Locking down networks when IoT opens the door
- By Matt Leonard
- Jul 19, 2017
The internet of things is here to stay, according to the Environmental Protection Agency's Sean Kelley. “We are addicted to the data that these things bring,” the agency's chief information security officer told an audience at the AFCEA Energy and Earth Science IT Symposium.
Securing IoT-connected systems, however, has proved difficult.
Security systems can send real-time alerts when IoT sensors are showing abnormal behavior, Cisco's Principal and Director of Security Brian Tillett said, but they must know the baseline operations of both the network and the connected devices.
”You can’t detect something abnormal unless you know what normal is in the first place,” Tillett said. Once systems know what should happen, “anything outside of this throws you an alert,” he said.
Citrix CSO Stan Black agreed with the importance of understanding the network. Agencies should know what sensors push to what ports, which protocols they use and what their daily behavior looks like.
“Once [a sensor is] in the wild and it's out in your infrastructure, it may never see the light of day for support, patching, etc., so contain, control and mitigate,” Black said.
Agencies should determine why IoT is important to their missions and weigh those benefits with the real security risks, which Kelley compared to an insider threat.
“Once I allow the internet of things or any sensor or research device on the network, it's just like an inside user, it's the biggest threat I have inside the network,” he said.
Virtualized environments and segmentation can help secure IoT-enabled networks, “but there is no easy solution to this," Kelley said. "It's not going to stop because users are always going to want the next greatest thing.”
Matt Leonard is a former reporter for GCN.