Protecting IoT devices from cyber-attacks

AI-Generated Image Licensed through Adobe Photoshop

Investigators initially thought a rogue nation was behind the Mirai malware tool that took down some of the biggest sites and services on the web, including the likes of Netflix, PayPal and Slack. Despite its sophistication, the malware turned out to be the work of three young men, all in their teens or early twenties and operating from their bedrooms. <_o3a_p>

They designed Mirai to exploit weak security in IoT devices, transforming them into a botnet army capable of launching massive Distributed Denial of Service (DDoS) attacks. They and others used Mirai to carry out some of the most infamous DDoS attacks in history.<_o3a_p>

Targets included the website of security journalist Brian Krebs and the DNS provider Dyn, which disrupted internet access across the United States. Mirai and its variants have also wreaked havoc in Africa, Asia, Europe and South America. <_o3a_p>

DDoS attacks have been increasing in number in recent years as hackers adapt their strategies to neutralize commonly used countermeasures and mitigation techniques. There is evidence that cyber threat actors are becoming more creative as IT administrators grow used to dealing with one of the most common types of cyber-attack.<_o3a_p>

As the IoT continues to expand, encompassing everything from smart home devices to industrial machinery, ensuring the safety of people, systems and data transmission channels is essential. International standards provide a universal framework for IoT security.<_o3a_p>

For instance, ISO/IEC 30141 offers a standardized IoT Reference Architecture, aimed at creating safer and more resilient connected systems. This framework helps IoT application designers and developers build secure, privacy-friendly systems. It emphasizes functional requirements, like data and device management, as well as non-functional requirements, such as maintainability, reliability and scalability.<_o3a_p>

ISO/IEC 27400 and ISO/IEC 27402 provide guidelines and baseline requirements for IoT security and privacy. The development of sector-specific architectures, as outlined in ISO/IEC 30149, further enhances the trustworthiness of IoT systems and services. <_o3a_p>

Standards like ISO/IEC 30165 and ISO/IEC 21823 address real-time capabilities and interoperability challenges to ensure that IoT systems can operate securely, even in complex, large-scale environments.<_o3a_p>

The integration of industrial automation and control systems (IACS) into the industrial internet of things (IIoT) poses cyber security challenges for critical infrastructure, such as the electricity grid, water management systems and manufacturing plants. Standards like IEC 62443 are designed to address these challenges by providing guidelines for securing IACS and ensuring their safe and reliable operation in the context of IIoT.<_o3a_p>

IECEE conformity assessment ensures the correct implementation of IEC 62443. IECEE also provides certification to ETSI EN 303 645 for consumer IoT cyber security. IoT products included in its scope include connected children's toys and baby monitors, connected safety products such as smoke detectors, smart cameras, TVs and speakers, wearable health trackers, connected appliances and more.<_o3a_p>

The Mirai incident serves as a stark reminder of cyber security vulnerabilities in an increasingly connected world. It is a world where most of those who carry out the attacks need only limited IT skills, instead relying on developers like the Mirai creators to make malicious code available for purchase or free download. <_o3a_p>

<_o3a_p>

See also<_o3a_p>

Essential IoT standard gets a second edition<_o3a_p>