IoT Security Adopts a Platform Approach
As is often the case, network security tools are just now beginning to keep catch up with vulnerable Internet of Things deployments, particularly leading edge industrial IoT infrastructure.
With that in mind, some security vendors are taking a platform approach to securing industrial IoT devices and industrial clouds that are among the earlier deployments. The latest comes from security specialist Mocana Corp., which cut its teeth securing ubiquitous embedded systems that have morphed into IoT networks.
The Bay Area security specialist said this week its approach looks to secure a wide range of IoT devices associated with everything from power grids to jet engines. Its new IoT security platform incorporates several new features designed to counter evolving cyber threats that exploit weak points in industrial networks.
The first is a so-called "trust engine," or abstraction layer, designed to leverage security hardware emerging from chipmakers such as ARM, Infineon (ETR: IFX) and Intel (NASDAQ: INTC). For example, ARM introduced a processor last fall incorporating its TrustZone technology designed to establish what cryptographers call a "trust anchor" in which security is assumed rather than derived.
Trust engines such as the Mocana offering are fundamental building blocks for mission-critical applications such as determining when a jet engine requires maintenance or repair.
Another component of the company's "full-stack" security framework is an automated certificate management tool that seeks to ensure trust from system booting and firmware updates to industrial IoT operations. The automated security approach includes what the vendor calls "Enrollment over Secure Transport" and "trust chaining."
The platform also includes a "strong" cryptographic engine used to authenticate and control IoT devices, network gateways and cloud applications. That approach addresses a weak link in IoT security: hackers have exploited vulnerabilities in ubiquitous IoT devices to gain access to networks.
The latest example surfaced earlier this month when researchers discovered a security flaw in devices made by Duhua, among the largest IoT device manufacturers, including IP-based security cameras.
With new IoT device security flaws emerging on a regular basis, platform vendors such as Mocana are likely to see business booming as more enterprises seek to bullet-proof industrial IoT deployments.
Mocana claims its cyber security software has been integrated into more than 70 chipsets and 30 operating systems. Major industrial IoT players such as GE (NYSE: GE) are using the security company's software in their industrial control systems, programmable logic controllers and cloud platforms.
"Hackers have demonstrated their ability to get behind firewalls and take over IoT devices," noted Mocana CEO William Diotte. "Once a hacker has control of an IoT device or controller behind a firewall, they can wreak havoc by manipulating flow controls, valves, compressors, power systems and engine controls…."
Hence, the company's platform approach targets embedded systems—the forerunners of industrial IoT deployments—as well as IoT devices and industrial clouds.