Welcome to the home of the ManySecured Project

ManySecured Project

The ManySecured project’s aims are to protect consumers, organisations and industry from the security risks posed by the Internet of Things (IoT) through best practice and ‘smart’ control at the router/gateway.

Most IoT security initiatives to date, promote ‘secure by design’ best practice, to improve the security of IoT devices. Whilst this is good practice, there are a number of limitations/challenges with this approach, including:

1. People and organisations will typically make buying decisions based on features and cost and therefore often choose the cheapest/lowest cost option for devices without taking security into consideration or simply assume that the product is secure. This is one of the reasons why there are millions of insecure devices already out ‘in the field’ (e.g. industrial and business environments) as well as consumers homes
2. It will take years to design, develop and commercially deploy new secure IoT devices
3. Likewise, it could take decades for the already deployed insecure devices to get replaced – e.g. industrial devices can typically have a lifetime of 10-20 years and the cost of replacing them can be prohibitive
4. Even if a vulnerability in a device is identified and a software patch created, it may be impractical to implement an update ‘in the field’ because of constraints such as accessibility, device memory, network bandwidth and power requirements
5. Your IoT device could be 100% secure but if your router or gateway is compromised, you are still vulnerable

As many IoT devices connect to the internet and wide area networks via a router (e.g., in the home) or industrial gateway, the ManySecured project seeks to address these challenges and secure the IoT with the collaboration/help of stakeholders in the router/gateway supply chain through:

• Promotion and adoption of security best practice
• Sharing of datasets for: test purposes, malware trace data, fingerprints and patterns, sample network traffic of vulnerable and compromised devices
• Detection of threats and suspicious activity in IoT devices and networks
• Smart control of the IoT devices and network at the router/gateway.

The ManySecured Gateway project partners will develop publicly available best practice, specifications and resources aimed at router/IoT gateway vendors, service and solution providers, in a bid to deliver IoT-secured deployments which are resilient to attack throughout their lifecycle.

Founding partners in the project include Cisco, IoT Security Foundation, NquiringMinds and the University of Oxford.

Security Needs You: Partners Wanted for the ManySecured SIG

Collaboration is essential to ensure Interoperable security, no one company can do it alone.

To facilitate this collaboration, the IoT Security Foundation has created the ManySecured Special Interest Group (SIG) and we are looking for organisations and people to join with the aim to:

• Produce Best Practice recommendations in the areas of Gateway Foundations, Secure Comms, Update Management and Network Isolation
• Develop and publish Problem Statements, Whitepapers, Requirements and Solutions
• Define methods and algorithms to monitor, detect threats and suspicious activity in IoT devices and networks
• Share datasets for: test purposes, malware trace data, fingerprints and patterns, sample network traffic of vulnerable and compromised devices
• Create reference (Open Source) implementation solutions
• Develop a ManySecured Certification Program
• Run trials with end users, customers and key stakeholders

If you would like to learn more and are interested in joining the SIG, please CONTACT US.

Background

The IoT, an opportunity for inovation
The emergence of the Internet of Things is a manifestation of technological progress – two key mega-trends are the pervasive use of communications (hyper-connectivity), and the ubiquity of software defined (or smart) products. Combined, these continuous trends provide huge opportunity for innovation across all market sectors as they yield benefits for society, economies, enterprise and consumers.

… and a potential risk
However, it is also true that ‘all technology is dual purpose’, and whilst IoT is an exciting proposition when used as intended, it may also be used as a weapon against us if systems are not kept secure enough. There is a long list of challenges to achieving this goal including cost, complexity, ownership, inter-dependency, legacy, interoperability, life-cycle, updates and… the list goes on.

Seen through the eyes of nefarious, the continuous expansion of IoT provides a never ending opportunity to hack vulnerable things. It’s an asymmetric problem – you cannot win as a defender and attackers may only need to get lucky once to achieve their goal. New targets appear every day and when those targets are no longer of interest, hackers are nimble and move quickly onto the next opportunity. Security is never done, and the available human resources to be ever-vigilant and keep on top of the issues do not scale in the same way the technology does. We need more scale. We need more speed. We need constant vigilance designed in to systems that work for us and not against us. We need constant security, at scale and at speed.

The ManySecured Gateway project is a response to address many of those challenges and recognising that security has to protect legacy devices, as well as the new, then upgrading automatically when new vulnerabilities are discovered.

But why ManySecured?

A key principle behind the project is to exploit the potential of industry, and technology, to work collaboratively together on security issues. Whilst the ManySecured Gateway project has four founding partners, it is intended to create a community of manufacturers, ecosystem stakeholders and users to reach the scale required to surpass the speed and agility of a smaller, yet determined variety of bad actors.

The ManySecured Gateway project is by the many (stakeholders), for the many (users).