Recap CSB #44: IoT, the Internet of Threats

Thorsten Ries, Head of SOC & CSIRT at POST CyberForce gave a Keynote on IoT Security.

  • 25 Mar, 2021

While the term Internet of Things (IoT) was first mentioned by Kevin Ashton in 1999, IoT devices worldwide are estimated to reach around 30 billion in 2021.

When it comes to the question of IoT security, Thorsten Ries asks it the other way around:

Nowadays, does the security of our devices really matters?

After 20 years of existence and taking into account that IoT devices are integrated very closely to our daily lives, “one would assume a certain maturity in terms of security level”, Thorsten Ries says. “However, IoT devices are required to be rather small and cheap, which limits the security capabilities (that always come at a cost)”, he continues.

Industrial IoT devices have a relatively long lifespan and lots of devices end up forgotten in a corner. However, they keep sending data. There, Thorsten Ries asks the 3 following questions:

  • When and if these devices receive any firmware updates?
  • What about password management?
  • Can we trust technology?

Bridging physical world to the digital world: the use of IoT devices is only expected to grow

The use of IoT is only expected to grow in the coming years. “5G will be a big driver for this evolution as it makes it easy to connect plenty of devices. The combination of both the performance and the added level of security makes 5G interesting for IoT service providers”, Thorsten Ries explains.

In his keynote, Thorsten Ries calls for a holistic approach to security monitoring and response

  • How can one prevent from manipulation of IoT? According to Thorsten Ries, this question offers a “chance to rethink our general way of looking at security and have a holistic view at it”.
  • Detection and response How can we response to thousands of affected assets? Make sure that thousands of services are patched quickly? Thorsten Ries explains how automation becomes essential.
  • IoT security awareness is required Awareness is required for providers and consumers of IoT solutions. “Even though it is not something new, it is the most important aspect. It is clear that we still need to put quite some efforts there to promote best practices”, he adds. “Given the evolution and scope of IoT, it’s a big challenge. It belongs to security experts to spread this message.”
  • Importance of regulations Which role can regulations play to support or improve security of IoT? Since top IoT applications are all relevant for critical infrastructures.

There is not much new on IoT security, there are very nice innovations that are rather evolutions of existing security approaches and activities. What we need is a holistic approach to IoT security as it is for security in general.

The Keynote was followed by a very engaging discussion addressing technical aspects of IoT security, with the participation of:

  • Shenglan Hu, Information Security Office, POST CyberForce
  • Lucas Fernandez, Head of Innovation, Champ Cargosystems S.A.
  • Arnaud Lambert, Director, Luxembourg Digital Innovation Hub (DIH), Luxinnovation
  • Dr.-Ing. Christian Zenger, CEO, PHYSEC GmbH (D)
  • Moderation: Pascal Steichen, CEO, SECURITYMADEIN.LU

In this Round-Table, the panellists discuss various topics related to IoT security such as:

  • Risk management approach
  • Opportunities brought by IoT to the various players
  • 5G opportunities
  • IoT in the aviation industry

The panel concludes with recommendations for managers in terms of IoT security from the panellists and their different areas of expertise.

Watch the Cybersecurity Breakfast #44: