Cross-Cutting Countermeasures
The following is the list of the countermeasures that apply to more than one domain. More details about the identified countermeasures can be found in the domain-specific countermeasures sections.
- Security by default. It refers to the technologies which enable security best practices by default, requiring little to no manual intervention. All personnel involved in the design and development of IoT devices should pay attention to security fundamentals and collaborate to accomplish security-by-design. Moreover, network assets and functions should be securely configured according to state-of-the-art practices, while systems should be designed in a way to provide minimum security requirements by deploying a minimum set of security controls. Applications should deploy several security by default techniques at all levels, including safe and secure programming language compilers, modern web frameworks, and orchestration platforms that provide automatic encryption and mutual authentication.
Domains: IoT/Device, Network, System, Application. - Firewalls. Besides being the first line of defense in networks, firewalls can also be used in VMs for monitoring and sifting malicious from good traffic. They can be used to detect various security risks, including phishing attacks, information leaks, incorrect network configurations, malicious code execution, and propagation.
Domains: System, User. - Authentication and Authorization. It refers to the activities where the user who wants to access a resource is first identified and then authorized. Advance authentication techniques, such as biometrics, multi-factor authentication, and digital certificates can ensure the protection of both IoT endpoints and applications. Combined with authorization, authentication can be successfully used in mitigating security threats.
Domains: IoT/Device, Application. - Enforcing regulations. More regulations are necessary for ensuring that manufacturers and vendors prioritize security and provide guidelines on the use of the cloud and IoT developers’ expectations, thus providing the necessary level of transparency to the organizations and end-users. In addition, some of the already existing policies, such as GDPR and STAR should be applied on the global level.
Domains: IoT/Device, System. - Data encryption. Encryption is a crucial technique for preserving the confidentiality of the information and fulfilling security strategies and compliance standards. Organizations should define policies of the use of encryption and controls of cryptographic authentication and integrity, including digital signatures and key management. Encryption in virtualized environments is accomplished throughout three distinct phases, namely encryption at data-at-rest, data-at-transit, and encryption on backup data, while VPNs, HTTPS, SOCKS5, PGP are commonly used for private network communications.
Domains: System, Data, User. - Deploying AI and ML. AI-based Intrusion Detection Systems (IDS) can be used for monitoring the network, collecting and analyzing information from previous attacks, and ultimately predicting and mitigating incoming attacks. Moreover, real-time ML algorithms, including LDA, random forest, and CART, just to name a few can be used to identify never-before-seen attacks. Apart from that ML/AI can also be used for processing vast amounts of data across multiple clients and tickets in real-time, correlating those, providing granular attribution and automation actions such as auto-notify and auto-defend actions. This way security awareness training programs can be complemented by assisting in the identification of phishing and spam emails.
Domains: IoT/Device, Network. - Raising security awareness. Raising security awareness among organizations and end-users is of crucial importance for ensuring the further growth of IoT frameworks and virtualization platforms. Not following the security rules can lead to serious data breaches, which can, in turn, lead to dire consequences. Moreover, an ever-increasing amount of deep fakes, propaganda, misinformation, and disinformation campaigns can affect peoples’ everyday life. Hence, gaining knowledge through security awareness campaigns and training sessions are essential for both the end-users and organizations.
Domains: IoT/Device, Network, System, Data. - Enforcing access control mechanisms (ACMs). Access control management (ACM) mechanisms for users, applications, and systems are essential for mitigating the issue of authorization abuse, as well as granting the integrity and confidentiality of resources. They operate per the predefined policies and restrict or limit the capabilities of users to access certain processes. Some of the existing ACM solutions include MAC, RBAC, and CP-ABE.
Domains: System, User. - Security monitoring. Monitoring network traffic and devices can be a successful way of tracking suspicious activities and performing risk assessments. Captured data can be used for identifying patterns and correlations, inferencing the communication actors and the software used, etc. Based on the results of the analyzed data, further actions such as IoT device revocation and isolation can be enforced. Some tools that can be used for network monitoring include GTP Inspection and GTP Firewall.
Domains: IoT/Device, Network, User. - Firmware maintenance. Regular firmware updates, monitoring, and maintenance are essential for protecting IoT devices and networks. Additionally, firmware updates should be automatic to ensure secure data transmissions, authorization, and digitally signed network packages. In IoT devices, the secure boot has to be utilized to ensure that a device can only execute OEM or trusted code, thus preventing possible firmware attacks.
Domains: IoT/Device, Network.