Securing IoT: A New Approach

Maj. Gen. Paul Capasso USAF (Ret.)
February 2, 2021 • 5 min read

“Security is always excessive until it’s not enough.” – Robbie Sinclair, Head of Security, Country Energy, NSW Australia

The internet is perhaps man’s most remarkable creation. Since its humble beginnings in the late 1960s, the internet has become perhaps the most important facet of our society.  It is the foundation that has allowed the global community to usher in the digital age.  Driven by technological innovation, the internet is continuously evolving.

This evolution however has not occurred without peril.  In man’s haste and early lack of understanding, internet security has been approached in an ad hoc fashion where “bolt-on versus built-in” security measures have become the norm. Many have sounded the alarm, but few have been able to change the way we approach this important aspect of the internet.  

The SolarWinds Orion hack once again highlights the fragility of our current approach to security.  It will be years before we fully understand the true impact this attack will have on our entire nation.  Unfortunately, we continue to avoid the lessons learned and live the “Cyber Groundhog Day” over and over again — and it is only going to get worse as the Internet of Things (IoT) moves us closer to a “smart-everything” society.  According to Gartner Statista, the number of IoT devices is expected to grow to 75 billion by 2025.  Every aspect of our society is on the verge of touching the internet.

Examples of Internet of Things Use Cases
Examples of Internet of Things Use Cases

IoT Growth is Leading to Grave Security and Privacy Vulnerabilities

As more smart-device platforms are placed online, our critical resources become harder to protect.  More often than not, instead of tackling the security issue head on, we sacrifice security for convenience to get the product to market. An anonymous quote explains the seriousness of the situation at hand — “If one thing can prevent the Internet of Things from transforming the way we live and work, it will be a breakdown in security.”

Let’s look at educational institutions as an example. In the days of old, fire alarms, bells and hall monitors provided “all things security” to protect our educational institutions. Today, K-12 schools and universities use a myriad of IoT devices and applications to enhance the safety and security of the educational and learning campus environment.  The ongoing COVID pandemic has also introduced additional IoT applications required for remote learning. 

Networked resources are the heart and soul of these educational institutions as they touch everything from student personal data, finance systems, smart building management services, enrollment systems, on-line remote learning, internal and external communications, web sites and learning management systems. As the number of network and user endpoints have increased, our adversaries have been embolden to take advantage of this target-rich environment.

As we move to an all-digital environment, poorly designed IoT devices, cybersecurity shortfalls, poor login credentials, misconfigured platforms and an unsecure wireless foundation provide a target rich threat environment.  Security is a must and cannot be an afterthought.

The IoT Cybersecurity Improvement Act of 2020 that was signed into law in December 2020 offers some help in securing IoT devices but falls short of offering a comprehensive solution as it only applies to devices used by the federal government. The law directs National Institute of Standards and Technology (NIST) to develop guidelines for IoT devices in the areas of secure development, identity management, patching, and configuration management.  Because of the time it will take to implement these guidelines and expand them outside the federal government, an innovative approach that’s available now is required to protect our critical resources.

Making IoT Devices and Platforms Disappear with Virtual Obfuscation

What if you could make IoT devices, users, information, and resources invisible on the network and keep them hidden from unauthorized view and access? A virtual obfuscation network allows these connections to be totally isolated from the public internet through the use of a number of virtual network nodes, varying pathways and eliminating source and destination IP addresses to make their presence and communications invisible.

Staying with the educational field, let’s look at a use case where a security company provides 24×7 managed security operations monitoring, detection and response for an educational institution.  The company uses a central server to operate an integrated security system that remotely monitors the facility’s surveillance cameras, gunshot detection systems, student identification badges and integrated alarm systems. 

A virtual obfuscation network would completely isolate the security company’s central server and its activities and connections from the public internet. The company would gain access control and authentication through two separate pathways to protect their credentials.  The first path leads to a hidden authentication server that verifies the user’s identification to the network. Once the user is authorized, a second path is created from the access node to the transit cloud. 

As the user enters the transit cloud, encrypted user data is sent through a random set of virtualized pathways and cloud-based nodes, eliminating source and destination IP addresses along the way.  Internal pathways are also changed when a user’s session remains inactive for a period of time.  Exit nodes are placed within network firewalls or to the “dirty” internet, masking your true location.

Telos Ghost® is a virtual obfuscation network-as-a-service that’s available now to provide this level of privacy and security for worldwide communications and transactions over the internet. Built on the philosophy that “You can’t exploit what you can’t see,” its unique architecture makes users, information, and resources invisible on the network and keeps them hidden from unauthorized view and access.

You can learn more about how Telos Ghost can protect your critical enterprise assets in the digital realm by visiting our website.  You can also contact us for a demonstration of its remarkable capabilities and a confidential conversation about how Telos Ghost can protect your organization’s people, information, and resources.

Maj. Gen. Paul Capasso USAF (Ret.)
Vice President of Strategic Programs
Maj. Gen. Paul Capasso (Ret.) is the vice president of strategic programs at Telos Corporation.
Read full bio
Notify of
Inline Feedbacks
View all comments

Subscribe to Our Newsletter

Although we may use your information for targeted marketing and advertising, as described in the Privacy Policy, we will never sell your information to any third party.