Home Interviews BIoTs can alleviate security concerns for both owners and tenants

BIoTs can alleviate security concerns for both owners and tenants

In an exclusive interview with CISO MAG, Dr. Rishi Bhatnagar talks about his journey, the future of Building the Internet of Things, integrating IoT with farming in India, and also addresses the threats and concerns surrounding 5G.

SHARE

Dr. Rishi Mohan Bhatnagar is an international speaker and thought leader in the Internet of Things and digital space. He co-authored the book “Enterprise IoT” along with a team from Bosch. He is the recipient of the “ET Now Business Leader of the Year 2019,” Voice&Data “Leadership Recognition Award” – India 2019, Indian ISV “IoT CEO of the Year 2018” and BTVI “Business Leader of the Year 2018.” Currently, as President of Aeris Communications India Private Ltd. (100 % subsidiary of the privately held, Silicon Valley headquartered Aeris Communications Inc., pioneers in the m2m/ IoT business since 1992), Dr. Bhatnagar is leading the Aeris business in the Indian subcontinent, MEA, and the APAC region.

In an exclusive interview with Augustin Kurian from CISO MAG, Bhatnagar talks about his journey, the future of Building the Internet of Things, integrating IoT with farming in India, and also addresses the threats and concerns surrounding 5G.

Edited excerpts from the interview follow:

It has been nearly three decades since the inception of Aeris. Aeris evolved from being a cellular network to now a world-renowned IoT enabler. How has your journey with Aeris been and what were the key milestones for the company?

Aeris was founded in 1992 and is a cellular network designed and built exclusively for machines. Because it was made for machines, Aeris delivers the most reliable, flexible, and efficient global cellular network for M2M data transmission available today. The growth of Aeris mirrors the development and growth of M2M communications and the Internet of Things (IoT). It has operational reach in over 180 countries and has offices in the Americas (Chicago & San Jose), Europe (U.K.), and India (Delhi NCR). We announced our joint venture with Softbank in Japan in 2016 known as Aeris Japan K.K., to provide IoT and telematics services globally using the Aeris IoT solutions platform. We are also part of Ventic LLC, a joint venture that is the result of a long-term commitment between Volkswagen and Aeris in the development and operations of connected vehicle platform technologies.

Today we have 14 million devices managed on our IoT Platform, worldwide. Aeris is at the forefront of the technology industry, building networks and applications to enable Fortune 500 clients to fundamentally improve their businesses. We offer global connectivity for machines as well as IoT solutions and services to multiple sectors which include Automotive, Finance & Insurance, Telecom, Utilities, Manufacturing, Agriculture, and more. From telematics to medical devices to remote machines, Aeris’ customers enjoy solutions tuned for high performance and mission-critical reliability. We entered the Indian market in 2016, and with our joint go to market engagements, we have successfully established an end-to-end IoT ecosystem, cracked the IoT monetization code and today we provide flexible business and commercial models for IoT, for the price-conscious markets, going beyond India, and, creating our presence in SAARC, APAC, Middle East and the APAC region.

With no hardware choke points and several small-cell antennas relying on 5G’s Dynamic Spectrum Sharing feature enabling multiple data streams to share bandwidth partitioned in slices that may each introduce cyber risk, do you feel with 5G technology comes to the emergence of tens of billions of smart devices susceptible to cyberthreats related to IoT networks?

5G comes with the promise of download speeds of up to 10 times faster and there is a huge concern over this from a security perspective as faster speeds may present an opportunity for hackers to target more devices and launch bigger cyberattacks.

But let’s not forget that we witnessed similar concerns and threats when the Internet was growing and maturing to gain the critical mass and adoption. Similar concerns were raised when cloud technology was at its hype. Therefore, it is quite natural that any new and advanced technology will bring with it a gamut of new security challenges. We need to remind ourselves that the security of the “thing” is only as secure as the network in which it resides. This includes the people, processes, and technologies involved in its development and delivery. Managing the security of 5G networks and services requires a new approach, where security is an integral part of the end-to-end architecture and ‘security by design’ is a must.

You have spoken about integrating IoT with agriculture to revolutionize the landscape. What is the feasibility of that? What is your response to the apprehensions surrounding cyberthreats that may arise to unsuspecting farmers?

For IoT deployments, irrespective of the industry vertical whether it is manufacturing or finance or agriculture or even a social sector engagement, security should never be an afterthought.

Keeping connected devices and their data safe starts during device design and at device provisioning and deployment. Deploying IoT programs at scale calls for simplifying device onboarding processes and reducing manual steps. A common goal is to set up each deployed device to immediately be able to communicate over networks to the right destination in the cloud. But doing that securely requires examining all the steps in the process and setting the right parameters for those devices.
Farmers adopting connected technology can tie up with IoT solution and service providers who allow them to securely provision and connect their devices to the cloud with minimum (near zero) effort and help them do this securely with identity and access management best practices being deployed during the entire device deployment lifecycle.

When it comes to the concept of Building Internet of Things (BIoT), it is often said that immaturity and poor definition of the concept are a few of the biggest risks in smart buildings. Do you think there is still a need for a more comprehensive understanding of threats posed on BIoT?

The Commercial Real Estate (CRE) industry is perhaps uniquely positioned to implement the latest technologies using IoT-enabled building management systems (BMS) or BIoT to make building performance more efficient and also use sensor-generated data to enhance building user experience. The value created from the information generated by BIoT has the potential to widen the lens on value creation beyond location, and associated benefits of low-hanging fruit such as cost savings and operational efficiency through improved energy management increased level of efficiency with enhanced building performance and effectiveness that could distinguish buildings within a marketplace from a desirability and profitability standpoint.

BIoTs can alleviate security concerns for both owners and tenants. Real-time monitoring can bolster internal security, and specialized weather sensors provide advance warnings of adverse weather events. As the frequency and severity of hurricanes, floods, and tornadoes increase under a changing climate, so does the value of disaster preparedness and resilience.

From a security point of view, CRE companies can minimize the security and privacy risk that IoT technology presents by taking several measures mentioned below to become secure, vigilant, and resilient:

  • Use purpose-built BIoT devices or addons, rather than generic IoT solutions.
  • Define clear responsibilities for the players in the ecosystem and institutionalize data governance.
  • Selection of secure communication protocol is required for building automation systems, which can help integrate with enterprise management solutions.

When all these systems are unified to work together, we have a resilient Building Internet of Things (BIoT). In the security industry, the integration of the three major segments has been successful to a large extent. Physical Security Management Systems (PSIM) have been used for interoperability between safety & security systems including fire detection, extinguishing, evacuation, mass notification in both large and small projects.

With COVID-19 and employees working from home, there are even bigger threats from the IoT landscape. What are your thoughts surrounding that?

It is true that while the underlying network is relatively easy to secure, like the internet, smart devices and sensors create an ecosystem that is complex and widespread. IoT devices vary widely in their uses, and so do their security needs, which means it’s very easy to either overspend or underspend on the necessary precautions. Each component is vulnerable, and their internetworked communication is instantaneous. That means a hacker can take down an entire system in a second, long before any human or network fail-safes can respond. A disgruntled worker could sabotage devices during design or manufacturing. Criminals could steal a device shipment, reprogram the devices, and return the devices on their journey. A hacker could fake a device malfunction in an existing system, alter the device software, and then bring the device back online — security personnel would simply assume it was a minor glitch. In every case, the breaches might never be detected.

Knowledge and preparedness are key determinants for how successful any IoT security implementation will be, even when facing the unknown. By building comprehensive security measures into the ecosystem first, before a single device is activated, you can create a secure foundation that will last well into the future.

With increasing cyberattacks during the COVID-19 crisis, what are your thoughts on the need for asset inventory management?

For many enterprises, tracking an asset at every step of its journey, in real-time, is a business-critical requirement and the COVID-19 crisis reinforced this hard fact to enterprises of all sizes – big and small!

Connected asset tracking solutions provide compliance oversight, enhances owner/operator behaviors, improves productivity, and reveals granular insights for optimizing operational efficiencies. With remote tracking and monitoring, managers can make smart decisions based on factual data, driving performance, and creating significant competitive advantages for their companies.

Finally, what changes do you foresee in the post-COVID-19 world? Has the lockdown period been an enabler for security advancements in the IoT space or has it been an obstacle?

Having proper security in place makes common sense but too often this has been an afterthought. The outbreak of COVID-19 mandated remote working of the employees with country-wide lockdowns leading to an upsurge in the Bring Your Own Device (BYOD) trend, and, thus, higher vulnerability. The demand for endpoint security rose during the lockdown period. COVID-19 has accelerated the demand for managed IoT security services to safeguard the data of employees as well as organizations. In addition, regulations are now forcing device and sensor manufacturers to take security into account and not to ship without it – security by design.

This interview first appeared in the August 2020 issue of CISO MAG.Subscribe now!

Augustin KurianAbout the Interviewer

Augustin Kurian is part of the editorial team at CISO MAG and writes interviews and features.