Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Practical Internet of Things Security

You're reading from   Practical Internet of Things Security Design a security framework for an Internet connected ecosystem

Arrow left icon
Product type Paperback
Published in Nov 2018
Publisher
ISBN-13 9781788625821
Length 382 pages
Edition 2nd Edition
Tools
Concepts
Arrow right icon
Authors (2):
Arrow left icon
Brian Russell Brian Russell
Author Profile Icon Brian Russell
Brian Russell
Drew Van Duren Drew Van Duren
Author Profile Icon Drew Van Duren
Drew Van Duren
Arrow right icon
View More author details
Toc

Table of Contents (13) Chapters Close

Preface 1. A Brave New World FREE CHAPTER 2. Vulnerabilities, Attacks, and Countermeasures 3. Approaches to Secure Development 4. Secure Design of IoT Devices 5. Operational Security Life Cycle 6. Cryptographic Fundamentals for IoT Security Engineering 7. Identity and Access Management Solutions for the IoT 8. Mitigating IoT Privacy Concerns 9. Setting Up an IoT Compliance Monitoring Program 10. Cloud Security for the IoT 11. IoT Incident Response and Forensic Analysis 12. Other Books You May Enjoy

Preface

Only a few people would contest the assertion that the phenomenon of the Internet of Things (IoT) poses problems related to security, safety, and privacy. Given the remarkable industrial and consumer diversity of the IoT, one of the principal challenges and goals we faced when electing to write this book was determining how to identify and distill the core IoT security principles in the most useful, but industry-agnostic, way possible. It was equally important to balance real-world application with background theory, especially given the unfathomable number of current and forthcoming IoT products, systems, and applications. To this end, we included some basic security (and safety) topics that we must adequately, if minimally, cover, as they are required as a reference point in any meaningful security conversation. Some of the security topics apply to devices (endpoints), some to communication connections between them, and others to the larger enterprise.

Another goal of this book was to lay out security guidance in a way that did not regurgitate the vast amounts of existing cyber security knowledge as it applies to today's networks, hosts, operating systems, software, and so on, although we realized that
some is necessary for a meaningful discussion on IoT security. Not wanting to align with a single industry or company selling products, we strove to sufficiently carve out and tailor useful security approaches that encompass the peculiarities and nuances of what we think both distinguishes and aligns IoT with conventional cyber security.

A wide range of both legacy industries (for example, home appliance makers, toy manufacturers, and automotive manufacturers) and start-up technology companies are today creating and selling connected devices and services at a phenomenal and growing
rate. Unfortunately, not all are terribly secure—a fact that some security researchers have unrelentingly pointed out, often with a sense of genuine concern. Though much of the criticism is valid and warranted, some of it has, unfortunately, been conveyed with a certain degree of unhelpful hubris.

What is interesting, however, is how advanced some of the legacy industries are with regard to high-assurance safety and fault-tolerant design. These industries make extensive use of the core engineering disciplines—mechanical, electrical, industrial,
aerospace, and control engineering—and high-assurance safety design in order to engineer products and complex systems that are, well, pretty safe. Many cyber security engineers are frankly ignorant of these disciplines and their remarkable contributions
to safety and fault-tolerant design.

Hence, we arrive at one of the serious obstructions that IoT imposes in terms of achieving its security goals: poor collaboration between the safety, functional, and security engineering disciplines needed to design and deploy what we term Cyber-Physical Systems (CPS). CPS put the physical and digital engineering disciplines together in ways that are seldom addressed in academic curricula or corporate engineering offices. It is our hope that engineers, security engineers, and all types of technology managers learn to better collaborate on the required safety and security-assurance goals.

While we benefit from the IoT, we must prevent our current and future IoT from harming us as far as possible; and to do this, we need to secure it properly and safely. We hope you enjoy this book and find the information useful as regards securing your IoT.

lock icon The rest of the chapter is locked
Next Section arrow right
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at €18.99/month. Cancel anytime