Kaspersky Lab, ITU-T partner to strengthen IoT security

ANI | Updated: Feb 20, 2018 09:22 IST

New Delhi [India], Feb 20 (ANI): Amid rising prevalence of cyber threats and elaboration on crucial industry standards, Kaspersky Lab ICS CERT experts teamed up with ITU's Telecommunication Standardisation Sector (ITU-T) to develop Recommendation ITU-T Y.4806 "Security capabilities supporting safety of the Internet of Things."

In January, a new international standard on "Security capabilities supporting safety of the Internet of Things" (Recommendation ITU-T Y.4806) officially came into play. Recommendation ITU-T Y.4806 was developed by Study Group 20 "Internet of things (IoT) and smart cities and communities" of ITU-T, classifying security issues for IoT, examining possible threats for security systems, and clearing out the safe execution of IoT cyber-physical systems supported by security capabilities.

Kaspersky Lab researchers have shown that non-computing connected devices incidents are among the top three incidents with the most severe financial impact, for both SMB and enterprise organisations, and are going to increase.

In the wake of the recent TRITON attack targeting industrial control systems, it became obvious that attacks on cyber-physical systems can affect not only the information aspects, but also functional safety. Therefore, the study group collaborated to determine which security capabilities specified in Recommendation ITU-T Y.4401/Y.2068 "Functional framework and capabilities of the Internet of things" support safe execution of IoT.

The experts provided up-to-date specific recommendations for IoT framework security. Recommendation ITU-T Y.4806 is mostly applicable to safety-critical Internet of things (IoT) systems, such as industrial automation, automotive systems, transportation, smart cities, and wearable and standalone medical devices. Additionally, Recommendation ITU-T Y.4806 considers how the joint analysis of threats and security capabilities mentioned herein may be used to establish security requirements for the different applications of the Internet of things.

"In the wake of the recent TRITON attack targeting industrial safety systems, it became obvious that attacks on cyberphysical systems can affect not only the information aspects, but also the functional safety. Our aim was not only to plant the flag on the idea of high probability of security breach attacks, but also to determine the methodology for developing specific requirements. We believe that our contribution to ITU-T's IoT security standard (Recommendation ITU-T Y. 4806) will help organisations develop more efficient cybersecurity strategies to fully face up to modern cyber threats," said Andrey Doukhvalov, Head of Future Techs, Kaspersky Lab.

To counter the above vulnerabilities and other less frequent IoT security challenges, recommendations developed by Kaspersky Lab ICS CERT experts described how to proceed from consideration of the types of impact on the cyber-physical system to the analysis and modeling of threats to functional safety, and then to the development of recommendations on security measures, illustrating the described method with concrete examples.

To avoid attacks such as TRITON, and as per Recommendation ITU-T Y.4806 which summarises the data necessary to establish the requirements for industrial control systems to resist security threats that could affect safety, Kaspersky Lab experts urged the implementation of reliable communication infrastructure and monitoring mechanisms, as well as mutual authentication and authorisation for management and control.

Furthermore, experts also suggested better audit of management and control procedures and attack detection mechanisms, and installation of measures to monitor the load on equipment and communication channels, including the detection of both unintentional overload and denial of service attacks. (ANI)