365 days a year: solutions, knowledge and networking.
Find and offer innovative IT security solutions, take part in our diverse action program and make and maintain contacts.
Become part of the it-sa 365 community!
So that you can make an appointment, the calendar will open in a new tab on the personal profile of your contact person.
So that you can make an onsite appointment, the appointment request will open in a new tab.
IoT is often associated more with everyday household objects that can be connected to the internet. Light switches, cars or household appliances are supposed to provide consumers with safer, more efficient and simpler everyday experiences and maybe even lower electricity bills.
IIoT or the Industrial Internet of Things, on the other hand, focuses on the manufacturing industry and agriculture. As with home-related devices, the aim here is to connect devices and work processes, making them more accessible and efficient.
Machines and plants are equipped with sensors and connected to the internet with the help of servers on site or with the help of a cloud. Both production speed and safety within a company should increase, while production costs should be reduced. The IoT solutions collect data and analyse it in real time, helping to identify and eliminate inefficient workflows. This technology can also be used to collect data for automation and machine learning.
IoT therefore refers to the B2C (business-to-consumer) sector and IIoT to the B2B (business-to-business) sector. Companies that implement IIoT solutions are able to monitor data in real time, perform predictive maintenance for an entire supply chain, manage employees with the same system and prevent costly equipment downtime.
In addition to great practical benefits, IoT unfortunately also offers a greater challenge for cybersecurity. The number of hacker attacks has risen massively in recent years, as a report by the German Federal Office for Information Security confirms. In addition, private individuals and even companies are often too negligent when it comes to their IT and now also IoT security, or lack the necessary expertise to ensure an adequate IT security environment. Here is an overview of the most common vulnerabilities:
The attacks described above have devastating consequences: Cybercriminals can use unprotected devices to monitor people or compromise IoT door locks. In the healthcare sector, criminals are at worst able to access sensitive patient data or endanger their health and lives. In industry, they can bring company processes to a standstill and thus jeopardise the business future or even the safety of employees. You can find more information about solutions on the topic of industrial security in the white papers of it-sa365 providers genua Gmbh and MB connect line GmbH.
What can companies and individuals do to ensure adequate IoT security? Unfortunately, there is no one-size-fits-all solution that can alleviate all concerns and prevent every attack. However, strategies and measures can be taken to minimise the risks:
Security audit and network segmentation
Before companies begin to deploy IoT technologies, they should conduct a general assessment of the risk potential for cyber attacks. All security gaps and vulnerabilities need to be identified and addressed. Next, it is advisable to segment the corporate network. Small, largely self-contained areas should be created in which the components can only communicate with each other. Each segmented group of devices may therefore only access the resources it needs to fulfil its intended tasks. In this way, the entire network is not directly infected by ransomware, for example, should one of these segments be affected. The data flow between the segments can be controlled and regulated by firewalls, for example. If segmentation of insecure installations, devices or systems is not possible, the company must ensure that they are isolated or separated from the rest of the network. Micro-segmentation establishes even smaller network segments that IoT devices are allowed to access to reduce the attack surface for cybercriminals.
Inventory and authentication of all IoT devices
It is also helpful to make a kind of inventory of the entire IoT system. This includes the most important identifiers of the respective assets, such as brand, model, location and con-figurations of hardware and software. What function do these devices perform within the system? Can they be used only for open networks or also for closed networks? Can they be updated or patched? This also gives users an overview of which systems support modern security controls and which do not, and where additional compensating security measures need to be implemented. Many hackers now also disguise themselves as trustworthy devices to gain access to the network. Companies must and can check their exact inventory data to see whether these are legitimate and harmless connections.
Data security through constant monitoring and encryption
To ensure the data security of the data collected by the IoT systems, it is advisable to analyse and classify this data. This must be observed in the idle state in order to detect unauthorised data access and manipulation. Only persons and devices with the necessary authorisation should have access to the corresponding data, and only for as long as is necessary for the work or processes at hand. Even authorised data access should be closely monitored. When using Mutual Transport Layer Security (mTLS), even two connected devices can authenticate each other and confirm their legitimacy, so that no unauthorised access occurs.
With modern cryptographic network protocols, the integrity of all communication channels as well as incoming and outgoing data can be guaranteed. Companies should always use the highest level of encryption available. Few devices use encrypted protocols when they are first configured. It is therefore recommended to use protocols such as HTTPS, Security File Transfer Protocol, Transport Layer Security as well as other protocols and DNS security extensions for sufficient encryption. Data stored on various external or internal data carriers should also be encrypted.
Audits, stress tests and constant network monitoring ensure that a consistently high security standard is established and maintained. All network activities should be monitored. For this reason, many companies now use so-called NAC solutions (Network Access Control), which identify and monitor the entire network, all devices linked to it and all users. At the beginning of a NAC implementation, each employee and each device receives a different access authorisation level so that not every person and every device can access the entire network.
Protecting IoT attack points in the home and home office
Now, users who use IoT devices at home can hardly achieve the same level of security as a large company, if only because the technical and financial resources are often not available. But private individuals should also take certain security measures. On the one hand, to protect their own IT systems and data, and on the other hand, because private life and work are becoming more and more intermingled due to the increasing establishment and spread of the home office. IoT components used at home that are not sufficiently secured can thus serve as a point of attack for the work network. Users should therefore take the following measures:
Users generally need to keep themselves well informed about internet protocols, but also other network protocols such as Bluetooth, Near Field Communication, GPS, Optical Infrared Communication, GPS and the lesser known nRF24, nRFxx, 443MHz, LoRA, LoRaWAN to be able to mitigate risks. IoT security is now receiving a little more attention and the area is being steadily researched. However, as with other IT security issues, user vigilance and caution, as well as continuous awareness and education of staff, is required to prevent as many security risks as possible.
Several different components are necessary for IoT to function as smoothly as possible.
Sensors or devices equipped with multiple sensors play a crucial role in the IoT network. They collect data from their environment or a machine. This can be different data, e.g. temperature measurements, movements, sound, humidity, light, pressure, noise or visual impressions. The physical parameters recorded are converted into an electrical signal and forwarded for processing.
Radio Frequency Identification (RFID) was developed to identify individual objects and to collect data about these objects. This data is stored on a small RFID inventory chip, which is then attached to the product. The chip can be read remotely using a reader, which transmits the data to a central information or database system for processing. Each of these chips has its own unique identification number.
Passive RFID technology allows an object to be identified and its location determined on demand. Real Time Location System (RTLS) even uses an entire system of readers that can constantly monitor the position of tagged objects and display it on a digital map so that any change in status can be tracked.
The possible applications are manifold. Everyday devices equipped with RFID chips can communicate with each other via a central hub. Devices can continuously transmit information about their location, status, condition, quantity, etc.. Thus, they enable better inventory and production planning as well as optimised supply chain management. RFID has also established itself in retail for IoT solutions such as smart shelves or self-service checkouts.
Within an IoT context, connectivity defines the connection between all points - i.e. sensors, routers, applications, platforms, etc. - in a network. IoT projects have different requirements and need different connectivity options accordingly. In addition to the RFID technology already mentioned, these can include wireless technologies such as mobile radio, WiFi or Bluetooth. Even a satellite connection is theoretically possible.
The relationship between IoT and cloud computing can be better understood by looking at IoT as a big data source that generates vast amounts of data. In this context, the cloud provides the decentralised infrastructure, computing power, database, storage and applications necessary to analyse and process this data.
Smart sensors are equipped with microprocessors. Normal sensors only accept external inputs, which the users then have to process. Smart sensors, on the other hand, can perform predefined functions and process data in a fraction of a second before passing it on.
These sensors measure physical variables, e.g. the operating temperature of machines or the speed of a rotating component. They identify deviations or even warn of dangerous work situations. They determine the maintenance and replacement needs of machines and systems in advance and thus shorten downtimes.
By monitoring temperature, pressure and humidity, intelligent sensors can also ensure healthy environmental conditions during activities involving a high level of physical exertion. Buildings equipped with smart sensors increase the efficiency of power, cooling, heating and lighting. Combined with GPS, they help track assets, vehicles or people.
In IoT, numerous sources generate an enormous amount of data. However, the collection, analysis and processing of this data is becoming increasingly difficult. Artificial intelligence or machine learning, which is a sub-area of AI, should provide a remedy at this point.
AI is often described as an application that imitates intelligent, possibly even human, characteristics. Machine learning enables the machine to learn and develop from data that is made available to it.
The simplest form of AI, however, still depends on human programming to perform a rule-based task. When something deviates from the norm, this AI tends to be perplexed, unable to respond with its own decisions or learn from the situation. AI combined with machine learning, on the other hand, should learn like humans in order to make independent decisions on this basis in the future. Human intervention is therefore no longer absolutely necessary in this scenario. For example, an intelligent thermostat can learn a user's schedule based on the location of the user's smartphone and its intelligent sensors. Security cameras can start recording as soon as they detect movement near the front door.
This type of machine learning is also already present in business and industry: manufacturers are developing IIoT sensors for agriculture that monitor soil conditions as well as temperature, humidity, sunlight and much more. Airlines are trying to increase fuel efficiency and predict aircraft maintenance needs.
At best, these devices are able to process constant streams of data and detect patterns that normal measurement devices cannot identify. In industry, it can analyse current operating conditions and identify parameters that need to be changed to achieve ideal working results. Risks can be better understood and predicted, enabling a faster response. Depending on the purpose, the complexity of such AI systems can vary greatly. Machine learning in the IoT, which can react autonomously to unforeseen problems with correct decisions and learn from mistakes, has much more potential for business than simple, rule-based AI. In particular, large amounts of data in industry or agriculture could be analysed and categorised more quickly in the field rather than first being sent to a central location for human analysis, which in turn requires enormous bandwidth.
There are numerous applications for the Internet of Things and countless IoT technologies. This is a sector that is constantly growing, surprising with new innovations and bringing great potential to individual private households, cities, healthcare, road transport, industry and many more.
Smartphones and tablets play an important role in the IoT infrastructure. With them and with the apps that users download, they can control many IoT devices or analyse data. For example, users are able to communicate with a smart thermostat to set the perfect temperature before they even arrive home.
Smarthome devices automate household functions. These include intelligent speakers such as Amazon Echo, Google Home, etc., which allow users to make search queries, check news or weather reports, control household devices or listen to music, podcasts, audio books or audio plays by voice command. Intelligent refrigerators are able to recognise the different items that are stored in the appliance. They record the expiry date of the products and the user consumption. Some models also send messages to the smartphone when the fridge door is open or the ice cream is running low. Refrigerator displays show calendars or offer options to leave notes or look up recipes. Watching TV and playing music are also within the scope of what is possible with a smart fridge. Smart lights or locks, on the other hand, can be controlled via WiFi so that users can save electricity or no longer need a key to open a door.
Manufacturers can use internet-connected sensors to collect data about their other factory equipment and monitor assembly lines for potential problems. IoT sensors can help make operations more transparent and optimise planning for maintenance and logistics by monitoring the various machines and equipment and the consumption of certain resources.
With the goal of eventually developing self-driving vehicles, cars and trucks are increasingly being equipped with various IoT functions. Many car manufacturers entering the market would like to be among the first to produce self-driving cars. But even if the road ahead still seems long, many practical IoT solutions for cars can already be found today: Trucks, for example, are equipped with weight measurement, location tracking and other sensors. Fleet operators can also collect data from their vehicle fleet, process it better with the help of various analysis functions and monitor it.
Networked vehicles, on the other hand, enable fast data transmission and improve driver reaction time. The data exchanged between vehicles is mainly information on location and speed, which contributes to accident prevention and smooth traffic flow.
Sensors can also be embedded within various vehicle components to study performance and prevent sudden failures. They send alerts to the vehicle owner's smartphone long before a serious problem even occurs. Although fully autonomous vehicles are still a long way off, current Internet of Things technology and semi-autonomous vehicles use proximity sensors and cameras to help drivers drive, brake, park and change lanes. These vehicles collect and share a lot of data about their environments in the cloud for these purposes. Within seconds, the system can analyse this data and act or send commands to the vehicle controller accordingly.
Both homeowners and businesses are increasingly investing in internet-enabled cameras that can be operated remotely. The recordings are not stored locally, but at another secure location. Some of these cameras can even detect intruders with weapons and send an alert if this happens.
IoT is also helping to transform the healthcare and fitness industries. Smart-watches monitor their owners' heart rate and sleep quality. Hospital devices collect and analyse important patient health data. The data collected can in turn be used to track progress towards health and fitness goals or to alert healthcare providers in the event of an emergency.
To provide the best possible user experience, hotels can, for example, send electronic keys directly to guests' smartphones that can be used to open hotel doors. This can reduce check-in and check-out times and automate other interactions such as ordering room and cleaning services.
Lower and more efficient energy consumption is an important aspect of minimising the human ecological footprint. Smart electricity meters with integrated sensors and IoT functions can monitor and control electricity consumption more effectively. The data flow can be used to create forecasting models that show trends, e.g. peak consumption times. The optimisation of maintenance and repairs is made possible by the faster detection of faults. Individual households, on the other hand, receive more precise information about their individual consumption behaviour, so that they can make energy-saving decisions for the future.
Similar to energy supply, water meters connected to the internet help to collect, process and analyse consumer data. This data can be used to better understand consumer behaviour, identify errors in supply, forward results to the water supplier and offer improvement measures. Individual households can track their own consumption and even be warned if it deviates from average consumption.
Sensors are already being used to measure soil properties such as moisture, temperature, acidity or nutrient availability. Farmers can thus determine which crops to grow in which areas and how best to use and prepare the soil for cultivation. Information on weather and climate conditions can also be obtained and used in this way.
The combination of automation and machine learning helps companies stay competitive in this highly competitive sector. IoT solutions reduce operating costs and increase efficiency and productivity. Users benefit from real-time monitoring of production facilities and inventory management systems. Even employees and human resource management can use wearables and augmented reality to increase their productivity.
Author: Uwe Sievers
