From the course: Cybersecurity Foundations
Securing things on the internet
- [Instructor] The Internet of Things is a term which means everything that's connected to the internet that isn't a standard laptop, workstation or server. One dictionary definition of the Internet of Things is the interconnection via the internet of computing devices embedded in everyday objects, enabling them to send and receive data. Wikipedia goes a little deeper and defines the Internet of Things as a system of interrelated computing devices, mechanical and digital machines, objects, animals, or people that are provided with unique identifiers and the ability to transfer data over a network without requiring human to human or human to computer interaction. An obvious characteristic of the Internet of Things is that it's connected to the internet. It may only send data, it may only receive data, or it may do both. An important class of internet things are the low power things, those objects which have an embedded battery and no external power supply. These are often required to have a life of 10 years or longer, and so require very low power operation. One of the first organizations to provide guidance on security for the Internet of Things was the IoT Alliance Australia, a part of the Australian Communications Alliance. Its initial Internet of Things Security Guideline was published in February, 2017, and provides an introduction to IoT technology and the key IoT industry sectors. It covers legal, privacy, security, resilience, and survivability issues, as well as IoT device development considerations. There is no definitive set of security controls for IoT, although organizations such as OWASP and GSMA have provided some guidance. The IoT Security Foundation has published a comprehensive set of 142 controls in their security guideline which are grouped into 13 areas of compliance. Take a moment to think about the challenges in providing guidance for IoT. A small sensor may have little memory and a very low power processor but an industrial SCADA device may be as powerful as a modern PC. Think about an IoT soil moisture sensor which is deployed out in the field and has to run in its own internal battery for no less than 10 years. Jot down two reasons why you wouldn't want it to have to run antivirus software. (upbeat music) An interesting additional attribute that the IoT Security Foundation has tagged to each control is its compliance class, which can be one of five values relating to the data generated or the level of control provided by the device. The control is then relevant to the IoT device if it's compliance class is equal or higher to the control tag. Class 0 means that the compromise is likely to result in little discernible impact on an individual or organization. Class 1 means that the compromise would likely have limited impact on an individual or organization. Class 2 devices are those designed to resist attacks on availability that would have a significant impact on individuals or an organization. Class 3 devices additionally are designed to protect sensitive data and Class 4 devices are those which have the potential to affect critical infrastructure or cause personal injury. We're likely to see much more attention being given to IoT security controls as we see deployments into key sectors such as intelligent transport and smart cities.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.