https://urgentcomm.com/wp-content/themes/ucm_child/assets/images/logo/footer-logo.png
  • Home
  • News
  • Multimedia
    • Back
    • Multimedia
    • Video
    • Podcasts
    • Galleries
  • Commentary
    • Back
    • Commentary
    • Urgent Matters
    • View From The Top
    • All Things IWCE
    • Legal Matters
  • Resources
    • Back
    • Resources
    • Events
    • Webinars
    • White Papers
    • Reprints & Reuse
  • IWCE
    • Back
    • IWCE
    • Conference
    • Special Events
    • Exhibitor Listings
    • Premier Partners
    • Floor Plan
    • Exhibiting Information
    • Register for IWCE
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Terms of Service
    • Privacy Statement
    • Cookies Policy
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • Mission Critical Technologies
    • Microwave/RF
    • T&D World
    • TU-Auto
  • In the field
    • Back
    • In the field
    • Broadband Push-to-X
    • Internet of Things
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Call Center/Command
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Network Tech
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Operations
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Regulations
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • Organizations
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
Urgent Communications
  • NEWSLETTER
  • Home
  • News
  • Multimedia
    • Back
    • Video
    • Podcasts
    • Galleries
  • Commentary
    • Back
    • All Things IWCE
    • Urgent Matters
    • View From The Top
    • Legal Matters
  • Resources
    • Back
    • Events
    • Webinars
    • White Papers
    • Reprints & Reuse
    • UC eZines
  • IWCE
    • Back
    • Conference
    • WHY ATTEND
    • Exhibitor Listings
    • Floor Plan
    • Exhibiting Information
    • Registration Opens April 2019-Join Our Mailing List
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Terms of Service
    • Privacy Statement
    • Cookies Policy
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • TU-Auto
  • newsletter
  • In the field
    • Back
    • Internet of Things
    • Broadband Push-to-X
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Cybersecurity
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
acc.com

Cybersecurity


Partner content

IoT security needs pen testing approach

IoT security needs pen testing approach

  • Written by Evan Schuman / IoT World Today
  • 29th January 2021

IoT security is challenging—largely because the millions of IoT devices in the field can interact with enterprise systems in numerous ways.

Internal systems—Internet of Things (IoT)-enabled door locks and lightbulbs in corporate office buildings, for example—as well as external ones, typically sitting at a remote site (aka an employee’s or contractor’s home more than not these days) and jumping onto the enterprise local area network (LAN) or wide area network (WAN), courtesy of a VPN piggyback.

In addition, devices can be compromised in a couple of ways: (1) the original code from a manufacturer could include bugs or malware (with or without the manufacturer’s knowledge) in it when shipped; or (2) malicious attackers can hijack a unit’s code months later with malware. Once IoT gains access to the network and often its very own IP address, it unleashes all of these security nightmares.

Even worse—and this undercuts security triage—malicious code can prompt malicious actions from devices (such as to change the chemical percentages at a pharmaceutical’s assembly line), contradicting its manufactured purpose. But insidious code might just as easily use a device merely as a network conduit, so it doesn’t matter whether it’s official purpose seems dangerous, given that its goal is to simply access the network and do damage from afar.

With all these avenues for a breach, what is an enterprise CISO or CIO to do? Having a team of benevolent “hackers”/penetration testers repeatedly review the code of every IoT device for nefarious instructions  can be cost-prohibitive. Besides, it is unlikely to help the legions of consumer-grade IoT devices sharing the home LANs of your personnel as your security team won’t typically have full access.

To Pen Test IoT Devices or Not?

Still, many argue that pen testing an enterprise’s IoT devices is critical. The questions is, How often is prudent and cost-effective? The answer to that question will vary widely from one enterprise to the next.

Steve Zalewski, the deputy CISO for $6 billion global apparel firm Levi Strauss & Co., said that he sees IoT pen testing as a no-brainer. “These are untrusted unverified devices on my trusted networks,” Zalewski said. “This is immature technology without mature security controls.”

“We have got to bring some rigor,” he continued. “The problem with IoT devices is that security is not considered within the functional capabilities of the devices.”

To read the complete article, visit IoT World Today.

 

Tags: Alerting Systems Analytics Applications Critical Infrastructure Cybersecurity Enterprise Federal Government/Military Incident Command/Situational Awareness Internet of Things IoT/Smart X News Policy Public Safety Regional Coordination Security Software State & Local Government System Design System Operation Test & Measurement Tracking, Monitoring & Control Partner content

Related


  • Redefining communications for today’s mobile workforces
    Communicating with personnel was already a challenge for companies with workers in the field, deskless staff who travel, as well as widespread workforces in siloed divisions and office locations. Now that COVID-19 has all but eradicated traditional in-person relationships and many in-office team members are now working remotely, keeping everyone synced is an even more […]
  • Hi-tech sewer can help safeguard public health, environment and economies
    In the wake of the coronavirus, economic recovery is top of mind for all city leaders, the majority of whom believe that investing in infrastructure and technology can spur a rebound. Yet current analyses indicate that we only have funding available to cover approximately 57 percent of infrastructure system improvements through 2029, leaving an investment gap of $2.6 […]
  • In the 5G race to space, Lynk takes the lead against SpaceMobile
    Startup Lynk expects to begin offering commercial services as early as next year, fully one year earlier than its rival SpaceMobile. Of course, being the first to market is not necessarily the primary indicator of ultimate success. Further, one company’s version of commercial-level services may not be the same as another. Nonetheless, the fact that […]
  • FCC initiates proceeding, strike force to halt 911 fee diversion
    FCC commissioners took the first step in fulfilling a mandate from Congress by unanimously approving a proposed rules to help tackle the longstanding issue of states and other governmental entities diverting revenues from 911 fees to initiatives that are not related to the emergency-call workflow. In December, Congress passed the “Don’t Break Up the T-Band […]

Leave a comment Cancel reply

To leave a comment login with your Urgent Comms account:

Log in with your Urgent Comms account

Or alternatively provide your name, email address below:

Your email address will not be published. Required fields are marked *

Related Content

  • Water-utility hack could inspire more intruders
  • AI ups the ante for IoT cybersecurity
  • 5G claiming success in connected and autonomous vehicle testing
  • Tests show FirstNet MegaRange effective for 20-plus miles in maritime scenario, AT&T says

Commentary


Ransomware? Let’s call it what it really is: extortionware

21st February 2021

Redefining communications for today’s mobile workforces

18th February 2021

Hi-tech sewer can help safeguard public health, environment and economies

18th February 2021
view all

Events


UC Ezines


IWCE 2019 Wrap Up

13th May 2019
view all

Twitter


UrgentComm

California PD: ‘Game-changing’ Live911 streaming of emergency calls accelerates responses dlvr.it/RtPgXS

24th February 2021
UrgentComm

Why Tuscon is building its own 4G network dlvr.it/RtPDG5

24th February 2021
UrgentComm

SolarWinds attackers lurked for ‘several months’ in FireEye’s network dlvr.it/RtP07s

24th February 2021
UrgentComm

Buffalo’s 48 hours to navigate a mission-critical transition to remote work dlvr.it/RtNwfl

24th February 2021
UrgentComm

Digital transformation, connectivity create platform for sustainable mobility dlvr.it/RtNwYm

24th February 2021
UrgentComm

Florida SLERS renewal could wait until May as SLERS-2 procurement begins dlvr.it/RtLWGB

23rd February 2021
UrgentComm

Westell, End-to-End Public Safety BDA Solutions dlvr.it/RtKrf9

23rd February 2021
UrgentComm

Newscan: SolarWinds CEO recommends liability protections for sharing information about incidents dlvr.it/RtJwP7

23rd February 2021

Newsletter

Sign up for UrgentComm’s newsletters to receive regular news and information updates about Communications and Technology.

Expert Commentary

Learn from experts about the latest technology in automation, machine-learning, big data and cybersecurity.

Business Media

Find the latest videos and media from the market leaders.

Media Kit and Advertising

Want to reach our digital and print audiences? Learn more here.

DISCOVER MORE FROM INFORMA TECH

  • American City & County
  • IWCE
  • Light Reading
  • IOT World Today
  • Mission Critical Technologies
  • Microwave/RF
  • T&D World
  • TU-Auto

WORKING WITH US

  • About Us
  • Contact Us
  • Events
  • Careers

FOLLOW Urgent Comms ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X