Corporate IoT Implementation Struggling, Survey Finds
6.12.2017 securityweek IoT   
Security is the Primary Concern for Firms Implementing an IoT Strategy, IT Pros Say

Remaining competitive is the primary motivation for implementing a corporate 'internet of things' (IoT) strategy; but 90% of those doing so admit the implementation is struggling. Security is the primary concern, holding back 59% of organizations with a current IoT project.

Security is followed by the cost of implementation (46%); competing priorities (37%); an intimidatingly complex IT infrastructure (35%); and funding (32%). The figures come from a survey (PDF) published this week by Vanson Bourne, commissioned by the Wi-SUN Alliance, which questioned 350 IT decision makers from firms in the U.S., UK, Sweden and Denmark that are already investing in at least one IoT project.

The purpose of the survey was to help Wi-SUN better understand how it is perceived in the IoT marketplace, and to help plan future operations. Wi-SUN is a non-profit alliance of around 170 major firms throughout the world with a mission to drive interoperable IoT communications based on open global standards in industrial IoT, with particular concern for utilities and smart cities.

Security Concerns Slow Use of IoT in the EnterpriseKey findings from the survey show that the U.S. (65% of respondents) is ahead of the other three countries surveyed with fully implemented IoT strategies. It is 47% in the UK, 44%in Sweden, and 24% in Denmark. The U.S. also leads in prioritizing IoT enablement: U.S. (73%), UK (64%), Sweden (62%) and Denmark (58%).

One clear outcome from the survey is the emphasis on security as the most important characteristic when considering an IoT implementation for both smart cities (84%) and utilities (85%). Second only to security is the preference for industry open standards: again 84% for smart cities, and 81% for utilities.

These two features fit well with the Wi-SUN network design specification. "Wi-SUN is about the communications layer," Phil Beecher, chair of the Wi-SUN Alliance, told SecurityWeek. "We're providing what could be seen as a large scale outdoor IoT wireless mesh that looks like an internet. It has all the resilience and reliability of a decentralized communication network. It doesn't specify any of the applications that run on top of that, so any application that runs over UDP or TCP can be run over Wi-SUN."

That, of course, is only part of a large-scale IoT network. "In a smart city," he continued, "we would provide wireless communication between street lights, or from street lights to traffic signals. But at strategic points there would be a connection to a high speed, probably fiber, connection to transport data to the network's back office." It's not a wifi network because the wifi range is too limiting. Instead Wi-SUN uses stronger radio communications able to cover up to several kilometers.

The security comes in two areas: certificate-based device authentication, and the mesh and wireless topology of the network itself.

"One of our strengths," continued Beecher, "is that we offer bi-directional communications at a fairly high data rate -- so we can do over-the-air upgrades to apply security patches. No device can connect to the network without being 'vetted'. This is based on the use of certificates. Every device has its own certificate burned in during production, and every device needs to have that certificate verified before it can join the network. Once it is verified and on the network, it is possible to download new code into that device."

The process cannot, of course, be retrofitted to old devices that can't be patched. Security here must be applied through traditional network gateways and routers; but in reality organizations with such devices should be considering renewing them with more modern devices -- and taking advantage of security updates and certificate-based security.

"This certificate authentication," said Beecher, "makes it very difficult for a remote attacker to hack any of the devices or a local attacker to tamper with the device. The mesh topology of the network also makes it difficult to deliver an effective DoS attack, whether by jamming or data overload, against the network."

Jamming is difficult because the network uses the military technique of frequency hopping. "You would need a high-power wide-band jammer," he explained. "This is difficult to achieve; although it is possible at, say, military levels. Otherwise Wi-SUN is largely immune to local jamming."