“If somebody compromises an office building climate system to change the temperature, that is inconvenient. If someone increases temperatures in a hospital, that could kill people.”
Thomas Mosel, Principle Product and Solution Security Officer for smart infrastructure at Siemens, says that the risk that compromised Internet of Things (IoT) devices pose depends on the type of product and how it is used. That risk is one of the first security considerations when designing an IoT device.
“It’s important to consider the infrastructure. If you talk about access control systems for buildings or digital grid products, you must think about security,” he says. “If somebody compromises an office building climate system to change the temperature, that is inconvenient. If someone increases temperatures in a hospital, that could kill people.”
Mosel suggests four pillars of IoT security that span the entire device life cycle:
Develop secure products. Developing secure products means ensuring product designs conform to standard practices for unique identity, secure credentials and access controls, and secure communications. “Follow standards for architecture and design as well as secure coding. Conduct threat assessments and penetration testing. Plan for data protection from the very beginning,”
Mosel says. “Also, make sure that the components in your products are registered for vulnerability monitoring. That way, if you become aware of vulnerabilities, you can inform your customers.”