Security updates for the Internet of Things (part 2)
Part two of two - part one is available here.
The Internet of Things are:
- Resource constrained
- These devices are beyond the “safety” of the corporate firewall
- Manually repairing a “bricked” device is prohibitively expensive
- May be responsible for human safety, such as medical devices or connected cars
Given these constraints, having a robust process for security patching is critical to the protection of your devices. Vulnerability assessment is key to understanding which security patches are applicable to which devices, as well as understanding their prioritization and criticality. A continuous process for testing is another key pillar: the integrity of an update must be verified, and patches must be thoroughly vetted in a test environment to avoid bricking an entire business with a bad patch. Automated patch rollouts must be mandatory and networks should be designed to fail before allowing insecure systems to remain unpatched.
Building this intelligence into IoT from the beginning will avoid situations where companies forget to patch systems and systems are compromised due to inaction. One example of this happened to a large U.S. Government agency with a budget allocation of $27B. In July of 2013, a patch for a known vulnerability was rolled out to a test environment but never rolled out to production. This patch would have successfully prevented a breach which exposed the private information of over 100,000 individuals.
An appropriate end-to-end security patch testing process is ultimately directed by the device criticality, availability requirements, and resources. The initial phase of field rollout can be considered the end phase of the testing process and must absolutely be done in a phased manner to minimize any “bricked” devices. In other words, “testing in production” has an entirely new meaning when your production infrastructure is comprised of millions of connected devices running a real business. Test your patches and plan your rollouts in a controlled, phased manner that preserves your ability to control and mitigate risks.
Change management is another key consideration -- and the hard questions must be asked: What happens if something goes wrong? What are the recovery plans? Are rollbacks possible? Understanding contingencies with systems like IoT that intersect with the physical world is a real challenge. When lives are on the line, your rollout plans are, literally, a matter of life and death, and the decisions you made with regard to security are just as important.
Deploying the Internet of Things in a security-sensitive scenario forces an organization to answer these difficult questions, and the gravity of systems represented by IoT call for additional processes and governance. Being customer-focused, creating great products, and delighting customers with new capabilities and features can bring about a great sense of accomplishment. With websites it’s easy to wave off concerns about security and reliability with an alpha version or a failwhale. With the systems we’re focused on for IoT, trust and security cannot be left to a later version.
If you are developing IoT-based systems today, it is important to invest in a robust security updates/patching process. The trust customers have placed in you and the protection of their data needs to top your priority list. Otherwise, you are putting a lot more at risk than someone’s data.