Blog March 18, 2021 Taking IoT Security Seriously , Tele2 IoT

Taking IoT Security Seriously

After the cyberattack on a water treatment facility in Florida, it’s clear we need to talk more about security. It may not be the most engaging topic – at least not yet – but it’s one of the most important oness when it comes to your IoT solution.

So, what happened in Florida? This is what happened in Florida: a hacker was able to access the backend solution of the water treatment plant, where different chemical levels and other measurements are registered. The hacker was able to change these levels manually, which in turn triggered the water supply to citizens to be terminated. Yes, a water outage was caused by a hacker – this is the modern world we live in where everything is becoming connected.

Here is where the challenge no one thinks of comes in: as more and more things become connected, doing away with no physical visits to the site while ‘bringing home’ the data at any time, the world is exposing itself to threats on a daily basis by not engaging enough in the security question.

I usually say that IoT can be simplified and divided into three things: devices, connectivity, and backend – that’s about it. So, let’s have a look on what could happen if a hacker would come through any of these.

Nicklas Löthén Head of Professional Services Tele2 IoT

Devices

Something that has been done previously is that hackers break into devices and create a larger and more anonymous way of paving the way for DDOS attacks. But hackers are getting more creative.  Instead of just recreating what they successfully did the last time, I believe next up could be that the content of the data being generated by devices will be manipulated after transmission to the backend, which will in turn lead to indirect damages, such as those we saw in Florida.

Connectivity

An obvious, but enormous risk if the connectivity provider becomes hacked. Whether it’s DDOS or anything else, the effects of it will be astronomical, leading to downtime for ALL IoT devices out there. 

Backend

We saw the Florida case, we learned from the Florida case, but… what is up next, I wonder? Could it lead to other indirect effects like threating staff, or putting the citizens in severe danger? At Tele2 IoT, we work hard with the added security layer and that’s something that I feel very proud of.

The latest addition to our product portfolio, Private Interconnect, is not only a very simplified way to get high throughput, low latency, and a stable connection, it is also highly secure. Through this, and by not using the public Internet as a bearer, you cut yourself away from a lot of risks that the Internet has to “offer”. And on top of that, we add some extra security on the IP layer as well, just in case. 

Just as I finished this last sentence, I realized that I am so bumped up about this new solution we have, so let’s not forget the way we work at Tele2 IoT: It’s not really about the products or services, but more about the way you approach it and for us to be a reliable partner to work with.

I believe it all comes down to finding the best solution that fits your needs. For example, the other week I was in a call with a customer where it became obvious that even though they are working with data that is supposed to be transported… it wasn’t in any need of high throughput, low latency and – listen to this – not even that important to have a constant connection. Their devices were able to buffer up to 72 hours and didn’t have to transmit the data immediately. A couple of retries the same day or transmitting the data the next day would be fine. So, the requested service was a simplified one in the end.

There are plenty of other examples: take the most common IoT communication protocol MQTT (Message Queuing Telemetry Transport). When it was fairly new, I learned that this was an easily hacked protocol. Over the years, though, it has developed, and now it’s not that easily hacked. So, transitions like this, from a non-secure protocol into an encrypted protocol might be exactly what is needed to approach the security question. This subject is just growing and growing, and I am sure it will come higher in the pecking order for the agendas as we move along.

So, you remember the three things I said was IoT (in a simplified fashion)? Device – Connectivity – Backend. If you are not thinking thoroughly on how you set up your access services between these, you will be exposing your deployment, your service, your customers, and your staff to danger. My advice will always be to go for a Private APN, a Private VPN/Private Interconnect. Keep it safe. Keep it secure.

The team at Tele2 IoT loves to discuss and help out to getting the best solutions in place – we’re ready! So, bring it on and get in touch with us!