Protecting IoT devices from cyberattacks: A critical missing piece: Page 3 of 13

August 10, 2017 //By Alan Grau, Icon Labs
When it comes to protecting IoT devices from cyber attacks, both device hardening and security appliance approaches each has its supporters, but there are trade-offs between “device-centric” and “appliance-centric.”

Device security requirements

Before selecting an IoT security framework, it is important to step back and look at the requirements at both device and system levels. Security requirements for IoT devices must take into consideration the cost of a security failure (economic, environmental, social, etc.), the likelihood of attack, possible attack vectors, and the cost of implementing a security solution.

Security capabilities needing consideration are:

  • Secure boot;
  • Secure firmware updates;
  • Secure communication;
  • Data at-rest protection;
  • Embedded firewall and intrusion detection;
  • Key and certificate management;
  • Authentication;
  • Integration with security management systems;
  • Security policy management;
  • Security event reporting.

A security framework, such as the Floodgate Security Framework, provides an integrated suite of security building blocks (Fig. 2).


Figure 2: An implementation of the necessary elements to provide security.

Design category: