U.S. wireless operator AT&T said it is teaming up with IBM, Nokia, and a handful of other companies to form an Internet of Things (IoT) Cybersecurity Alliance that will tackle the top IoT security challenges that exist today.
According to a Wednesday press release, AT&T, IBM, and Nokia will be joined by Palo Alto Networks, Symantec, and Trustonic. Together the group will “research and raise awareness of ways to better secure the IoT ecosystem.”
AT&T reported the move was prompted by its observation of a massive 3,198 percent increase in attackers scanning for vulnerabilities in IoT devices and a survey it ran that found 58 percent of companies were not confident in the security of their IoT devices.
“Be it a connected car, pacemaker, or coffee maker, every connected device is a potential new entry point for cyberattacks,” AT&T Chief Security Officer Bill O’Hern said. “Yet, each device requires very different security considerations. It’s become essential for industry leaders and innovators like those in the founding members of this Alliance, to work together to help the industry find more holistic security approaches for IoT.”
The carrier said alliance members believe the key to IoT security lies in protecting all devices at the endpoint, network, cloud and application layer, and using overarching threat analytics to study the overall ecosystem and designing products with a built- in, always-on security approach.
The specific goals of the alliance will include collaboration on and research around IoT security challenges across verticals like the connected car, industrial, smart cities, and healthcare; the dissection and solving of these problems at every critical layer of security, from the endpoint, connectivity, and cloud to data and application layers; and ensuring easy access to IoT security solutions across the ecosystem. The group will also seek to influence security standards and policies, AT&T said.
The announcement comes as part of a growing flurry of activity around IoT security.
Back in November, the U.S. Department of Homeland Security issued a report urging developers, manufacturers, and service providers to boost security around the Internet of Things (IoT) to curtail growing cybersecurity risks around connected devices.
The following month, the Z-Wave Alliance announced it will now require implementation of the new Security 2 (S2) framework in all products seeking a Z-Wave certification as of April 2017.
And last month, the U.S. Federal Trade Commission said it was offering a $25,000 bounty for solutions to IoT security challenges.
All this buzz comes for good reason.
According to a recent report from Juniper Research, the vast scale of IoT connectivity could open the door for more and more massive botnet attacks.
“Attacks such as those on Dyn last October can be viewed as proof of concepts,” Steffen Sorrell, the research’s author said. “In the medium-term, botnets will be used far more creatively − not only to disrupt services, but also to create a distraction enabling multi-pronged attacks aimed at data theft or physical asset disruption.”
More on that report can be found here at our sister publication, CED.
Among Tier-1 carriers, AT&T has perhaps the biggest stake in the IoT game. As of September, AT&T Mobility and Consumer Operations CEO Glenn Lurie told Wireless Week the carrier had around 29 million connected devices – including 9.4 million connected cars – on its network. By the end of the fourth quarter 2016, that figure had risen to 31.6 million.