Subscribe
  • Home
  • /
  • IOT
  • /
  • Kaspersky, ITU-T strengthen IOT security

Kaspersky, ITU-T strengthen IOT security

Staff Writer
By Staff Writer, ITWeb
Johannesburg, 16 Feb 2018
Kaspersky, ITU-T strengthen IOT security.
Kaspersky, ITU-T strengthen IOT security.

A new international standard on 'security capabilities supporting safety of the Internet of things' has officially come into play.

The standard, 'Recommendation ITU-T Y.4806' classifies security issues for IOT, examines possible threats for security systems, and clears out the safe execution of IOT cyber-physical systems supported by security capabilities.

Kaspersky Lab, a member of Study Group 20, was one of the key contributors to the development of the recommendation. Its researchers have illustrated that non-computing connected devices' incidents are among the top three incidents with the most severe financial impact, for both SMEs and enterprises alike.

Functional safety

In addition, in the wake of the recent TRITON attack, that targeted industrial control systems, it became obvious that attacks on cyber-physical systems can affect not only the information aspects, but also functional safety, the company says.

Andrey Doukhvalov, head of Future Techs at Kaspersky Lab, says the company's aim was not only to plant the flag on the idea of high probability of security breach attacks, but also to determine the methodology for developing specific requirements. "We believe that our contribution to the IOT security standard, will help organisations develop more efficient cyber security strategies to fully face up to modern cyber threats."

The new recommendation is mostly applicable to safety-critical IOT systems, such as industrial automation, automotive systems, transportation, smart cities, and wearable and standalone medical devices.

Common vulnerabilities

According to Kaspersky experts, the most common cyber-physical system vulnerabilities include insufficient protection of embedded Web servers; self-made poorly implemented cryptography; built-in credentials, which are stored in firmware of programmable logic controller and allow remote hidden access with high privileges; execution of arbitrary code and escalation of privileges.

To counter these and other IOT security challenges, recommendations developed by Kaspersky Lab ICS CERT experts describe how to proceed from consideration of the types of impact on the cyber-physical system, to the analysis and modelling of threats to functional safety, and then to the development of recommendations on security measures, illustrating the described method with concrete examples.

The full method and list of advice for the protection of IOT critical infrastructures can be found in Recommendation ITU-T Y.4806.

Share