IoT promises tremendous leaps forward in almost every aspect of industry and business, as well as civic and personal life. However, it has also significantly raised the stakes for security by introducing a flood of new connected devices which are highly vulnerable to hacking. According to the U.S. Federal Trade Commission there are now twenty-five billion devices online — if research presented from a Hewlett Packard IoT security study is correct, between 70 and 80 percent of them may be insecure, lacking encryption and sufficient password protection. The danger, however, goes far beyond the individual vulnerability of these devices. Their connected nature means that they can be hijacked en masse to perpetrate large scale attacks that are, quite frankly, beyond the scope of anything we’ve seen before.

DNS provider Dyn’s well-publicized DDoS attack, which may have cost the company 8% of its business, shook the industry. Yet, this really was only a sampling of the danger posed by insecure IoT systems, which can threaten entire infrastructures. At Focus 16 Ted Koppel warned that an attack on IoT devices connected to the U.S. power grid could trigger a massive outage — the reality of which was proved when a group of researchers in Israel simulated such an attack on “smart lightbulbs” that controlled lights in a city block of offices. According to The Hacker News, attacks of this nature are growing in scale to exceed a terabit per second, meaning that the stakes in securing IoT systems are only going to increase. As organizations look to secure their networks, they must begin at the most fundamental level: the hardware.

Hardware-based security offers a deeper level of protection

Particularly in a distributed infrastructure such as an IoT system, security at the endpoint requires a solution that starts from the ground up. Put simply, “hardware-based” security is protection that is produced by a physical device rather than software that is installed on a computer system. It can provide more robust security than software, offering additional layers that make it difficult or even impossible to retrieve key material from important systems, even with sophisticated inspection tools. Under this model, security layers thwart cyber attacks well before malicious threats can even get close to core operating systems.

Why is this better than software-based security?

Why invest in a hardware-based solution when software might be applied post-hoc to do the job? TechTarget notes that hardware based security:

Has embedded technology specifically designed for special-purpose processing, such as cryptography, making it faster and more effective than software

Won’t be prone to attacks that can foil software, such as buffer overruns

Can provide more general protection, vs. software which is purpose-built to handle specific threats, thus avoiding security loopholes

ZDNet’s Ellyne Phneah predicted that the continual rise in cybercrime will raise the importance of securing hardware components, as hackers “will find it difficult to alter the physical layer for their purposes.” She quotes Patrick Moorhead, analyst at Moor Insight and Strategy, who asserted that hardware-based security is more secure than software because it cannot be altered, noting that this may eliminate the possibility of malware infiltrating the operating system and virtualization layer. Cathy Huang of Frost & Sullivan also points out in the article that, while end-user software may hamper performance in devices, hardware-based security could potentially eliminate such difficulties. According to Huang hardware-based security will also be able to solve some of the legacy security issues associated with software that are sure to accompany the surge in machine-to-machine communications that we’re seeing with IoT — such as, for example, the difficulties in translating between legacy security system protocols and newer security protocols.