Cybersecurity and the Internet of Things

Volkmar Lotz

SAP

Volkmar Lotz is Senior Manager and Chief Research Strategist at SAP. He has more than 25 years’ experience in industrial research on Security and Software Engineering. He is Strategy Lead for Product Security Research, specializing on Security Risk Management, Software Security, Threat Analysis, and IoT security. He defines and executes SAP's security research agenda in alignment with SAP's business strategy and global research trends.

Mr. Lotz has published numerous scientific papers in his area of interest and is regularly serving on Program Committees of internationally renowned conferences. He has supervised various European projects, including large-scale integrated projects. Volkmar holds a diploma in Computer Science from the University of Kaiserslautern.

Part of AGI’s new report “Defending Democracy in the Cybersphere,” Volkmar Lotz calls for government and industry cooperation to address the growing challenges in a digitally-connected world.

We are currently facing an accelerated digital transformation. More and more critical transactions are processed online, and a tremendous amount of core data is available in digital form. Accordingly, trust in digital applications, the underlying infrastructure, and the partners who supply it, is becoming a focus in our society.

While trust in technical systems rapidly becomes more important, the risk posture when using these systems is also transforming. Generally, the threat landscape is not static. With the digital transformation moving to a new dimension, we must recognize new threats are emerging very dynamically. Just looking at the known cyber risks would not adequately address the issues involved in a fast-evolving environment.

What our society needs now is a holistic and strategic approach to sustainably handle the management of risk in a rapidly changing digital world.

What our society needs now is a holistic and strategic approach to sustainably handle the management of risk in a rapidly changing digital world.  The growing complexity of IT systems demands that stakeholders in government and the private sector on both sides of the Atlantic work together more closely across national divides on cyber security. Neither governments nor industry can achieve IT security on their own—collaboration is mission critical. The only way to secure cyberspace is for everyone to work together—all stakeholders from all sectors and across borders. This applies especially to the Internet of Things (IoT) as IoT-enabled objects have the capability to communicate, store data, process data, exchange data, make decisions, and execute such decisions.

The IoT offers previously unseen opportunities for businesses and society to improve people’s lives, ranging from the personal comfort of intelligent appliances and home automation to safer, more efficient and environmentally friendly operation of critical infrastructures. These can include areas such as manufacturing, energy distribution, and transportation.

At the same time, the IoT amplifies the needs and challenges for security, both in terms of its technology setup as well as its risk posture. Typical characteristics of IoT solutions (including the scale of billions of connected devices) relate to: heterogeneity as it pertains to technology, ownership, and control; risk exposure including physical access, cloud services, and actuators; the expected lifetime of several years for physically distributed devices like sensors; and the limited capabilities of some components in terms of computing power or battery lifetime introduce stronger requirements on security assurance and interoperability of security features. At the same time, new data-intense applications will have to meet advanced security and privacy requirements. The need for security innovation and research is particularly high in this domain, as is the demand for standardization and security certification.

To understand the specific challenge, it is worth looking at an IoT system in more detail. Take, for example, an autonomous manufacturing cell connected to an enterprise backend system, a predictive maintenance solution for the water distribution system of a big city, a connected car, a healthcare monitoring system, or digitized elections using electronic voting devices. Such a system comprises a multitude of hardware and software components and services including legacy systems. It connects different platforms and applications provided by different vendors, using different technologies. This includes entities like:

  • Devices (sensors, actuators, processors, FPGAs, boards, car key fobs, etc.) with low capability and restricted functionality, but also includes rich devices with limited user access and control (e.g., smart TVs or connected printers).
  • Edge components, typically connected to multiple devices in a dedicated local environment (e.g., a factory) and the backend, running applications / services on their own.
  • Communication links, often restricted in terms of bandwidth, message size, or number of messages.
  • Platforms, ranging from device management platforms to cloud platforms providing connectivity to IoT entities and value-added services.
  • Applications and services providing the actual business functionality (e.g., predictive maintenance). Such applications and services can run on edge devices, platforms, or stand alone.

All these entities need to complement each other to ensure the security and privacy of the IoT system. While in all introduced scenarios similar devices and software components like a temperature sensor or a data analytics service might be used, the associated risk and the desired properties differ, ranging from privacy protection to system safety. Debating the security of IoT only makes sense if the technological and business context as well as the individual risks are considered. New standards to ensure the interoperability of the components of an IoT system need to be defined.

For a buyer/user of such an IoT system, the overall security of the system matters, taking the business context and the operational environment into account. Any certification scheme that aims at increasing trust in the security of an IoT system or service must therefore allow conclusions to be made about the security of systems and services based on their components, down to the device level, taking the different security contributions of the respective entities into account. This means that a certificate should not only contain statements about security properties provided, but also explicate the assumptions made. This not only supports transparency for the buyer/user of the IoT system, but also helps the system provider to choose and use third party components securely for the application context at hand, without compromising system-level security.

A security certification scheme targeting devices can only be an element in a framework for IoT certification, and its value for the security assessment of an IoT solution is limited. A simple label does not meet the needs of the consumers or the system and service providers, since it cannot reflect the individual context, risk exposure, and security requirements.

Since security for IoT on a system level is hard to achieve and to analyze because it requires significant investments and expertise, additional research in the area is valuable. The focus there should be on economic feasibility and addressing topics including assurance methodologies and their automation, a design and engineering discipline for secure IoT solutions, reference architectures, and resilience mechanisms.

Because the future will continue to bring new challenges, government and industry must develop new ways of thinking and acting.

Because the future will continue to bring new challenges, government and industry must develop new ways of thinking and acting. In cyberspace, vulnerability can come from and be exploited from anywhere. Security issues do not stop at national or regional borders. As a global company, SAP needs to emphasize the importance of the global dimension of the IoT and related standards and certification schemes. Securing cyberspace is a global issue and requires global solutions. The development of common standards for risk management and security measures at the international level is crucial.

The transatlantic collaboration between the European Union and the United States plays an important role in this regard as a global convener and facilitator for different stakeholders to come together to discuss, identify, and implement solutions toward building a universally available, open, secure, and trustworthy Internet. Only by doing that can we build trust in our counterparts to share, cooperate, and better face the constant threats in cyberspace together.

The views expressed are those of the author(s) alone. They do not necessarily reflect the views of the American-German Institute.