A persistent wave of headlines about data breaches and cyberattacks reinforces that cybersecurity remains fundamental to the future of our digital age and preservation of the economic and societal benefits that the internet provides. While new technology innovations continue to bring tremendous benefits to business productivity and our way of life, our increasing digital dependence is also broadening the cyberthreat landscape and creating more risk for enterprises and consumers alike.
The rapid rise of the Internet of Things (IoT) is one such innovation that represents a critical element of our current and future digital economy but, left unchecked, carries significant cybersecurity challenges that must be addressed if we are to realize its full promise. Generally speaking, IoT is a broad term used to describe the internetworking of physical devices embedded with software, sensors and network connectivity that enable those devices to collect and exchange data. IoT has a nearly limitless spectrum of application — ranging from small consumer devices like internet-connected thermostats, to massive industrial control systems (ICS) that manage critical infrastructure processes such as electricity and water distribution.
Homeland Security Advisor Tom Bossert and Palo Alto Networks CEO Mark McLaughlin headline the Cambridge Cyber Summit on Oct.4 in Boston. Click here for more information and tickets.
As manufacturers quickly respond to consumer demand by connecting more and more “things” to the internet, many products are coming to market without leveraging best practices and technologies that could secure these devices and the networks on which they rely. It’s not hyperbole to say that this interconnectivity carries the potential for catastrophic risk given society’s increasing dependence on internet-connected systems — such as self-driving cars, industrial machines, or medical devices — for critical or even life-sustaining functions.
But these risks can be manageable with a multi-pronged approach that emphasizes both innovative technologies and smart policy — because IoT security risks are ultimately a function of both technical and market-based challenges.
To be clear, there are some unique attributes that make IoT security objectively challenging — the scale and pace of device deployments, limited standardization for device-embedded security, and longer product lifecycles that are more likely to outlast vendor security support guarantees. But these security challenges are predominately characteristics of the IoT device itself, and it is a miscalculation to believe that IoT security is only about securing the “thing.” Instead, if enterprises adopt a more holistic security strategy that leverages the network as a security enforcement point, the challenges are less intractable.
While securing the device is certainly important, it’s just one possible vector for a successful cyberattack. To reduce enterprise risk, security capabilities must be delivered consistently across the entire IoT spectrum to enable the visibility and automation necessary to actively prevent cyber threats from targeting connected devices and appliances, and to protect the associated networks from distributed denial-of-service attacks that leverage the vast IoT ecosystem to form botnets. Existing next-generation security technologies, when properly deployed and integrated, can provide this level of threat prevention. But IoT is a distributed challenge that requires ecosystem-wide cooperation, which is why strategic partnerships like the recently announced IoT Cybersecurity Alliance that Palo Alto Networks joined with cross-industry leaders like AT&T, are so critically important.
While preventive security technologies are a key pillar of managing IoT security risks, there is also a potential role for governments to play in promoting better IoT security through various policy levers. To date, most global government policy initiatives have focused on promoting risk-based cybersecurity standards through largely voluntary processes with industry. We wholeheartedly support these collaborative models as a viable means to enhance IoT security without potentially stifling innovation through overly burdensome regulatory action.
To successfully and effectively secure IoT devices and the digitally connected appliances of tomorrow, collaboration between the public and private sectors is essential to preventing cyberattacks. We can and must take steps to work together to achieve this goal and protect our way of life in the digital age.