From September 5th to September 8th of 2023, Billington Cybersecurity hosted its 14th annual Cybersecurity Summit in Washington, D.C. Among my fellow Raytheon executives, I was given the honor of joining senior leadership from the U.S. government and its allied partners, along with other industry and academic partners to discuss some of today's most pressing national security issues.
It is estimated that the number of internet-connected IoT devices could reach 30 billion by 2030.
With an exponential increase of commercial and industrial IoT devices and systems, concerns have been naturally raised regarding IoT vulnerabilities.
As we begin to more widely deploy, embed, and rely on interconnected IoT devices and sensors, the basic building blocks needed to improve security must be upleveled.
These building blocks will help reduce potential attack vectors and will make it much harder for adversaries to exploit IoT devices, connected infrastructure, and end users.
Securing the surrounding IoT ecosystem and components, such as mobile apps and cloud-hosted services that interact with IoT devices and services like home security cameras and Alexa-type voice assistants, is equally important.
Considering these ongoing and expansive cyber threats in the IoT domain, there is widespread recognition that preventative actions need to be taken.
In July, the FCC, along with a host of partnering companies, announced a late 2024 Cyber Trust Mark labeling program for interconnected IoT and home automation devices, such as home network routers, appliances, security cameras, and other products.
The goal of the program is to help consumers quickly assess the security level of an IoT product or service without requiring them to be a cyber expert.
Modeled after similar product security programs in other countries such as Singapore, the new US Cyber Trust Mark program is expected to help consumers with their IoT device purchasing decisions.
The program is also expected to help motivate IoT device manufacturers to voluntarily add more security to their offering and allow them to use the US Cyber Trust Mark to help differentiate their offerings.
In relation to enhanced 5G/6G threats and attack surfaces, network slicing is often part of the conversation.
Advanced networking capabilities like slicing also considerably increase the implementation complexity and attack surface 5G/Future G networks.
The official 5G standard specification did not provide sufficient guidance on how to implement features such as network slicing securely.
To help address these shortcomings, the NSA and CISA recently released security considerations for the implementation of 5G network slicing.
In their recommendations, they address some identified threats to 5G standalone network slicing and outline specific practices for the design, deployment, operation, and maintenance of network slices.
The implementation and operation of next generation networks and advanced capabilities such as network slicing will also require network operators to implement and rely more on algorithmic and AI/ML-driven decision making.
The increased use of AI/ML in the operation of networks will also require a significant change in how these advanced networks are secured.
5G/Future G networks will also have to address and counter known AI/ML-related vulnerabilities and attacks, such as data poisoning and adversarial attacks.
To help reduce cyber-attack surfaces and to combat continuously evolving IoT- and 5G/6G-related cyber threats, suppliers, manufacturers, service providers, and users must work closely together to cyber-harden their components, devices, networks, and services.
This Cyber News was published on www.cyberdefensemagazine.com. Publication date: Sun, 28 Jan 2024 12:28:06 +0000