Modestas Jakuska focuses on the importance of using an Identity and Access Management (IAM) system in order to maintain data integrity and security in the context of IOT devices.

Ensuring data integrity means ensuring that data is complete, original, consistent, attributable and accurate. Data must be protected at all stages of its lifecycle, when it is created, transmitted, in use or at rest. Otherwise, there is no assurance that the integrity of current data is maintained.

This is as important for IOT devices (computing devices that connect wirelessly to a network and have the ability to transmit data) as for any other device. IOT devices are used across a variety of industries, including the life sciences industry where they are often employed in the control of drug product manufacturing or equipment monitoring, e.g. IOT sensor monitoring temperature, humidity, light intensity etc.

There are many considerations for ensuring data integrity for IOT devices including but not limited to:

Vendor / Supplier assessment.

Verification and definition of the ER ( Entity-Relationship) model.

model. Definition of security protocols used by IOT devices.

Definition and verification of the use of cryptography for IOT communication.

Definition of procedures for good data management.

Identity and Access Management (IAM)

In this post, however, I will solely focus on the importance of using an Identity and Access Management (IAM) system in order to maintain data integrity and security. In the context of IOT devices, an IAM system is a set of policies and technologies that ensures that only specified IOT devices have access to specified resources with appropriate restrictions.

The importance of IAM has been highlighted by the recent NASA hack which occurred specifically due to the mismanagement of IOT devices. According to NASA Office of Inspector General [1]: “JPL uses its Information Technology Security Database (ITSDB) to track and manage physical assets and applications on its network; however, we found the database inventory incomplete and inaccurate, placing at risk JPL’s ability to monitor, report effectively, and respond to security incidents.”(Note JPL = Jet Propulsion Laboratory).

No device or network is trivial. That includes even the most basic IOT devices. In fact, a Raspberry Pi (a credit-card sized computer that plugs into a computer monitor) was used to gain access to the network. Once accessed, a network gateway was then used to gain access to other networks. This could all have been avoided if something like network segmentation had been implemented implemented. According to BBC News [2]: ”Once the attacker had won access, they then moved around the internal network by taking advantage of weak internal security controls that should have made it impossible to jump between different departmental systems … The stolen data came from 23 files, but little detail was given about the type of information that went astray.”

After this ‘hack’ NASA implemented measures to address the identified system weaknesses, including but not limited to semi-annual assessment of inventory to ensure that the system components are registered in the Information Security Database.

In conclusion, the implementation of and adherence to robust IAM policies and technologies is a crucial element in the preservation of data integrity and security for IOT devices. Failure to do so exposes the data to the risk of corruption, alteration or destruction.

References

[1] “Cybersecurity Management and Oversight at the Jet Propulsion Laboratory”, Oig.nasa.gov, 2019. [Online]. Available: https://oig.nasa.gov/docs/IG-19-022.pdf. [Accessed: 03-Aug-2019].

[2] “Raspberry Pi used to steal data from Nasa”, BBC News, 2019. [Online]. Available: https://www.bbc.com/news/technology-48743043. [Accessed: 03-Aug-2019].