The global network of connected devices, the Internet of Things (IoT), is everywhere. As technology evolves, so does the number of devices connected to the cloud. The FOW community predicts that there will be between 26 and 212 billion devices connected to the Internet by 2020. From car navigation to your new refrigerator, retail outlets and your building’s climate control, these integrated systems, while sophisticated , are frequently attacked by hackers. , to harm you, steal your data, use your devices as a gateway to their network, or other misdeeds. As technologies evolve, so do the methods of breaching these embedded systems.

The ability to transfer data over a cloud-based network has changed the way we do business. While IoT can be scalable and flexible, using the cloud to share data is becoming more risky as hackers look for opportunities to wreak havoc. The growing vulnerabilities of data transmission through cloud-based infrastructures are causing great concern to designers, programmers, and security experts as they struggle to keep these interconnected systems secure.

Threat modeling: first step in breach prevention

You’ve probably come across a fictional FBI agent who is challenged to “think like” the serial killer they’re tracking. The same applies to IT infrastructure and security experts. To discover where the next data vulnerability might occur, you need to think like your adversary, perform threat modeling exercises where you try to imagine and simulate how an outside opportunist might exploit your devices. Consider these common targets of hackers:

• take over – Chrysler had to plug a security hole that hackers could use to take control of its vehicles, while they were on the move.
• Destroy the device or its data. – Whether data or goods, this is a serious infringement.
• Denial of Service (DOS) – Floods your system, creating a bottleneck of functionality.
• Falsify or steal data – An important function of IoT devices is to capture data from smart sensors; adversaries may want that data, or they may want to falsify sensor reports to cover up other things they’re doing.
• indirect attack – Hackers take advantage of one type of device to infiltrate another part of your network.

These are all typical threats to consider when planning strategies to improve network security.

Augmentation and development of security for integrated networks

The concept of networked things is a relatively new idea, but many of the things themselves have been around for a while and may be based on outdated embedded operating software. Just adding connectivity to those things without making them more robust and secure is a problem. Allowing engineers the resources they need to develop secure code will add security to your new product. To learn more about the tools and techniques that help in that process, we recommend that you start with the Department of Homeland Security’s Build Security In website. You’ll learn how developers can use tools to identify vulnerabilities as code is being written, rather than fixing problems after the fact.

The security testing protocols you should apply to the IoT include:

• Application Defense — The best defense is also a great offense; ensure you have security protocols in place at all steps of the development phase, including the use of third-party embed code.
• Device Defense — The basics include password protection, protocols, and patches. Where practical, including two-factor authorization for the end user is a very strong defense.
• Dynamic Application Security Testing (DAST) — DAST tests for weaknesses when the application is live, attempting “friendly hacking” through automation during development.
• Network Defense — Monitors for external threats through intrusion detection system (IDS) software.
• Shared Threat Intelligence — Sharing threats as they arise through the Information Technology Information Sharing and Analysis Center (IT-ISAC) helps IT professionals stay informed.
• User problems — Educating end users about their cyber security responsibilities is critical to the success of your network.

Designing for IoT is a new frontier for the typical application developer. Preventing malicious attacks on the network is one of our biggest challenges. Following these protocols will create a culture of security from design to implementation and significantly reduce risk.