybersecurity and privacy risks associated with IoT devices in an organization’s enterprise networking environment (Boeckl et. al., 2019). For home IoT device users, mitigation measures to reduce inherit risk to your networks when integrating IoT can be the following (Anand et. al., 2020; Boeckl et. al., 2019; CISA, 2019; Hassan et. al., 2017).
· Change default usernames/passwords – Default usernames and passwords for devices are publicly available information if posted online. Creating a unique and complex username/password allows for authorized users to provide identification and authorization to the device before being authorized.
· Keep software up to date – Vendors release patching for devices when critical services need updated, as well as security vulnerabilities have been exploited, requiring patching. Enabling automatic updates to your IoT devices ensure your devices are up to date, minimize the risk to your network.
· Network segmentation – Connecting IoT devices to a guest segment on your local area network (LAN) or wireless LAN (WLAN) reduces the risk to your primary network in the event of a successful breach. Isolating IoT devices to other networks also creates a more manageable environment when devices on the network increase exponentially.
· Enable additional authentication settings – If devices support multi-factor authentication (MFA), or commonly referred to as two-factor authentication (2FA), enable this security setting. MFA requires the identifying user to provide an additional measure of authentication to supplement the primary method. This ensures only the authorized users, with the appropriate credentials, access the device.
· Conduct vendor research – Do your due diligence in researching your prospective IoT products. If recent security incidents have happened to that product, or company, it is not a wise decision to implement these devices onto your network. These devices with a reputation such as the one mentioned above create a vulnerability before the device is taken out of the box.
Overall, IoT devices provide amazing services! Understanding the risk that IoT devices present promotes the awareness needed to make sound decisions when choosing to purchase, and implement, IoT devices within your organizations as well as within your home.
References
Anand, P., Singh, Y., Selwal, A., Singh, P. K., Felseghi, R. A., & Raboaca, M. S. (2020). IoVT: Internet of vulnerable things? Threat Architecture, Attack Surfaces, and Vulnerabilities in Internet of Things and Its Applications towards Smart Grids. Energies (Basel), 13(18), 4813. https://doi.org/10.3390/en13184813
Boeckl, K., Fagan, M., & Fisher, W., Lefkovitz, N., Megas, K. N., Nadeau, E., O’Rourke, D. G., Piccaretta, B., & Scarfone, K. (2019, June). Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks. (NISTIR 8228). NIST.
CISA. (2019, Nov 14). Securing the Internet of Things | CISA. US-CERT. https://us-cert.cisa.gov/ncas/tips/ST17-001
Hassan, Q. F., Khan, A. u. R., & Madani, S. A. (2017;). Internet of things: Challenges, advances, and applications (1st ed.). Taylor & Francis, CRC Press. https://doi.org/10.1201/9781315155005
Makhdoom, I., Abolhasan, M., Lipman, J., Liu, R. P., & Ni, W. (2019). Anatomy of threats to the internet of things. IEEE Communications Surveys and Tutorials, 21(2), 1636-1675. https://doi.org/10.1109/COMST.2018.2874978