Proving the Business Case for the Internet of Things

GCA launches cyber-security IoT platform

Steve Rogerson
August 22, 2019
The Global Cyber Alliance has launched a cyber-security development platform for IoT devices. The Aide automated IoT defence ecosystem can help small businesses, manufacturers, service providers and individuals identify vulnerabilities, mitigate risks and secure IoT devices.
A complementary resource to the Aide platform is the GCA ProxyPot, a custom IoT honeypot developed by GCA, which can replicate one IoT device across multiple IP addresses and physical locations to identify global attack risks quickly, efficiently and accurately.
Together, the Aide and ProxyPot platforms allow for organisations and individuals to have greater visibility into the types and scale of threats facing the IoT devices deployed in various environments, including smart cities and other smart ecosystems.
"The number of internet-connected devices has grown exponentially over the last decade and with it the cyber risk to companies, organisations and individuals deploying these devices on their network," said Philip Reitinger, president and CEO of the GCA. "The launch of the Aide platform furthers the GCA's mission of providing scalable, implementable solutions to organisations of all sizes and budgets to secure their devices and reduce risk."
With an estimated 14.2 billion internet-connected devices in use and a projected increase to 25 billion by 2021, the challenge to identify, analyse and mitigate IoT threats has dramatically increased. Also cause for concern, a recent survey found less than a third of organisations maintain a privileged-access security strategy for their IoT devices, making the organisations a target for threat actors.
The Aide platform offers capabilities for data collection, analysis and automated defence on a scale not previously attained. As part of its first effort to leverage the Aide and ProxyPot technologies, the GCA is working with Attivo Networks to build a scada honeyfarm to collect threat intelligence on attacks targeting industrial control systems.
"We are thrilled to be working with the GCA to provide the benefits of deception technology to organisations around the world," said Marc Feghali, vice president of Attivo Networks. “IoT devices are notoriously difficult to secure and apply typical prevention measures. As a result, innovations like deception technology are playing a critical role in the early threat detection and response to cyber attacks. By creating customised decoys that blend in with production connected devices, organisations can quickly detect attackers, engage them, capture their attack methods, derive their attack signature and divert them away from real IoT infrastructure, mitigating the risk of attacks on operational technology infrastructure."
The Aide platform will automatically collect IoT attack data through three methods:

  • Honey farms around the world, including a GCA honey farm with more than 1200 devices, and data feeds from partners;
  • Virtual IoT devices located on simulated networks; and
  • ProxyPots that can be distributed around the world and backed by real and virtual IoT devices.
Aide aggregates attack data into an analysis platform that is available to companies, academia, non-profits and other entities to study IoT attack signatures and patterns. In exchange for access to the data, researchers will share any algorithms developed to help Aide generate additional information products.
The analysis platform will be used to generate data feeds available to GCA partners and the security community. These feeds will be made widely available throughout the cyber-security ecosystem to enable IoT attack mitigation.
The real-time threat feeds generated by the platform can limit and mitigate identified attacks while preventing any further compromise of IoT devices. Aide allows an edge router and policy enforcement point to use threat feeds to mitigate attacks against the local environment and relies upon an application of the capabilities of the Manufacturer Usage Description standard, through which manufacturers can specify the types of activities and communications that are allowed on their devices.
This type of automated defence offers small businesses and home users a way to have free or low-cost protection for their small office and consumer network devices that often have no other way to address IoT vulnerabilities.
"The bad guys do not discriminate when deciding which organisations to target for IoT attacks, so our defences shouldn't either," said Adnan Baykal, GCA global technical advisor. "With Aide, any organisation can access our threat feeds for data, conduct analysis and even search specific activity by username, source IP, destination IP, commands, hashes and geographic location. As we continue to establish partnerships and sponsors, the platform will continue to improve and provide added value to those within the ecosystem."
The GCA is an international, cross-sector effort dedicated to eradicating cyber risk. It aims to unite global communities, implementing concrete technology and measuring the effect.