Getting smart with IoT and security: Takeaways from the X-change of 21/02/2018


Would you build your house with a strong front door, then leave the back window open? Probably not. Yet introducing IoT into your buildings, devices and networks can have exactly that effect. Regardless of the firewalls, scanners and more that you implement, connected devices – wherever they may be – can create unplanned and unsecured gates and entrances.


In this X-change, we started by learning about the reality of ‘smart’ buildings: what are the questions to ask yourself and how do you evaluate the possibilities? Then we dove into the security aspects.  Our experts revealed how to prepare for the biggest IoT security challenges, discussed standards and policies, and shared how to handle the massive amounts of data created by IoT. Finally, they took us through the cyber security pillars needed to provide the necessary support for services.


Presentations from the event are available, exclusively for Beltug members (after login):

As an 'extra', take a look at Enisa's online report Baseline Security Recommendations for IoT, which one of the attendees brought to our attention.


Koen Matthijs, CEO at Cobundu, started with the challenges he sees in managing a smart building:

  • Volatility: it is extremely hard to predict your building needs (including how many square metres you need).
  • Service evolution: today, people expect service at their fingertips, which makes it harder to predict what users want.
  • Flexibility: employees work in a flexible environment and rhythm, further complicating the building specifications – as well as the services that come with a building: catering, cleaning, etc.

Predicting trends in performance, in the usage of a building, etc., can be helpful in tackling these challenges.


Over the last decade, people have increasingly experienced the value of IoT solutions for monitoring the usage of a building. Sensors can pick up the presence of employees, correlations with temperature can be done, etc.  Cobundu and MCS Solutions have discovered, though, that it is not only about monitoring, but also about giving value back to the users. The users – not just the facilities manager – need to see access and benefits  (e.g. 'where can I have my desk today?').


When talking about the connected building and when planning for an IoT project, Koen emphasised: start from the business case/the scenario, not just 'having a sensor'.  And, ideally, those sensors need to be multi-purpose.


After explaining the theory, Koen gave us a look at the new Axa building in Brussels.  While this 'new way of working' project involved cost reduction, more importantly it was a project about optimising service in the building and increasing user satisfaction.


Next, we dove into securing these smart solutions, as Guido Franck, Technology Manager at Nextel, took the floor.  IoT comes with many opportunities, he began: for monitoring our health, for smart city solutions, for measuring/optimising energy consumption, for improving agricultural information, and so much more.


But there are a few must-haves when planning an IoT solution - including security.  70% of all IoT devices are vulnerable. (See slide 17) 

  • At the device level:  anything that can be exploited on the internet, WILL be exploited.  Devices can be hijacked, piggybacked, cracked.  So, it is important to fully understand how your device works and to test it.
  • Also at the gateway level, the challenges are numerous and it is important to test the access points and connections.  A major tip: eliminate weak passwords!
  • And finally, in the applications themselves, there are challenges: cloud security levels, insecure apps, privacy concerns.

Guido shared a list of tips when facing these challenges (see slide 22).


Next up, Lore Mattelaer, Security Business Development Manager, and Bart Van den Branden, Business Development Manager IoT at Telenet, confirmed that a lot can go wrong in IoT!  So the question is not: "is IoT secure", but instead "what are the (internal and external) risks" and "how can we make IoT secure?".


Externally,  IoT makes DDoS attacks easier to carry out, to give one example.  Internally, software updates, authentication and access controls are all some of the places risks pop up.  (See slides 18-20).


In the second part of their talk, Lore and Bart moved from the risks to the solutions.  They see network segmentation as a key point in avoiding incidents. (slides 30-31).


Their main conclusions:

  • Know what kind of device you have
  • Encrypt your data and keep privacy in mind
  • Think about DDoS and about segmentation
  • Keep OWASP in mind during the development of your solutions
  • Create a safe IoT platform that takes care of your security.


Finally, Bart Verhaert, Director Security Technology at Securitas, explained that, to him, the term 'IoT' can be used when the device becomes the user (and is no longer operated manually).


He pointed out a few challenges in setting up and managing IoT solutions: privacy and metadata, the war for talent, security commodity.  TCP/IP is everywhere, so this last challenge will only become bigger if not tackled properly.  Moreover, especially for older devices, it is quite easy to hack devices. (See slides 17 + 18).


















Dear visitor,

Access to more information about this topic and/or to download the paper is easy and fast, but exclusively for Beltug members (just login to get access).

Beltug gathers a lot of information. Here you find the advantages of Beltug membership

The Beltug Team

Click here to login

>>> Back to overview