Bengaluru-headquartered Subex, a telecom analytics solutions provider founded in 1992, works with 3/4th of the fifty largest communication service providers globally. Traditionally into revenue assurance and fraud management, the company has recently moved into the Internet of Things ( IoT) security.
IoT devices seem to be the latest target of cybercriminals, according to Kiran Zachariah, head of IoT security at Subex. He added that IoT is proving to be an ally in helping economies turn green, and how secure IoT platforms can benefit the environment as it moves towards being more common in many verticals.
In an interview with TechCircle, Zachariah connects the dots on how securing IoT devices play a crucial role in combating climate change. Edited excerpts:
With IoT connecting devices and instruments, are such sensors and devices soft targets for attacks? What makes them vulnerable?
Traditional IT devices like laptops, desktops and mobile phones have some kind of anti-virus, anti-malware and a bunch of solutions that help to protect the devices from malware.
Earlier, sensors used to be connected to app networks called airgap networks. There weren’t many threats arising as they were not connected to an external network through the Internet.
Today, what IoT has done is to take these sensors and connect them in real-time to the Internet. Now, they are exposed to attacks that they were not fundamentally built to tackle. The sensors do not have the compute power or storage to host any anti-virus software. That is why they become easy targets for hackers. The majority of IT security strategies are based on data breaches and all our policies and frameworks are based on it.
If you have a hedge back system, it’s controlling the atmosphere around it through the sensors. But if the sensors are tampered with, it could have a negative impact on the temperature. Similarly, for connected cars, it is a possibility that the car’s system can be hacked and the person can be driven into a ditch. Hence, from an environmental and from a security perspective, IoT devices are at a higher risk than ever before.
How different should the strategy be for an enterprise when it looks to secure its IoT devices as against securing the traditional IT devices?
In terms of the diversity of IoT devices, today we have $10 devices all the way up to $5,000 devices, and all of these have to be secured on the network. However, the IoT devices cannot have point-based solutions.
If we look at the IT world, diversity in architecture is relatively lower. I have an Intel or an ARM-based semiconductor architecture, on top of which we have Linux or Windows-based applications. When we come to IoT, the chipsets, the OS and the protocols of the networks are diverse. A lot of the security today is driven on the network.
The IoT should be able to protect themselves from identity and authentication methods but that too has been neglected as many malware attacks rely on hacking default passwords that haven’t been changed in time. Identity authentication is very important in terms of securing IoT devices through the internet.
So what are the pain points in addressing these issues?
Unfortunately, a lot of these technologies are rooted in systems that are designed in purpose-built architectures that do not typically include security. They need external protection.
We are trying to secure the sensors and devices used in multiple verticals. Imagine having sensors in a data centre that are hacked and has been compromised with malware. The ability to send accurate data has been hindered.
At the policy level, if there is a continuous flow of wrong data, the insights and the decision-making based on the data can also be affected negatively, leading to huge losses.
An example is how a cryptocurrency malware infected one of our command-in-control deployed in the Smart Cities Mission of the central government. Not only did it corrupt data but started utilising the resources for mining data for cryptocurrency. They also forced the servers to use more energy and utilise more data cycles.
The end result is that any infection will have an impact on power consumption and long-term impacts of more capital expenditure and inefficient systems.
What is your approach to resolving IoT security?
When we looked at the market, there were virtually no solutions that focused on securing the IoT devices. Today, we work on smart grids in smart buildings and connected cars. Our focus on IoT is on securing the IoT ecosystems. The single biggest barrier to the adoption of IoT today is the lack of a security framework and an inability to secure the end devices.
What we do is we have strategies and a system that is monitoring the end device for attacks, deviations and anomalies, and reporting the same and taking appropriate actions. Today, IoT is so close to the physical plane that we can no longer call it data loss but is more of a control breach. We are trying to secure the IoT ecosystems against such attacks.
Which are the security paradigms you are deploying for your IoT offerings?
We work with a lot of edge computing and fog computing companies that provide our solutions as part of their IoT security offerings. We are also running some of the world’s largest honeypots (traps that IT security companies set to detect, deflect or counteract hacking attempts).
We study the latest emerging threats in the ecosystem through our honeypots and that gives us intelligence about new threats. We are seeing roughly 120-150 new malware that are breaching IoT devices on a daily basis. The ability to detect and mitigate malware is what we provide to our customers.
What are the lesser-known impacts of IoT security you have seen?
We are not working directly on climate change but we try to secure the solutions that work on climate change. We realised that the increase in usage of IoT devices opened the possibility for a whole new wave of attacks into the network.
We are looking at a lot of energy savings solutions like connected light bulbs and a host of other devices. When all of these are put together and are made to work efficiently, we think they will have a substantial impact on the climate change problem.
Essentially, apart from improving the end-user experience, we are also looking at making companies use less energy and utilise fewer resources. The positive economic impact directly translates to a positive change for the climate.
How crucial will IoT and its security be in the near future?
In my opinion, we are just beginning to scratch the surface of what IoT can provide. Although there are many challenges, I believe they can be circumvented with edge and fog based computing. With an edge node or a fog node, we can control and monitor the traffic that is leaving the premises of the IoT device.