A number of security companies have been working on a new international standard IoT security recommendation, to examine threats and issues for security systems, and enable safe execution of internet of things cyber -physical systems with security capabilities.
The Recommendation ITU-T Y.4806 “Security capabilities supporting safety of the Internet of Things”, was developed in January 2018, with the collaboration of Study Group 20 “Internet of things (IoT) and smart cities and communities”.
The leading cybersecurity and antivirus provider, Kaspersky Lab, was a key contributor to the group, along with ITU’s Telecommunication Standardization Sector (ITU-T).
The Kaspersky Lab ICS CERT experts teamed up with ITU-T to determine the security capabilities that can support safe execution of IoT. The Recommendation ITU-T Y.4806 is applicable for protecting IoT systems where safety should be utmost, including industrial automation, automotive systems, transportation, smart cities, as well as wearable and standalone medical devices.
The ICS CERT experts from Kaspersky Lab revealed that insufficient protection of embedded web apps, and self-made poorly implemented cryptography are the most common cyber-physical system vulnerabilities. The other common vulnerabilities included built-in credentials stored in firmware, execution of arbitrary code, and escalation of privileges.
“Our aim was not only to plant the flag on the idea of high probability of IoT security breach attacks, but also to determine the methodology for developing specific requirements,” said Andrey Doukhvalov, head of future technologies, Kaspersky Lab. “We believe that our contribution to ITU-T’s IoT security standard (Recommendation ITU-T Y.4806) will help organizations develop more efficient cybersecurity strategies to guard themselves from today’s modern cyberthreats.”
The Kaspersky ICS CERT experts suggested implementation of reliable and attack-resistant communication infrastructure and monitoring mechanisms for management of industrial control systems. The application of attack detection mechanisms for unintentional and denial of service attacks can also address the vulnerabilities and other IoT security challenges.
The complete advice for IoT critical infrastructures protection can be found in Recommendation ITU-T Y.4806.