Major Vendors Form IoT Cybersecurity Alliance

February 08, 2017 - IBM, Nokia, AT&T, Palo Alto Networks, Symantec, and Trustonic announced the formation of the IoT Cybersecurity Alliance to research better ways to secure an IoT ecosystem and help solve IoT security challenges.

The influx of healthcare Internet of Things (IoT) devices causes organizations to reassess their infrastructure to accommodate the increased number of network connections. IoT devices function differently than traditional connected devices and there is a growing need for security solutions to handle the unique threats of the IoT.

The healthcare industry is home to some of the most dense IoT deployments. Many medical devices require WiFi chips and are connected to an organization’s network.

“An average hospital room will have between 15 and 20 medical devices, and almost all of them will be networked,” Aruba Networks Product Marketing Manager Rick Reid told HITInfrastructure.com. “That’s a pretty high density if you think about the size of an ICU room, which is usually about 15’x15’ with 20 devices in it - and the room next door has 20 devices in it. A ward typically has 20 beds, so that’s quite a lot of devices in a relatively small area.”

As different kinds of IoT devices are adopted into the IT infrastructure, they cannot be secured the same way as traditional devices. IoT devices have their own set of unique security risks. In the past three years alone, AT&T reported it has seen a 3,198 percent increase in attackers scanning for vulnerabilities in IoT devices.

IT decision-makers recognize that many IoT devices are designed without network security protocols in mind, which can threaten the organization deploying it.

"The explosive growth in the number of IoT devices is only expected to continue; therefore, so must the associated cybersecurity protections,” AT&T Senior Vice President of Advanced Solutions Mo Katibeh said in a statement. "Today's businesses are connecting devices ranging from robots on factory floors to pacemakers and refrigerators. Helping these organizations stay protected requires innovation across the whole IoT ecosystem to enable sustainable growth."

The new alliance believes that IoT security solutions need to protect all devices at the endpoint, network, cloud, and application layers. They aim to encourage the use of analytics to study IoT ecosystems and that security should be built in to IoT devices and applications.

The IoT Cybersecurity Alliance will collaborate and research IoT security challenges currently facing all major deployment types, including healthcare. The alliance plans to conduct use cases to identify ways to advance security across the board.

The alliance plans to do this by solving for security problems that occur in the various layers of the IoT, including the endpoint, network connectivity, cloud and application layers. Protecting just one layer is not enough to ensure full protection from cyberattacks.

Another point the alliance brings up to the general transparency and availability of security features across the network ecosystem. Similar t traditional devices, IoT devices need to be current and able to resist new threats present themselves from users and cyberattacks.

The alliance also intends to positively influence IoT standards and security policies by advising and educating customers about the many IoT cybersecurity threats before they implement mobile or IoT devices. Along with cautions about cybersecurity threats, the alliance also wishes to emphasize the benefits of IoT technologies and how to take advantage of the technology and devices while remaining secure.

AT&T Chief Security Officer Bill O’Hern explained in a statement that every connected device is a potential entry point for cyberattacks. Each device requires different security considerations which drives the need for a standardized method of securing IoT devices.