Shulou(Shulou.com)06/01 Report--

Original title: Safe Cow

Connected devices are now integrated into every aspect of our lives, from homes to factories, and many criminals now have a variety of end targets.

Entering the new decade, the IoT security field is gradually maturing, but it is also accompanied by a new wave of risks.

Not so long ago, the term "IoT security" sounded a bit self-contradictory. But now, awareness of the importance of IoT security has reached unprecedented heights. Connected devices are now integrated into every aspect of our lives, from homes to factories, and many criminals now have a variety of end targets. Here's a preview of what's coming next year in the cat-and-mouse game of cybersecurity.

1. Smart building safety issues cause concern

In 2020, smart building safety is likely to be the top consideration for facility managers. Gartner research shows that 80% of connected devices will be building-related by 2020, and smart buildings offer adversaries new avenues of attack. But experts are divided on whether such security breaches will increase significantly next year. Mirel Sehic, global director of cybersecurity at Honeywell Building Solutions, expects significant growth. Building management systems may be used as a springboard to gain access to IT data and manipulate building controls.

Andrew Howard, CEO of Kudelski Security, said: "I don't think we'll see more of these security issues next year because many of the networks inside buildings are highly isolated.

While one or two systems may be connected to the Internet, most are not. Even when networked, it is usually VLAN isolated. This isn't the usual IoT network where everything is laid out on a flat network architecture. From my experience, most buildings, old or new, attach great importance to segregation. For example, elevators are isolated from building management systems and escalators. Security cameras in buildings may be connected to the Internet, but it is basically difficult to use this as a springboard to jump into the building management system.

After the Target credit card data breach in 2013, the prospect of connected building systems became a major cybersecurity concern. In this incident, Target's HVAC supplier was hit and criminals were able to gain access to its internal network, including its payment system. 40 million credit card numbers just for that one item.

One of the challenges in protecting building safety is that the situation is often fragmented. No big players have emerged as security providers in the space.

2. 5G security begins to emerge

In 2019, 5G looks like a theoretical possibility. In the first half of the year, 5G showed up at trade shows and in individual regions, but now telecom companies are starting to launch their 5G networks.

By 2020, as 5G deployments continue to roll out, cybersecurity issues will follow. Cesar Cerrudo, chief technology officer of IOActive, agrees.

The more things are interconnected, the more security issues there are, at any given time.

The prospect of 5G eventually becoming the base protocol means that everything from surveillance and traffic cameras to vehicles will be connected through the protocol. This could provide criminals with a way to paralyse communities, cities and even entire countries. 5G can also provide connectivity for devices that primarily use different wireless protocols. For example, 5G can be used as an LPWAN device to access the backhaul line of the cloud.

Despite its anti-interference properties, 5G, like other wireless communication methods, is vulnerable to denial of service intrusion and congestion.

Telecom and infrastructure companies are aggressively promoting various use cases for 5G, including in the industrial sector. Applying 5G to critical industrial processes with a real business impact is a risky proposition. Jason Haward-Grau, PAS Global Chief Information Security Officer, said:

Complicating the situation is the fact that many industrial environments are populated with outdated legacy equipment. Wrongdoers will begin to target these environments with serious consequences, such as unauthorized modifications to configurations that can cause industrial processes not to function as intended, resulting in industrial accidents, power outages, and even environmental disasters.

3. Managed Security Services Market Surges

In recent years, many companies have begun to abandon the idea of managing security alone. One growing segment is managed security services, which Kenneth Research says is growing at 15% a year.

In 2020, the growth rate of the managed security services market will be even higher. Overall, many companies undergoing digital transformation struggle to find enough expertise to handle the increasing complexity of cybersecurity issues. So they turned their attention to hosting.

Cerrudo also predicts increased demand for Cybersecurity Consultation Service.

Demand should grow as our technology dependence and usage grows. Companies look for services to help them adapt their problems and services to the company's needs. This process takes a variety of approaches, including partnerships, outsourcing, software-as-a-service (SaaS) solutions, regular services, and more.

But the complexity of the cybersecurity market makes some companies wary of outsourcing entirely.

One of the changes I've seen in the cybersecurity market over the last few years is that large companies are more willing to bring in managed security vendors to handle some, but not all, of the security work. In the past they were either fully in-house or fully outsourced. I think we're going to see more mixed patterns.

4. OT Cyber Security Giant Is Growing in Importance

Operational Technology (OT) cybersecurity has gained some traction with the revelation that safety instrumented systems are a current safety problem. Honeywell's Mirel Sehic expects this trend to continue accelerating in 2020 as more OT environments embrace digitalization.

Howard agrees: customers have been nervous about security when talking to them about OT environments in the past, and that trend will accelerate.

One factor is that the market is still immature. From a security perspective, the OT landscape is similar to the IT landscape a decade ago. Ten years ago, it was difficult to find security standards that applied to IT environments. Cyber security personnel can find some NIST guidelines, but it's not a big deal to find slightly different ones for specific industrial environments.

This has led to the rise of OT-focused organizations such as Siemens 'Charter of Trust and the nonprofit foundation MITRE Engenuity's Center for Threat-Informed Defense. Howard expects more organizations focused on OT networking standards to emerge in 2020.

When it comes to security, OT is harder than IT. After all, in IT, the difference between notebook A and notebook B and server C isn't that great, especially with OS consolidation. But Rockwell PLC and Honeywell manufacturing systems are worlds apart.

PAS Global COO Mark Carrigan observed an increase in security standards for OT such as ISA/IEC 62443 and the European Cyber Directive, as well as a number of frameworks for OT introduced by bodies such as NIST, NERC, SANS and the Internet Security Center. Carrigan told the media in an email:

In 2020, cyber risks will decrease as these frameworks and standards are gradually adopted. However, the adoption and validation of these frameworks and standards by companies consume resources and increase the cost and complexity of industrial cybersecurity. Because standards and framework adoption is relatively immature, companies may need to evaluate multiple framework adoptions, further increasing costs and complexity.

5. IoT Security: Starting from the Design Phase

No product designer wants to create a connected product with no security at all. Unless he works for a company that has trouble reconciling time-to-market, cost and customer experience. However, Charlene Marini, vice president of strategy for Arm's IoT Services Group, believes the situation is improving given the attention IoT security has received. She revealed in the email that IoT device manufacturers and connected device deployers will set up feature upgrade plans to ensure the security of IoT systems.

This shift in thinking will mean that device manufacturers are starting to focus on creating trusted, connected and manageable products. The new IoT security mindset includes embedding lifecycle management capabilities at the design stage, writing software premised on security and privacy principles, and providing deployers with updates to available devices. For companies deploying IoT devices, this shift in thinking also involves bringing in experienced experts to help manage large-scale IoT networks.

Marini's colleague, Hima Mukkamala, senior vice president and general manager of Arm's IoT cloud services, believes regulations such as the EU's General Data Protection Regulation and the California Consumer Privacy Act will continue to emphasize the importance of privacy and security in IoT devices.

Given the growth in the number of IoT devices and government regulations, data privacy and security will be the biggest drivers for IoT solutions. For companies considering deploying IoT infrastructure in 2020, security will be a key factor in their decision-making process.

Carl Wearn, director of electronic crime at Mimecast, takes a similar view. He expects IoT-related cyber risks to rise next year along with poor security and extortion opportunities, and predicts increased legislation related to the use of such connected devices. Wearn said this general lack of connectivity and device built-in security has been grossly ignored for too long, and public awareness of its use and potential exploits is increasing.

AI hype continues, but vertical AI approaches rise

The hype surrounding artificial intelligence in cybersecurity is beginning to cool. But don't expect dramatic improvements. The label "AI" has been photographed on almost everything, many of which are nothing more than decision trees, algorithms or software. Of course, that's not to say AI doesn't have huge potential. But the real term "AI" has become something of a buzzword with no specific meaning.

Take an example. At a conference earlier, I was talking to a lot of other cybersecurity executives about how AI drives behavior change. People started giving examples of how they could use AI to minimize network risk. There are many examples. When I heard the seventh example, I raised my hand and said,'Nobody describes an AI use case.' You're just describing process workflows and software. If there is no machine learning model or neural network function behind it, it is just software. '

Artem Kroupenev, vice president of strategy at Auury, a company focused on using industrial IoT sensors to monitor machine health, remains optimistic about AI's future in cybersecurity. Given AI's current maturity, products that are carefully designed for specific use cases will be more effective than products that are manufactured using generic methods.

In 2020, we will see industrial enterprises begin to adopt AI around specific vertical use cases. And by specific use cases here, I mean the Industrial Internet of Things.

Speaking about the use of AI in cybersecurity, Cerrudo explained that if you want to provide better solutions, you have to narrow your focus and focus on R & D. AI usage continues to grow and mature, and the more targeted it is, the more accurate it will be. Broadening the scope only adds complexity and reduces efficiency.

Bi 'an Technology, as the pioneer in the application of information security products such as "Bi' an Cloud Shield" in the field of construction engineering information security in China, will devote itself to research and development of comprehensive and systematic information security products of building Internet of Things + Internet to protect intelligent collaborative platforms, intelligent construction sites, intelligent buildings and intelligent cities!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.