I remember wandering into a conference talk several years ago, where some spy-consultant was explaining how you bug a conference table with a UHF transmitter. Most of the talk didn't stick with me, but I remember that the bug design involved a quick burst of data, followed by a period of quiet. This cadence apparently made bug detection harder. (By the way, the speaker also warned to never accept gift tchotchkes from people you don't trust.)
Anyway, I've long wondered why IoT devices haven't been designed accordingly. I mean, let's face it: If professional spies can bug devices for nefarious purposes, then why can't commercial manufacturers bug IoT devices for good purposes, such as beaconing security telemetry to a management center? With recent advances in micro-computing, where complex functions can be shoe-horned into tiny portions of memory, this seems doable.
With this concept in mind, I recently spent some time with an innovative IoT cybersecurity start-up called Cybeats. Headquartered in Canada, the company has three co-founders with common roots in operational technology, industrial design automation, and considerable time spent studying and working in Israel. I spent two full sessions with the principals of the company, who explained to me how their solution works. Here is what I learned:
"What we do involves inserting a small micro-agent into IoT devices, which thus enables security functions from within that device," explained Dmitry Raidman, who serves as the company's CEO. "We work with manufacturers to integrate our software, which is just a few kilobytes, directly into their IoT devices. The tiny agent then works like a sentinel with our cloud service to significantly improve IoT visibility and to dramatically reduce IoT risk."
The Cybeats team organizes IoT security support around the following approach: Once the micro-agent has been integrated by the manufacturer into the device, it begins to learn the normal communications traffic and behavior of the device. This includes developing an understanding of expected IP addresses and network ports that appear normal for that specific device, in that specific installation.
As mentioned above, the micro-agent then establishes a unidirectional secure connection - not through a gateway - to the Cybeats cloud service, where intrusion detection and other analytic capabilities are supported. "Visibility is one of the greatest advantages we see in our solution," Raidman said, "and our customer dashboard is designed to provide real-time risk and vulnerability management for the IoT devices being managed."
Cybeats provides continuous protection of IoT devices by detecting threats, providing blocks, and gathering intelligence. After device manufacturers update their firmware, Cybeats then distributes the result to fielded devices. Cybeats can also secure new IoT devices pre-deployment. This lifecycle protection allows enterprises to address both legacy and new IoT deployments.
I asked about basic security considerations and learned that TLS 1.2 encryption is used end-to-end, and that the Cybeats cloud is well-protected from prying eyes. Such basics are a serious consideration with those legacy curmudgeon industrial control engineers who don't trust clouds (or Internets, for that matter). Raidman understands that IoT security offerings carry this extra obligation to demonstrate high assurance protections.
I also asked about how this method can scale across the massive scope (and the word 'massive' does not express the magnitude sufficiently) of current and planned IoT devices deployed in the field, and Raidman gave a reasonable answer: "We've decided to work with select manufacturers, and for their devices, our solution reduces risk." Today, Cybeats focuses on devices used in smart cities, critical infrastructure, and medical environments.
If you are in the business of developing, using, deploying, or supporting IoT devices in an operational or industrial control setting, then reach out to Dmitry Raidman and his team at Cybeats. Ask them to show you their design and explain how their micro-agent technology and lifecycle solutions can bring secure heartbeat your devices. And ask for a demo of their cloud portal. As always, please share with us what you learn after your session.