In the span of a few short years, connected devices have entered into the dwellings of millions. Human intervention is no longer necessary to operate the devices — they know when and how to act. While disrupting every corner of the affordable community, who is responsible for the cybersecurity of smart connected devices?
With the increasing number of network connections, the need for cybersecurity is becoming more and more important. For example, after viewing unauthorized surveillance cameras and video intercoms, bad actors could socially engineer access to physically secure communities with little technical experience.
Affordable housing populations are becoming increasingly sensitive to the issues of data protection and information security. Likewise, owners and operators of affordable housing communities are wisely revising their security requirements, and, consequently, investments in cybersecurity to address the new realities. In doing so, affordable housing communities benefit, knowing they can't check every product they want to buy for potential risks so protecting against common risks needs to be a focus for the solution providers.
What is new with connected devices is that technology-solution-providers are responsible for ongoing security during the entire lifecycle. Software updates for networked products are a must when it comes to cybersecurity. Possible cyber attacks range from opening electronic locks and triggering fire alarms to cyberespionage and Distributed Denial-of-Service (DDOS) attacks. Currently, attacks are still rare — but possible risks must be considered now by manufacturers. They must ensure information security, by correctly using hash functions to store passwords, selecting suitable cryptographic algorithms to create confidentiality, or using firewalls and packet filters, for example.
The most common reasons for the vulnerability of smart devices
When it comes to cybersecurity in affordable communities, both solution-providers and community-owners and operators share responsibility. Let’s dive into some of the most common reasons why connected devices are vulnerable:
- Security measures were not implemented or sufficiently tested during product development.
- Local networks such as WLAN and Bluetooth are often considered trustworthy by the manufacturer, although they have comparatively weak security features depending on the configuration. Due to the assumption that communication takes place over short distances, authentication is not sufficiently important.
- There is a lack of system updates that could fix known vulnerabilities
- Inadequate configuration of devices
With these four steps, entire communities inherit cybersecurity resilience
- Router, cloud services, and smartphones should be provided with secure passwords.
- Perform regular software updates and allow firmware of devices and routers to be updated
- Create different networks for work, guests, entertainment and smart communities (the keyword is network segmentation)
- Use cloud-based solutions
Six steps for solution-providers to improve the cybersecurity of IoT products
So, how can technology-solution-providers deliver effective security for smart devices? Here too, we see that it's the mix that makes the difference. The security of smart products has a lot to do with network challenges. But also internal processes that the solution-provider must play their part to ensure security.
- Require authentication
Strong authentication and access control mechanisms ensure that only authorized users have access to networks and data.
- Lifecycle monitoring
Device monitoring tools can help verify the health of firmware and software at startup, during operation, and during difficult upgrade phases. Automatic updates should be enabled by default.
- Use encryption
Encryption at the network and transport level is indispensable for the protection of data. Various network-based attacks can thus be prevented.
- Secure APIs
Application Programming Interface (API) security is essential for the secure exchange of data between devices within a local area network (LAN), but also across network boundaries to backend systems.
- Detect threats
Analysis techniques for monitoring network traffic can help detect anomalies and vulnerabilities early on.
- Strengthen processes
Technology is a cornerstone of IoT security — yet internal processes must also support security. Security guidelines and training procedures should be clearly defined, regularly updated, and consistently implemented.
Dynamic certification for smart products
Possible attacks can be reduced with methodical risk analysis and security assessments by technology-solution-providers, as outlined above. These steps can help make IoT products safer and are part of the information security and risk management that every technology-solution-provider should own. Safety and security certification organizations regularly train their employees internally on how to meet security requirements and test the cybersecurity of products. With a functioning security and risk management system, nothing stands in the way of providing a secure product and demonstrating security posture to the marketplace.
At present, technology-solution-providers don’t have to prove much; the legislative and certification framework for cybersecurity is voluntary. Creating clear test criteria that also guarantee the security of digitized products is also a challenge due to the ever-changing cyber risks. So, it is crucial for technology-solution-providers to understand the potential threats their connected products face, train their internal staffs to build in security by design, assess their products to best practices, frameworks or standards, and demonstrate the cybersecurity strengths of their product to the marketplace to empower consumers to incorporate security into their purchasing decisions.
For guidance and support on how to best protect your affordable housing community, contact us today.