Remote - M2M Special Issue 2013 - (Page 4)

Feature Article Towards Right-Sizing Security for M2M Solutions: A Practical Approach Jon Howes, Beecham Research Security for M2M solutions is a current focus for Beecham Research, with a report that identifies a new balance and new opportunities emerging in the market. This paper discusses the issues and approaches to security in M2M that are making a real difference. over, connected objects communicate at a far faster rate than humans, and any adverse effects can arise independently, resulting in damage before it can be mitigated. M2M Solution Security a High Priority Many past and current M2M solution developments have provided both connectivity and security through the use of the secure capabilities of the SIM cards within embedded cellular modules, and at the other end of the M2M solution through the security in the cellular wireless network. In fact, the module plus the SIM has been rightly seen to provide sufficient security for the demands of those systems and their perceived threats. An M2M solution chain is complex with multiple suppliers, technologies and communications, and will likely grow in complexity. As M2M solutions have become more widespread and more critical, more areas are identified where security needs to be added. For example, some connected devices’ embedded systems developers have identified a need for encryption and decryption of varying strengths from sensors; here, the first approach, which can be sufficient for many M2M solutions, is to integrate off the shelf chips that provide encryption and decryption. As pressures on the level of required security increase, many have recognised that the protection of secured communication subsystems does not extend to all parts of the remainder of the supply chain. M2M solutions are increasingly incorporating Elements of Security at different points in the supply chain. These may involve hardware, operating systems, embedded security and the application layer and other parts, and are being independently developed by several different supply chain players for a variety of needs. A recent survey conducted by Beecham Research of leading M2M solution providers in North America, Europe and AsiaPac found that ensuring end to end security was their highest priority for current M2M projects. This is indicative of the growing requirement. Figure 1. Beecham Research Survey of leading M2M providers Reports of data loss and corruption, access intrusion and distributed denials of service are growing at an alarming rate. For example for Industrial Control Systems, in 2011, the year after the discovery of Stuxnet, more than five times as many vulnerabilities were reported compared to the previous five years. These discoveries of new vulnerabilities doubled again in 2012. These and other documented examples of security breaches illustrate the potential for harm. For this reason, security solutions for all manner of IT projects including those in M2M are gaining in importance. M2M systems comprise a complex chain of connected systems and devices; hence the M2M community is right to be concerned about their increasing targeting by attackers, particularly via the Internet. For this reason, end to end M2M security has shot up the priority list. Whilst there has been an aversion in the market to discuss security issues openly, and the threat of hacking M2M-based operations is relatively low at present, this state of affairs is unlikely to continue. A major attack could have a significant impact on M2M market development and public trust. However, the meaning of a system’s security and requirements are not fully understood. Despite much talk about ‘end to end’ security, the ‘ends’ are not always clearly defined. Security is too broad and eclectic a concept to define, and its definition and implementation depend on its value to the solution. As security solutions are defined by the perceived threat or threats of the system in question, the meaning and requirements for security are different in different M2M vertical market segments. In business critical applications/operations, data security and the physical integrity of remote devices tend to be paramount. Hence any failure that prevents delivery of the service is a threat. By contrast, in consumer applications such as telehealth and smart metering for example, the security of personal information is already becoming an issue of greater concern. New risks arise when devices are inextricably linked in an M2M delivery chain; for example, a persistent identifier could link the data back to the device from which it was collected or back to an individual. More 4 Evolving ‘Elements of Security’ Killing the M2M Patient? Assuring end to end M2M security will likely involve more than one specialist vendor in these Elements of Security. The challenge is for the multiple elements provided by these vendors to be dynamically linked together to form an end to end chain, in order to mitigate a specific threat. Identifying the nature of that threat will be key, and will necessitate input from sector specific experts. We should not forget the role of the customer and end user; suppliers of technology may provide design expertise, but customers and ultimately end users must understand their business and the business implications of these design choices. Figure 2. Diagrammatic Representation of the M2M solution supply chain, with participants and suppliers, including those providing ‘Elements of Security’

Table of Contents for the Digital Edition of Remote - M2M Special Issue 2013

Towards Right-Sizing Security for M2M Solutions: A Practical Approach
Intelligent Power Distribution for M2M Communications
Optimizing Remote Monitoring in the Cloud
Exponential M2M Market Growth Calls for Innovative RF and Antenna Solutions
Benefits of Using Wireless Networks to Automate FAA-Mandated Obstruction Light Monitoring Requirements
Energy Management Systems For Green Buildings
M2M Products and Services
Industry News

Remote - M2M Special Issue 2013