Would you build your house with a strong front door, then leave the back window open? Probably not. Yet introducing IoT into your buildings, devices and networks can have exactly that effect. Regardless of the firewalls, scanners and more that you implement, connected devices – wherever they may be – can create unplanned and unsecured gates and entrances.
In this X-change, we started by learning about the reality of ‘smart’ buildings: what are the questions to ask yourself and how do you evaluate the possibilities? Then we dove into the security aspects. Our experts revealed how to prepare for the biggest IoT security challenges, discussed standards and policies, and shared how to handle the massive amounts of data created by IoT. Finally, they took us through the cyber security pillars needed to provide the necessary support for services.
Presentations from the event are available, exclusively for Beltug members (after login):
As an 'extra', take a look at Enisa's online report Baseline Security Recommendations for IoT, which one of the attendees brought to our attention.
Koen Matthijs, CEO at Cobundu, started with the challenges he sees in managing a smart building:
Predicting trends in performance, in the usage of a building, etc., can be helpful in tackling these challenges.
Over the last decade, people have increasingly experienced the value of IoT solutions for monitoring the usage of a building. Sensors can pick up the presence of employees, correlations with temperature can be done, etc. Cobundu and MCS Solutions have discovered, though, that it is not only about monitoring, but also about giving value back to the users. The users – not just the facilities manager – need to see access and benefits (e.g. 'where can I have my desk today?').
When talking about the connected building and when planning for an IoT project, Koen emphasised: start from the business case/the scenario, not just 'having a sensor'. And, ideally, those sensors need to be multi-purpose.
After explaining the theory, Koen gave us a look at the new Axa building in Brussels. While this 'new way of working' project involved cost reduction, more importantly it was a project about optimising service in the building and increasing user satisfaction.
Next, we dove into securing these smart solutions, as Guido Franck, Technology Manager at Nextel, took the floor. IoT comes with many opportunities, he began: for monitoring our health, for smart city solutions, for measuring/optimising energy consumption, for improving agricultural information, and so much more.
But there are a few must-haves when planning an IoT solution - including security. 70% of all IoT devices are vulnerable. (See slide 17)
Guido shared a list of tips when facing these challenges (see slide 22).
Next up, Lore Mattelaer, Security Business Development Manager, and Bart Van den Branden, Business Development Manager IoT at Telenet, confirmed that a lot can go wrong in IoT! So the question is not: "is IoT secure", but instead "what are the (internal and external) risks" and "how can we make IoT secure?".
Externally, IoT makes DDoS attacks easier to carry out, to give one example. Internally, software updates, authentication and access controls are all some of the places risks pop up. (See slides 18-20).
In the second part of their talk, Lore and Bart moved from the risks to the solutions. They see network segmentation as a key point in avoiding incidents. (slides 30-31).
Their main conclusions:
Finally, Bart Verhaert, Director Security Technology at Securitas, explained that, to him, the term 'IoT' can be used when the device becomes the user (and is no longer operated manually).
He pointed out a few challenges in setting up and managing IoT solutions: privacy and metadata, the war for talent, security commodity. TCP/IP is everywhere, so this last challenge will only become bigger if not tackled properly. Moreover, especially for older devices, it is quite easy to hack devices. (See slides 17 + 18).
Access to more information about this topic and/or to download the paper is easy and fast, but exclusively for Beltug members (just login to get access).
Beltug gathers a lot of information. Here you find the advantages of Beltug membership
The Beltug Team
Click here to login