New Scottish Cybersecurity Project to Tackle IoT Security
Industry and academia to collaborate to create an easier way of testing IoT device and network cyber resilience.
Internet-connected devices are on the rise, homes are becoming filled with these IoT devices (Internet of Things). From talking dolls to health devices such as pacemakers, IoT items are increasingly embedded in everyday life. While many may not consider the potential security risk of , seemingly innocuous, IoT items such as toys, speakers or fridges, there is growing concern amongst cybersecurity experts, both in industry and academia, that more needs to be done to enhance IoT cybersecurity .
The cause of this concern is how easily many of these devices can be hacked and used to access and exploit people’s private data. A key strategy for improving IoT cybersecurity is for manufacturers to build more robust security into the design of these items so that they come to the market without security gaps.
Industry to Partner with Academia to Meet the Challenge
Supported by the Innovation Centre for Sensor and Imaging Systems (CENSIS), the project is a joint venture between cybersecurity experts at Edinburgh Napier University and Keysight Technologies. Edinburgh Napier University Professor, Bill Buchanan OBE, who is lead academic on the project explained: “The biggest thing holding back the development of the Internet of Things is security – specifically, concerns about the vulnerabilities of devices, the ease of hacking them, and the consequences of such hacks.
“In healthcare, for example, IoT could transform the way we monitor people’s health and manage conditions like asthma. But security concerns are holding back wider adoption of smart devices. Only if we can improve confidence in IoT security can we realise the potential of smart technology.”
Data Analytics Key to Better IoT Cybersecurity
Using data analytics, the team will work to identify IoT vulnerabilities and focus on ‘side channels’ – the tell-tale electromagnetic, power and acoustic signals that hackers can eavesdrop on, and use to crack encryption codes on the device. This data can then be used to put together a test framework that manufacturers and designers could use to evaluate the vulnerabilities of different devices.
The 12-month project will focus on securing consumer goods and embedded devices used in smart infrastructure and smart cities. The results of this project have the potential to be translated into identifiable security standards for IoT devices.
Dr Stephen Milne of CENSIS said: “Strong cybersecurity is a prerequisite for the successful integration of sensor and imaging systems and IoT technology. So CENSIS is supporting IoT security by design – whereby engineers and manufacturers build gold-standard IoT security into devices from the outset. By developing a reference model for IoT cybersecurity testing, this project could help to strengthen the security armoury of every connected device, whether it’s a consumer or business device or part of the national infrastructure. It could also help to put Scotland at the forefront of IoT cybersecurity testing.”