The problem of edge security isn’t unique – many of the issues being dealt with are the same ones that have been facing the general IT sector for decades.
But the edge adds its own wrinkles to those problems, making them, in many cases, more difficult to address. Yet, by applying basic information security precautions, most edge deployments can be substantially safer.
The most common IoT vulnerability occurs because many sensors and edge computing devices are running some kind of built-in web server to allow for remote access and management. This is an issue because many end-users don’t – or, in some cases, can’t – change default login and password information, nor are they able to seal them off from the Internet at large. There are dedicated gray-market search sites out there to help bad actors find these unsecured web servers, and they can even be found with a little creative Googling, although Joan Pepin, CISO at security and authentication vendor Auth0, said that the search giant has taken steps recently to make that process more difficult.
“There’s definitely a market opportunity for a company to do better at the device management level, not having thousands of little web servers with the default username and password,” she said.
One issue with solving that problem is the heterodox nature of the IIoT and edge computing worlds – any given deployment might use one company’s silicon, running in another company’s boxes, which are running another company’s software, connecting to several other companies’ sensors. Full-stack solutions – which would include edge devices, sensors, and all the various types of software and connectivity solutions required – are not common.
“Given existing platforms, there’s a lot of viable attack vectors and increased exposure of both the endpoint and the edge devices,” said Yaniv Karta, CTO of app security and penetration-testing vendor SEWORKS.
Worse, some of the methods currently used to secure all or part of an edge deployment can increase the exposure of the IoT network. VPNs, used to secure traffic while in transit, can be vulnerable to man-in-the-middle attacks under certain circumstances. Older industrial protocols like CANbus simply weren’t designed to protect against modern infosec threats, and even LP-WAN protocols used to connect sensors to the edge can be vulnerable if encryption keys are compromised.
The industry currently considers this fragmentation
Thanks to Jon Gold (see source)