The IoT Protection Challenge
A collaborative strategy is required between the device vendors and device operators in the field to manage cyber risks across the IoT industry. This supply chain begins in the fabrication lab of the semiconductor (chipset) vendor with a root-of-trust anchor (the secure element). The original equipment manufacturer (OEM) or original device manufacturer (ODM) must then integrate a root-of-trust anchor on the equipment (mezzanine board) as a contract manufacturer for the device vendors. The system integrator may then assemble hardened subsystem components from a plurality of device vendors for the specialized IoT industry. Finally, a device operator manages the operations, administration, maintenance and provisioning services.
With the advent of software-as-a-service (SaaS) utility models for capital and operational expense reduction, cybersecurity services for IoT devices will inevitably migrate to public, private, or community cloud-based IoT platforms. The passage from on-premise to on-cloud, and the adoption gap between the mainstream device vendors and the managed security service providers, needs to be bridged with a holistic cyber risk management platform that enables digital transformation in the IoT industry.
IoT Risk Model
The elixir to cure cybersecurity risks in IoT will require a prolonged and tenacious commitment to change. The rebirth of the Internet needs to be protection centric and must not relegate security initiatives to an IoT cottage industry in the wild that must defend against sophisticated cyber criminals and nation-state actors with reactive tactics. The transformative and economic potential of IoT requires both a microscopic and telescopic vision of cybersecurity. This has serious implications for cyber insurance companies as well.
The willingness of the insurer to pay off cybercriminals as a mitigation process for recovery of services and compromised devices will only encourage cyber-attackers – not discourage the cybercrime syndicate. If government regulators fail rise to the occasion and protect cyber commerce and data, the insurance companies will have to step up with guidelines for cyber resilience or suffer from the consequences of attacks on cyber infrastructure. Staying in the infinite game of cybersecurity, against a determined cyber adversary, requires the will and resources of all players in the supply chain.
The IoT Ecosystem