Skip to main content Click to view our Accessibility Statement or contact us with accessibility-related questions.
Wireless security camera

5 Reasons Why IoT Security Is Difficult

IoT security, no longer an afterthought

The Internet of Things (IoT) -- smartphones, multifunction printers, connected homes, self-driving cars and more – is everywhere. That’s the good news. The bad news: Hackers and cyber thieves know how to attack these devices in order to access your data or industrial control systems.

What’s worse, legions of IoT sensors, actuators, controllers and computing devices are connected to much of the world’s critical infrastructure. Most of these devices were designed long before hackers and electronic intrusions entered our consciousness. This means that smart power grids, nuclear power plants, military command centers, smart city installations and transportation systems – to name a few – present rich targets for hackers and other bad actors.

For this reason, designers, operators, vendors and users of today’s IoT systems no longer have luxury of prioritizing flexibility and interoperability in their IoT designs. Now, IoT security and privacy must be top of mind.

Researchers at PARC, a Xerox company, have noticed this. As a result, one of PARC’s missions is to develop innovative security solutions that prevent attacks on your cyber-physical device fleets that are part of the broader IoT world.

PARC researchers Ersin Uzun and Shantanu Rane define the problem:

Industrial controls: Originally restricted to their physical environment, these devices are now connected to computer networks. A device can become a gateway to your network if an attacker either presents the right credentials, or finds a way to bypass the credentials altogether.

A rich surface of attack: Advances in computation and connectivity have spawned solutions that automate, improve and simplify key tasks such as gathering sensor readings on a production line, implementing smart supply chains that verify the freshness of a food shipment, programming precise cuts and shapes that CNC machines execute on a block of metal. They have also, unfortunately, exposed a rich attack surface that can be exploited by hackers.

Security-by-design is difficult: This is because the system designer must understand the potential attacker, and the myriad creative ways in which he or she can compromise a particular system.

Complex solutions: Cybersecurity solutions can be far too complex for the low-power, inexpensive sensors that some industrial and enterprise applications need. It is necessary to develop security solutions that operate across a vast range of device capabilities.

Resilience: An IoT system can be compromised in one of two ways: Infect a component that interacts with other components; or compromise the device by spoofing a reading or changing a critical factor in the device’s external environment such as the temperature of the room where it resides. Crucially, we cannot depend on cryptographic solutions to address every possible attack.

Where do we go from here?

Moving beyond classical cryptographic approaches, security solutions must embrace the use of mathematical models to understand the behavior of the system that they protect. A deviation from the model implies that an attack might be imminent or underway. At this point, human operators can work to isolate the attack. For instance, affected components can be disconnected from the network, or a set of compromised keys can be revoked.

Traditional cybersecurity is a necessary starting point, it’s not adequate to secure IoT systems. This is one of the reasons why PARC focuses its research in security solutions on three agendas:

  1. Secure-by-design communications platform for IoT systems.

  2. Secure interactions between humans and cyber-physical systems.

  3. Security based on hybrid modeling of cyber-physical systems.

Security is critical to every business. Secure, resilient and adaptive IoT systems require good partnerships. Talk to us about how we can help you protect your valuable business information.

Learn More

Xerox Innovation

See how some of the brightest minds on the planet gather at our worldwide research centers to improve the future of work.

City skyline at night, reflected on water

Security Solutions for Documents and Printing

Security is critical to every business, and we take it seriously at Xerox.

Woman in system control center using a tablet

Rethinking the Security of IoT Systems

Uzun and Rane take an in-depth look at securing industrial control systems against cyberattacks.

Woman standing, writing at a table, overlaid with a padlock icon

Product and Data Security Solutions at Xerox

The most security-minded businesses and governments choose Xerox.

Two employees in a room of servers, looking at a laptop

Xerox Connect reports on security

Articles and thought leadership on the partnerships that prevent cyberattacks and information security.

Related Articles