By Jeffrey Tantum

The Internet of Things (IoT) has transformed how technology can be utilized in everyday life. From smartphones, connected cars and smart facilities, the applications of IoT technology are vast. While uses vary, all these devices can connect to the internet and interact with their environment through the gathering and exchanging of data. IoT has experienced massive growth in recent years.

By 2025, it is projected there will be 27 billion IoT connected devices worldwide. ⁱ

Here at Microshare, we are connecting buildings, assets, people, and devices through a range of ready-to-deploy IoT solutions.

This expansion has presented opportunities for those in the IoT space to improve industry best practices in respects to security. An important aspect of this is refining the way device software is handled from a supply chain perspective. Scenarios involving software issues used in IoT devices spotlight the importance of third-party risk management.

For instance, in 2021, it affected multiple IP security camera vendors when vulnerabilities were discovered in the UPD Technology firmware used in their devices. These vulnerabilities potentially allowed an unauthenticated user to gain control of the targeted cameras.

The question you may ask yourself is: are MY devices susceptible to this flaw or not? In IoT, it is hard to know the answer. Electronics manufacturers are necessarily rigorous when the question of physical components are concerned: they know exactly what chips I used in a manufacturing run. The precise list of components is known in the industry as a bill of materials, or simply a BOM. But with the software or firmware installed on a device, only the best vendors can provide the same transparency.

To help fortify against external attacks, it is vital that vendors understand what components are used in their device’s software. It is common practice for vendors to develop programs by combining different commercial and open-source items. A software bill of materials, otherwise known as an SBOM, is a list of components used in a piece of software. SBOMs give industry specialists a measure that can improve software security. These lists can assist organizations in identifying potentially harmful components and facilitate the avoidance or remediation of flaws.

Though it is not yet common practice in the hardware industry, it is imperative that SBOMs are incorporated into third-party risk management best practices. Vendors across the IoT space must capitalize on this strategy to ensure software security.

Microshare employs a scrupulous third-party risk management process. We are continuously working with our vendors to develop and maintain up-to-date SBOMs for the software on devices that we bring to market. This allows programs to be compared to the latest list of published vulnerabilities to identify and remediate flaws. Mitigating security risks is at the forefront of our services and allows us to deliver secure IoT solutions.

As the internet of things continues to expand, members in the industry should embrace best practices such as this to improve the supply chain security of their products and services. And Microshare is committed to leading the way to make IoT deployment safe as we scale to 27 billion devices and beyond.

References: 

1. https://iot-analytics.com/number-connected-iot-devices/ 

Jeffrey Tantum | Cybersecurity Process Specialist | JTantum@microshare.io