According to the FBI there are thirteen common corporate Intellectual Property espionage tactics. They include everything from computer hacking to front companies, surveillance to on-site visits. While the list is robust, it seems lacking in today’s IoT-rich environment. Hacking a company smartphone or a stolen laptop is well understood but what is the implication for the network that device is connected to?
Credit card readers - as seen in the cases of Target and Home Depot - are one such portal. WiFi routers and repeaters are also well known doorways. But what about wireless printers or personal devices connected to employee smartphones, such as smartwatches or wireless headsets? Do these devices offer openings for hackers? Given that they operate using Bluetooth technology that has limited range and data rate capability, probably not. But what about wireless thermostats, environmental sensor networks, or security systems? Are these gateways to the larger network and potential targets of attack?
DIY home and commercial wireless surveillance systems can be PC compatible to send email alert and alarm messages, opening local networks to potential intrusion
To meet current FDA regulations, pharmacies, grocery stores and warehouses are adopting wireless technology to monitor their temperature- and humidity-sensitive product storage areas. These can include refrigerators, freezers, and air conditioned spaces. And while not required, IT professionals monitoring servers, data centers, and hospitals face similar challenges. Site networks may be compromised by these connections particularly since WiFi router software upgrades can be slow or not installed in a timely manner. Where there can be numerous points to monitor, as seen in individual refrigerators in retail stores or hospital drug storage areas, wireless sensors connected to gateways offer scores of opportunities for hackers.
Choosing devices designed and built with secure communication is paramount to minimize or eliminate such threats. One combination that has been shown to be successful in meeting IoT security requirements is a combination of wireless communication via networks based upon low power IEEE 802.15.4 type sensors and cellular network communication. Wireless sensors can communicate successfully to a gateway directly or via mesh or star networks at distances up to 100 meters with low power usage. Data from sensors is transmitted via 128 bit AES (Advanced Encryption Standard) encryption developed by NIST to cellular gateways connected to major carrier networks, which breaks the connection between the enterprise network and the sensor network.
Three encryption options help provide a visual understanding of the difficulty of breaking AES encryption, which as of 2013 has not been accomplished in over 10 years of use
This combination - 128 bit encrypted IEEE 802.15.4 type sensors combined with secure, encrypted cellular communication via major carriers - offers a level of protection from intrusion not readily available from other schemes. There are no direct connections between the sensor network and the enterprise network. IT managers reviewing this plan have deployed these sensor networks for mission-critical monitoring nationwide to help meet regulatory requirements, and ensure their customers are safe from compromised products with no concerns their enterprise networks are open to a new hacker portal.
For businesses of all sizes, decoupling essential IoT devices from the enterprise network makes sense. Whether cellular, IEEE 802.15.4, or similar technologies are employed, IT professionals are assured secure operation to meet an ever-demanding challenge.
Want to read more about creating secure, independent networks? Read our first piece in this series: Using Independent Networks to Ensure Enterprise IoT Security.