IoT edge, the primary attack surface

One of the main messages that emerges from the IoT week discussions in Lisbon concerning security is that the edge including the devices themselves represents the primary attack surface due to the resource constraints of the devices and the associated difficulty to adequately protect them, exacerbated by their physical exposure, being deployed in uncontrolled, or difficult to control environments. This situation is expected to prevail even on the long term as the exposure and resource constrained nature are intrinsic characteristics of the edge. Admittedly, technology advancement is expected to make edge devices somewhat more resourceful and less constrained, but this will not change their position as remaining the weakest point in the IoT − the same level of sophistication and protection that is available in more controlled environments and closer to the core of the system will not become feasible. So the edge is expected to remain the main battlefield with a continued arms race between defence and attack or intrusion, with the defence being in a disadvantaged position.

This message came across clearly, both from the discussions within the IERC constituency and also as part of the dialogue with the CHIST-ERA initiative which has Security and Privacy in the IoT as one of its two focus areas in its 2015 Call for projects looking for long term issues in ICT.