IoT systems consist of multiple gateways, networking protocols, and even physical mediums. Edge devices may connect to each other within a Wireless Sensor Network (WSN) using short-range protocols such as ZigBee and Z-Wave, while gateways connect to the cloud over IP connections using messaging frameworks, such as MQTT or REST. Securing an IoT system requires a comprehensive evaluation and lockdown of the gateways and networking components of the system. 

Secure bootstrapping concerns the processes associated with the initial provisioning of passwords, credentials, network information, and other parameters to the devices and the enterprise systems that need to be aware of the devices. When new devices are incorporated into a network, it is vital that they be distinguished as being legitimate rather than rogue or hostile devices. Secure bootstrapping consists of the security processes necessary to ensure that a new (or reintroduced) device undergoes the following:

Information is power. Take the time to set up your threat intelligence and vulnerability tracking capabilities to ensure that you can see what is going on in your networks as well as what is happening on a larger scale in the security industry.

There is more to discuss related to IoT asset management than simply keeping track of the physical location of each component. Some IoT devices can benefit from predictive analytics to help identify when an asset requires maintenance and also detect in real time when an asset has gone offline. By incorporating new data analytic techniques into an IoT ecosystem, organizations can benefit from these new capabilities and apply them to the IoT assets themselves.

When imaging a device such as an autonomous connected vehicle working on a construction site, or perhaps a robot on a manufacturing floor, the ability to predict failure becomes significant. Prediction is only the first step, however, as the IoT matures with new capabilities to automatically respond to failures and even autonomously swap out broken components for new replacements.

Consider a set of drones used in security and surveillance applications. Each drone is essentially an IoT endpoint that must be managed by the...

Keys and certificates provide identities to IoT devices, gateways, and other components and enable secure data in transit across IoT systems. Although most organizations have existing agreements with PKI providers for Secure Sockets Layer (SSL) certificates, the provisioning of certificates to IoT devices frequently do not fit the typical SSL model. PKI service providers such as GlobalSign and Digicert have begun tailoring their certificate offerings towards the IoT. Another option however is the stand-up of an in-house PKI.

Device certificates chain up to root certificates, also known as trust anchors. These trust anchors are provisioned to devices and enable trust within an organization. There must be processes in place to manage these trust anchors. For example, deleting trust anchors that may have been compromised or adding new trust anchors to extend trust.

Certificates must also be actively managed. Certificate lifetimes should be limited (for example,...

Just as with keys and certificates, accounts and passwords should be actively managed. Passwords used for remote access to IoT devices, or used to restrict operational IoT activities (for example, pub/sub message handling) should be rotated regularly. This is not possible using manual methods, so automation is key here. Tools, such as those from ForgeRock, provide options to enable automated account and password management.

ForgeRock allows you to pair their identity management platform with identity edge controllers that are installed on IoT devices. This pairing supports password policy enforcement, including password strength, age, and reuse, and supports dynamic authorization decisions for device-to-device, device-to-service, and user-to-device relationships. 

Patching and updates concern how software and firmware binaries are provisioned to IoT devices. Most legacy and even some new systems require direct connections (for example, USB, console, JTAG, Ethernet, or others) to locally and manually update a device to new versions. Given the migration to cloud-based monitoring and management, many newer devices have the capability to update or patch software over the network from the manufacturer or dedicated device/system manager. Severe vulnerabilities are possible in software update and patching workflows; therefore, in the device engineering process, it is crucial that the following be supported in any over-the-air patching capability:

There are many challenges to monitoring your IoT system. For example, some devices may not generate security audit logs, and many devices do not support formats such as syslog. Gaining timely access to device log data can prove difficult, and the confidence in the integrity of IoT device audit logs may be limited, given minimal, if any, protection mechanisms applied to the logs. Even so, there are events that should be monitored within an IoT system. Any of these events on their own are not necessarily an indicator of compromise; however, security analysts should correlate events across the system to determine if further investigation is required. Some events to monitor within an IoT system include: 

In 2015, OpenDNS released a report on the IoT in the enterprise. This report provided an early glimpse into challenges that security practitioners will soon face. The report identified that employees had been connecting their own IoT devices into their employer networks, and found that devices such as smart televisions were reaching out through enterprise firewalls to manufacturer IP addresses across a number of ports. This research demonstrated the need to train employees on what is appropriate to connect to the network and to train security administrators to be on the lookout for inappropriately connected consumer IoT devices.

There are not a lot of ready-made training options available for your stakeholders. Even so, it is possible to create your own in-house training material and provide them with it on a regular basis. This section describes content that should be included in security awareness training for employees and in training for security and system...

Assessing the organization's IoT implementations requires testing of hardware and software, and should include regularly scheduled penetration test activities as well as autonomous tests that occur throughout the cycle of the operation.

Aside from being a good security practice, many regulations require third-party penetration tests that in the future will include IoT devices/systems. Penetration tests can also validate the existing security controls and identify gaps within the implemented security controls.

Blue teams should also be used to continuously evaluate the security posture of the enterprise as red teams are conducting their exercises. Also, it is vital to assess the security posture of new IoT infrastructure software and hardware components prior to introducing them into the architecture.

Continuous monitoring for IoT security compliance is a challenge and will continue to be a challenge as regulators attempt to catch up with mapping and extending existing guidance to the IoT.

Compliance represents the security and policy requirements that are inherited and applicable to one's IoT deployment. From a security life-cycle perspective, compliance is wholly dependent on the specific industry regulatory environment and whether it is commercial or government. For example, devices and systems playing a role in credit and debit card financial transactions must adhere to the Payment Card Industry (PCI) series of standards for point-of-sale devices as well as core infrastructure. Military systems typically require DITSCAP and DIACAP types of Certification and Accreditation (C&A). Postal devices that perform financial transactions in the form of package and envelope postal metering must adhere to the postal authority's standards for such devices. Postal meters...

Just as the IoT blends together the physical and electronic world, it also blends together traditional IT capabilities with business processes—business processes that have the ability to impact the bottom line of an organization when interrupted. Impacts can include financial loss, reputation damage, and even personnel safety and loss of life. Managing IoT-related incidents requires security staff to have better insights into how the compromise or disruption of a particular IoT system impacts the business. Responders should be familiar with business continuity plans (which need to be developed with the IoT system in mind) to determine which steps to take to respond to an incident.

Microgrids provide a valuable example for incident management. Microgrids are self-contained energy generation, distribution, and management systems that may or may not be connected to a larger power distribution infrastructure. Identifying an incident involving one of the Programmable Logic Controllers...

The disposal phase of a system can apply to the system as a whole or to individual components of the system. IoT systems can generate significant data; however, minimal data is typically kept on the devices themselves. This does not, however, mean that the controls associated with IoT devices can be overlooked. Proper disposal procedures can prevent adversaries gaining physical access to IoT devices (for example, dumpster diving for old electronics).

In this chapter, we discussed the IoT security life-cycle management processes associated with IoT device implementation, integration, operation, and disposal. Each has vital subprocesses that must be created or adopted for use in any IoT deployment and in just about any industry. While much attention is given in the literature to secure device design (or lack thereof), firm attention must also be given to secure integration and operational deployment.

In Chapter 6, Cryptographic Fundamentals for IoT Security Engineering, we will provide a background in applied cryptography as it relates to the IoT. We provide this background because many legacy industries new to security may struggle to correctly adopt and integrate cryptography into their products.