26
Ensure secure operation. This point is about maintaining the security of IoT
devices over their lifetime. Mosel says, "It involves monitoring products to make
sure that they are patched and updated. You need to see that users are operating
devices in a secure way and have the ability to scan for open ports or other kinds of
vulnerabilities." Some of these operational monitoring capabilities can come from
outside monitoring services; some can be built into devices so that they can monitor
their own security status.
Create incident response and vulnerability-handling capabilities. An important part
of IoT security is having the ability to detect and mitigate vulnerabilities. This ability
can come from discovering vulnerabilities in devices that are in service or a device
becoming infected with malicious software. "You must be able to inform customers,
publish security advisories, and offer forensic support, if necessary," Mosel explains.
Mosel believes that secure IoT solutions require a life-cycle approach in which
product design is just the beginning. He sees a future in which more product
developers will offer operational support services that span the service lifetime of the
devices they manufacture.
26
" Make sure that
the components
in your products
are registered
for vulnerability
monitoring.
That way, if you
become aware of
vulnerabilities, you
can inform your
customers."
