Today, the UK Government released an interim report on “Security by Design: Improving the cyber security of consumer Internet of Things.” The report, which recognises the importance of government and industry working together, can play an important role in helping to address the cybersecurity challenges associated with the growing Internet of Things (IoT) ecosystem.
The number of connected devices in the world is predicted to increase significantly and as stated in the report, IoT has already brought significant economic and social benefits and it is expected that there will be further benefits for consumers and companies alike. However, the successful adoption and the benefit of these devices could be negatively impacted by cyber risk.
The interim report aims to reduce this risk and provides a basis to improve the security of IoT devices. It calls on the security community to adopt a code of practice to reduce the harm to consumers and organisations by shifting responsibility of security away from the user and to ensure devices are secure over their entire life cycle. The report contains a number of guiding principles and proposed guidelines.
One of the secure by design principles is to make security more measurable so that devices and services can be continually improved, and effort focused on measurable areas. It also calls for provisions to secure the resilience of critical functions and services.
A key recommended guideline in the code of practice is to monitor system telemetry data. The argument here is that as these devices and services will generate significant amounts of telemetry data / machine data, this data should be utilised to minimise security risk and allow quick mitigation of problems. This means a platform (like Splunk Enterprise and Splunk Cloud) becomes critical for device and service providers to ensure they can collect and analyse machine data in a centralized, controlled and audited environment.
Machine data can be used to proactively detect anomalies through machine learning, and in case of an incident, respond quickly and provide proactive analytics as well as a historical audit.
In fact, it’s already possible for Splunk software to help clients detect anomalies, measure security outcomes and provide resilient services. Splunk Enterprise Security allows our customers to instrument their apps and settings to collect log data from their desired endpoints via a telemetry framework. Organizations can then identify certain types of logs generated by IoT devices as malicious and set up alerts accordingly. For example, if a device starts to send data to an external IP address (such as a DDoS attack from IoT devices) or if an odd, or suspicious ‘actor’ logs into the device, then these events can be detected to send out an alert.
The UK Government’s interim report is an important step, and quite rightly calls for security to become a design principle. Strong partnership between government and industry will be critical as efforts continue to address this important issue.