Why are Sensors the Key to IoT Cybersecurity?

IoT Sensors

Sensors enabled by the Internet of Things (IoT) are network-connected “smart” devices that collect and transmit real-time data about their environments. The data they provide is used to monitor and control the systems to which they are connected, and helps users make better-informed predictions and decisions.

The use of IoT sensors has grown explosively in recent years because their increasing functionalities, small sizes, and low power consumption allow users to deploy them in new applications for higher productivity and lower costs, and for entirely new ways to maximize the capabilities of network-connected systems and infrastructure.

They are poised for mass-scale adoption as an essential technology in Smart Cities, power and energy, industrial automation, healthcare, automotive, public safety, and other key applications.

However, the lack of standardization in IoT sensors, coupled with interoperability challenges, has made them a prime vector for cyber attacks and are barriers for ubiquitous use of these sensors in many applications. Cyber attacks are targeting IoT sensors in greater numbers, in more industries, and with greater sophistication than ever before. Interoperability challenges reduce the ability to access these sensors and the data they publish to make useful and timely decisions.

Consequences of Poor Sensor Cybersecurity

Inadequate sensor cybersecurity can lead to financial penalties and legal issues if it renders a business or organization unable to fulfill its contractual obligations because of a cyber attack. It may also negatively impact corporate brands, generate user mistrust of affected systems, lead to increased costs and time needed to identify and address cyber attacks; and result in environmental and safety consequences, among other risks.

Indeed, in critical applications where the inability to collect and transmit uncorrupted data in real-time can be tragic – such as in self-driving vehicles and network-connected medical devices – making sensor cybersecurity essential.

For example, consider the trend to implement Smart City technologies, a market growing by about 20% annually. Smart Cities are urban areas that use networks that rely on webs of IoT-enabled sensors to gather the data needed to improve local services, allocate resources more effectively, and manage infrastructures such as traffic signals and street lights. If sensors are compromised and they fail to send timely, accurate information, then health and safety issues may arise: Car crashes may occur if traffic signals don’t operate appropriately. People and property may be affected if accurate warnings about fires, chemical spills, or other emergency situations fail to reach public safety officials in time.

The power and energy sector is another area that could significantly benefit from standards and educational initiatives for sensor cybersecurity and interoperability, because sensor usage to determine when and where to efficiently distribute power is widespread within this sector.

Consider the US power grid, which is essential for the ongoing digital transformation of society. The US grid comprises about 7,300 power plants, 160,000 miles of high-voltage power lines, and millions of miles of low-voltage power lines and distribution transformers, according to the US Energy Information Administration. It makes use of equipment of varying ages and technologies, is operated by many different companies, and is serviced by many different vendors having different cyber practices and levels of knowledge. Achieving adequate cybersecurity in such a large and disaggregated yet critical part of society’s fundamental infrastructure is a monumental challenge but could have grave impacts on autonomous control of power distribution.

In industry, the use of automated systems is critical for greater operational efficiency and precision manufacturing, and to make up for worker shortages in many industries and geographies. When the Industrial Internet of Things (IIoT) sensors in automated or semi-automated systems fail to operate as expected, workers may be injured or exposed to toxic substances unexpectedly; expensive work in process may be damaged; a plant may be unable to meet quality standards; or other bad outcomes may occur.

Also, given the trend to use sensors as an enabling technology to converge the operational technology (OT) control systems inside a factory with a site’s information technology (IT) enterprise systems, an IIoT sensor-based cyber attack can impact an organization beyond the factory floor itself.

Sensor cybersecurity and interoperability are essential even in areas where they may not generally be seen as necessary. In agriculture, for example, nearly 30,000 chickens died in England earlier this year when IoT sensors connected to a monitoring and control network failed to turn on a ventilation system as temperatures rose to dangerous levels in a shed on a farm.

Finally, on an individual level, the growing use of connected medical devices to monitor and treat conditions like diabetes depends on sensor cybersecurity so that inaccurate health monitoring and breach of privacy in reporting don’t occur.

Safeguarding Sensors Cybersecurity and Interoperability Through Standardization

IEEE Standards Association (IEEE SA) is driving standardization in IoT sensors through standards development, educational resources, and other programs to address the major challenges and opportunities these devices present.

IEEE Standards for Sensors

Technology standards that work with current and emerging technologies provide a fundamental framework for system-level integration and cybersecurity. IEEE SA has a growing portfolio of standards and projects that address different aspects of IoT sensors. Here are a few examples:

• IEEE 1451™ is a series of standards and projects which describes a set of open, common, network-independent communication interfaces for connecting sensors or actuators to microprocessors, instrumentation systems, and control/field networks. The goal of the IEEE 1451 series is to allow the access of sensor/actuator data through a common set of interfaces, whether they are connected to systems or networks via wired or wireless means.
• IEEE 2700™, Standard for Sensor Performance Parameter Definitions, provides a common framework for sensor performance specification terminology, units, conditions, and limits. The standard addresses accelerometers, magnetometers, gyrometers/gyroscopes, accelerometer/magnetometer/gyroscope combination sensors, barometer/pressure sensors, hygrometer/humidity sensors, temperature sensors, light sensors, and proximity sensors.
• IEEE P2888™ is a series of standards projects that addresses a multitude of areas for virtual reality (VR) and augmented reality (AR), including the sensor interface for the cyber and physical worlds.
• The IEEE 2621™ series of standards defines the concept of cybersecurity assurance for wireless diabetes devices, specifies security requirements, and provides instructions on how to achieve that assurance.

First-of-a-Kind Sensor Registry

Based on IEEE standards, the IEEE Global Sensors Registry offers a web-based service giving manufacturers the opportunity to reach potential customers globally by publishing authoritative, trustworthy information on their sensor products.

Manufacturers can declare the certifications their products have the standards they adhere to, and can publish product data sheets so buyers can find the right sensors for their implementation, based on the functionality and performance parameters defined in the datasheets. All product information submitted for inclusion in the Registry undergoes an audit process by IEEE SA to ensure accuracy.

To learn more and get involved:

• Visit the IEEE Sensors Registry – an IEEE Conformity Assessment Program (ICAP)
• Watch the on-demand IEEE SA sensor webinar series
• Visit the IEEE SA Foundational Practice Website
• Visit IEEE Sensors Council
• View all IEEE standards, projects, and initiatives in cybersecurity

Authors:

• Sridhar Kowdley, IEEE SA Sensors Roundtable Meeting Co-Chair; Program Manager, U.S. Department of Homeland Security
• Ray Boncek, IEEE SA Sensors Roundtable Organizing Committee Member; Lockheed Martin Fellow
• Ravi Subramaniam, Director of IEEE SA Conformity Assessment Program
• Ted Osinski, IEEE Conformity Assessment Program Manager
• Sri Chandrasekaran, IEEE SA Foundational Technologies Practice Lead