8 Cybersecurity Steps When Designing an IoT Device: A Checklist
What is on your IoT Cybersecurity checklist? This question was posed by the folks at The Device Chronicle which led to a very interesting dialog. Below is a summary of that conversation discussing eight cybersecurity steps to consider when designing an IoT device. For additional information, check out our definitive IoT cybersecurity checklist on The Device Chronicle.
8 Cybersecurity Steps For an IoT Device
Here are the eight key cybersecurity steps developers should consider when designing an IoT device.
- Consider the lifecycle of the device
- Embrace IoT security by design
- Perform a threat/risk analysis
- Follow NIST IoT cybersecurity recommendations
- Leverage processor security features or a Trusted Platform Module
- Keep keys and code secure
- Monitor and maintain the IoT device's cybersecurity state
- Prepare for End of Life (EOL)
1. Consider the Lifecycle of the Device
Cybersecurity is not a one-time event. No matter the type of device - PC, smartphone, server, or IoT device - cybersecurity needs to be considered in all phases of the device's lifecycle, from the design concept, through manufacturing and field deployment, to the end of its life.
2. Embrace IoT Security by Design
It is difficult to add security to a completed design. Unlike PCs or smartphones, IoT devices are not typically designed for software to be added after being deployed. IoT devices are optimized for cost, power and size, limiting a devices’ processor MHz, memory size, and network bandwidth. Simply put, there isn’t room to add additional cybersecurity features after the fact.
But when developers consider cybersecurity at the beginning of an IoT device’s design, they can add the needed cybersecurity protections in hardware and in various levels of the software stack. By creating a cybersecurity “defense in-depth strategy,” developers establish multiple layers of security controls so if one level is breached, there is another to back it up.
3. Perform a Threat/Risk Analysis
When a security-by-design approach is taken, there are many security features to possibly include. This leads designers wondering what is really needed. Performing a threat/risk analysis will help by evaluating how attackers could compromise a device, the chance an attack might happen and its impact, and how to eliminate the identified critical vulnerabilities. In other words, a threat/risk analysis guides a developer on what cybersecurity features they should include.
4. Follow NIST IoT Cybersecurity Recommendations
The National Institute of Standards and Technology (NIST) has published a number of recommendation documents (NISTIR 8259 series). Developers should consider these recommendations when performing the threat/risk analysis and deciding which cybersecurity features to implement. The document titled “IoT Device Cybersecurity Capability Core Baseline” provides a reference of cybersecurity capabilities, including:
- Device identification - the IoT device should have a unique and secure ID.
- Device configuration - includes secure boot, the extension of root-of-trust, and restoring a secure configuration.
- Data protection - encrypting and controlling access to sensitive data such as passwords and Personally Identifiable Information (PII).
- Logical access to interfaces - access management and passwords.
- Software update - secure and encrypted Over the Air (OTA) updates to authorized IoT devices
- Cybersecurity state awareness - detect if a device has been compromised with the ability to respond and recover.
5. Leverage Processor Security Features or a Trusted Platform Module (TPM)
Most microcontrollers and embedded microprocessors offer a wide range of security features developers can leverage to create secure devices. Features to investigate when considering a processor for your IoT design are secure boot, crypto accelerators, a processor core with memory dedicated to security, lockable I/O interfaces, and physical tamper detection. Availability of software tools and drivers to support these features is also an important consideration.
A Trusted Platform Module (TPM) is a stand-alone device that offers cryptographic functionality, secure key storage, and may include a small microcontroller core with memory. TPMs are designed for applications needing the highest security levels and prevent direct physical and side-channel attacks.
6. Keep Keys and Code Secure
The importance of supply chain security has come into the limelight since the attack on SolarWinds. It is critical to keep keys, certificates and software secure. A hardware security module (HSM) or secure PC can protect keys and code In a manufacturing environment.
7. Monitor and Maintain the IoT Device's Cybersecurity State
When an IoT device is in the field, it is important to monitor and maintain its cybersecurity state. A vulnerability disclosure policy (VDP) and an incident response plan are important to detail the actions to take if your IoT devices is hacked. A VDP enables the white-hat security community to give you feedback on vulnerabilities found in a device by making clear how to report what they find. Software updates, such as that offered by Mender.io, and Intrusion Detection System (IDS) software are important approaches embedded designers need to consider.
8. Prepare for End of Life (EOL)
Finally, developers need to think about the security of their device at its End-of-Life (EOL). Security keys and certificates should be retired so adversaries can’t use them to exploit vulnerabilities.
By following this checklist IoT developers can greatly improve the security of devices, establish processes to maintain and monitor their devices, create a culture of security, and prevent adversaries from exposing their devices, networks and systems. To learn how BG Networks can assist you with your IoT cybersecurity project, contact us for a free consultation.