The proliferation of IoT (Internet of Things) devices presents a massive opportunity for telecom providers.
Companies like Vodafone have already dived into the consumer-facing side of the technology with the launch of bundles that charge customers for the number of connected devices they integrate into their data plan.
Then there’s the opportunity to deploy IoT sensors that help with equipment monitoring (e.g., performance tracking of devices installed in workplaces like network towers, workstations, factories, and warehouses).
Additionally, the implementation of 5G to support IoT has the foundation to make telecom networks more decentralized and developed on small-cell infrastructure. Simply put, the adoption of IoT has wide-ranging benefits for the telecom industry.
However, there’s a dark side to IoT that TEM and service providers must address before they integrate it into their systems.
One of the biggest concerns is making sure the embedded networks, data, and devices are secure. If a savvy hacker were to break into one of the network towers, before you know it, your telecom infrastructure and sensitive data could become common knowledge. Also, because telecom systems support the transmission of emergency response communications as well as business transactions, the consequences of a security breach can be dire.
What can telecom companies do to improve the security of their IoT implementations? Several things – including adopting a robust UEM and few techniques that might not be expected by cybercriminals.
1. Review Your IoT Inventory
Your first step should be to look for devices that shouldn’t be present on your network but are. Perhaps they belong to a vendor or partner and somehow got connected to the network. Such devices could become gateways for network hacks and should be removed. Also, be sure to look at what sort of data is being transmitted and stored by a device (and what sort of havoc it can potentially cause). This should help you decide which ones to remove first if there are many of them. You may also want to consider a network access solution like CISCO ISE when looking for ways to safeguard your company’s network.
2. Invest in An Intrusion Prevention System
While an IPS won’t detect all types of malicious traffic on the network, it should be able to pick up on most attacks against embedded devices when an Intrusion Prevention System is in place. Telecoms can choose from the many non-commercial and commercial variants available. It’s also a good idea to update your signatures to be able to identify attack patterns once the system is in place, as many IPS solutions pick up transmissions to known threat areas. If it detects an internal system transmitting communications outbound to a known location, this is a red flag that the system has been breached. Where IoT attacks are concerned, having a great IPS system is an effective way to detect (and hopefully stop) an ongoing hack.
3. Implement Cryptographic Network Protocols
Using cryptographic network protocols can help with the identification of unauthorized modifications, which is crucial when you’re looking to protect the integrity of your data. Telecoms should aim to employ standard and open cryptographic protocols that can be continuously and publicly vetted by the security community. However, you cannot replace cryptographic protocols for securing data in transit by encryption or one-hash functions. That’s because cryptographic functions take contextual details into account before implementing data transportation controls, such as receipt authentication and secure cryptographic key exchange.
4. Keep Your Firmware Up to Date
Security patches and firmware updates help secure the IoT ecosystem as well as reduce the risk of a data breach. That’s because vendors regularly fix vulnerabilities as they emerge. For users, it should be possible to access updates of the operating system, specialized logic, or firmware on mobile and stationary IoT devices. Consider setting a specific schedule to download updates every few months or automate the process where possible. For some IoT apps, you may need to access the security settings or the application runtime mode of the apps themselves.
5. Be Wary of UPnP
UPnP or Universal Plug and Play is primarily used for convenience. Unfortunately, it can make cameras, routers, printers, and other IoT devices vulnerable to DDoS and other cyberattacks. While the implementation helps the devices discover each other automatically without configuration, it raises the risk that hackers can potentially find them beyond a telecom’s local network because of the flaws in the UPnP protocol. In many cases, the best solution is to switch off UPnP altogether.
6. Ensure Your IoT Devices Have a Unique Identity
IoT spoofing represents a big risk for the telecom industry. Over the years, there has been an exponential rise in forgers and counterfeiters looking to spoof the inbound and outbound communications between embedded devices and their servers. This makes it critical that telecoms and their IT teams validate the identity of a device that they’re exchanging information with and ensure that the device is safe for information sharing. If the devices do not have a unique identity, they can be hacked or spoofed from the transport layer to the microcontroller level.
7. Follow IoT Regulations
Doing this can force suppliers and manufacturers to take security seriously. IoT regulations can also provide transparency to end-users, provided that adequate legal framework is in place to hold the vendors accountable. There should be adequate consideration for General Data Protection regulations and other similar rules. The GDPR, for instance, demands the reporting of personal data breaches to the supervisory authorities within 72 hours after becoming aware of the breach. Data controllers behind IoT implementations should ensure that they are equipped with the resources to determine and react to IoT attacks in a manner that complies with the regulations in place.
In addition to taking these steps, you can consider giving IoT devices a network of their own. Several WiFi routers today accommodate guest networking so that external users can access your WiFi without being privy to networked devices or shared information. This type of security can also work well for embedded devices that are vulnerable to a security breach.
We’d love to chat about how brightfin can support your UEM implementation.