This is the first of a two-part series highlighting IoT device security issues and how the OCF is addressing them.
When people talk about the Internet of Things (IoT), they are referring to the ability to add internet connectivity to a system of interconnected devices. Each device, or “thing,” comes out of the box with a unique identifier and the ability to automatically transfer data over a network. However, allowing devices to connect to the internet opens them, and the network, up to a variety of serious vulnerabilities if they are not suitably protected. Because IoT is a relatively new market, many product designers and manufacturers are more interested in getting their new products to market quickly rather than taking the necessary steps to build lasting security into their products from the beginning.
Since the IoT has grown exponentially over the past few years, security has been under the microscope, especially after high profile instances where a common IoT device was used to break into and attack the larger network. For instance, cybercriminals hacked a casino through its internet-connected thermometer in an aquarium in the lobby of the casino. Then, the hackers exploited a vulnerability in the thermostat to get a foothold into the network. Once there, they managed to access the high-roller database of gamblers and pulled it back across the network, out the thermostat, and up to the cloud. This is just one of many examples underscoring how employing security measures is crucial to making sure networks with IoT devices connected to them are safe.
The Open Connectivity Foundation (OCF) is dedicated to ensuring secure interoperability for consumers, businesses and industries by delivering a standard communications platform, a bridging specification, an open source implementation, and a certification program allowing devices to communicate regardless of form factor, operating system, service provider, transport technology, or ecosystem. Our aim is to get industry consolidation around a common, interoperable approach to connect all future devices for the IoT. The member companies involved in OCF believe that secure and reliable device discovery and connectivity is a foundational component in enabling the IoT. The good news is that this is already underway.
The OCF Specifications are the answer to the as-yet-unsolved secure interoperability issue the IoT industry faces today. The Specifications provide the secure communication structure which is a standard model for applications and services to interact with IoT resources. They map to multiple transports and bridge to other IoT ecosystems. Finally, they leverage existing industry standards and technologies, provide connections between devices, between devices and the cloud, and manage the flow of information among devices.
OCF-Certified products give end users choice in purchasing. Consumers aren’t dependent on one particular brand to ensure the products all work together, right out of the box. With the knowledge that security has been built into OCF-certified devices during manufacturing, consumers can rest easy knowing their network is secure from any vulnerabilities. This combination of ease and security offers an IoT experience that simply improves everyday life.
In the second blog in this two-part series, we’ll be examining the suggested security capabilities laid out by the National Institute of Standards and Technology (NIST) that the OCF Specification includes and will continue to build upon, ensuring a secure, interoperate IoT around the world.