A dramatic growth of up to 30 billion IoT devices by 2020 is estimated to occur. This is a big number; however, one element in common for all IoT devices is the ‘I’ for internet, which, by direct implication, means that the internet needs to be connected through some form of medium.
The potential for the proliferation of satellite-connected IoT devices is a dramatic area of growth in this industry to bring smart, connected devices to the entire world.
Without question, the security of these devices is the ultimate assurity of the value of the data coming from these satellite-connected IoT devices, especially when they act as gateways for an extended series of even more IoT devices, as people will use that data to make decisions that may have widespread consequences.
Case in Point
Fleet Space Technologies is an Australian start-up selling satellite connectivity solutions to the IoT market. Funded with a series A round in 2017, Fleet’s focus is on satellite-enabled, massive, IoT deployments, which connects hundreds and potentially thousands of industrial devices in areas with no cellular or public low-power wide-area network (LPWAN) coverage.
Fleet provides ground-based user equipment called the Portal, which is an IoT gateway, proprietary edge network server and a satellite modem all combined into a single unit. Fleet is already selling Portals that connect to existing satellite networks to customers around the world and, in the future, Fleet will also launch its own satellites.
The Portal’s edge server includes software that selects key data, encrypts and then transmits that data securely back to the cloud over the satellite network. With this approach, the Portal enables global, low cost, low power, IoT backhaul, becoming a critical component in any remote IoT solution.
This criticality is what brought Fleet and Cog together to create a highly secure solution, allowing Fleet to be able to create a broad based sensor network in very remote locations. This solution is especially effective for remote industrial agriculture, maritime logistics, mining and environmental applications.
As Fleet approached device security, they were faced with the fact that most satellite connected IoT devices are built with a monolithic design, meaning the device is basically one, big, software stack, which leads to the following issues:
• The monolithic design creates a cumbersome approach to building scalable products with a quicker time to market
• The bigger the code base, the larger the attack surface, creating numerous opportunities for hackers to exploit
• This design makes it difficult to ensure backhaul radios are utilized for valid traffic only
• It’s hard to be sure that data integrity remains intact, and data is the asset by which the value of the device is measured.
This design comes with an enormous risk of bottom line implications. Imagine a hack where a botnet orders the device to start pinging a satellite. With every ping, the company is charged for bandwidth. Simultaneously, those communications drain the battery, drastically shortening the life of the device. The amount of operational and financial damage an attack such as this would mean for a company cannot be overstated.
The Answer: Modularity
Modularity means the isolation and protection of critical functionality — essentially by creating separate modules or containers for each function on the device. This approach proactively secures devices by reducing the attack surface. It also increases reliability by eliminating single points of failure. This can then be overlaid by modules that provide double encryption, non-bypassable VPNs, and nested VPNs, as needed to build resilient systems with defense in depth. The system can scale linearly and infinitely, thus reducing bottlenecks and preserving performance. Perhaps more importantly, modularity on secure foundations now enables device makers to extend and enhance the device with new capabilities.
Fleet and Cog will install Cog’s D4 Secure platform on Fleet Portals to provide proactive kernel protection, radio isolation for satellite communications, and a VPN tunnel to ensure secure data transport for Fleet devices. As a final step, Cog will isolate other sensors so they only draw battery power when a specific event is executed.
What are the advantages of this modular approach?
Reduced attack surface: Inherently, a single block of software is more susceptible to nefarious attacks. By carving up the large block of software into independent virtual machines, we decrease the attack surface which allows for the selective hardening of key drivers and software on the device. This is a key approach used by most OEMs — traditionally by isolating with added chipsets versus through software.
Proactive protection: One of the unique advantages of the D4 Secure Platform is the Cog enables ‘kernel hardening’ at the hypervisor layer, the purpose being to stop known malware from attacking the device. This should not be considered a 100 percent solution any more than a flu shot would be — but just like a flu shot, it is a proactive activity toward prevention.
A non-bypassable VPN: When the potential risks to an IoT device are considered, aside from merely encrypting the data traffic to “man-in-the-middle” attacks, the ability to hijack the modem and broadcast data (good or bad) from the device clearly becomes a weak spot. By forcing all data from the device to run through a non-bypassable VPN, Fleet can ensure egress from the VPN at a determined connection. This enables Fleet to analyze and manage all the data coming off the device, including shutting down any possible corrupted data from a compromised component in the extended network of devices on the Fleet gateway device.
An IoT Market Turning Point
The solution that Fleet is bringing to the market delivers the uniqueness of an IoT gateway that serves the traditionally non-connected parts of the world through satellite communications. This solution will improve the efficiency, productivity as well as reduce costs for business across the world.
The recognition by Fleet that security is one of the key requirements for creating a quality device for their marketplace is forward leading and something that Cog is proud to support with its D4 Secure Platform.
Carl Nerup’s experience is a powerful mix of proven, marketing and sales leadership and strategic execution. Carl is a frequent speaker at industry forums and conferences. He also provides advisory services to numerous companies in the emerging high technology and telecommunications industries as well as select non-profit organizations and graduate schools.
Previously, Carl was Vice President in Samsung’s Global Enterprise Business, where he had sole accountability for all direct and indirect sales for the industry leading Samsung Knox Secure Mobility platform. Prior to that, he was a member of the Executive Team at General Dynamics Broadband, where he was the Vice President in charge of global business development for their new line of business in the secure mobility industry – GD Protect.
He also served as an Executive in Residence at Carnegie Mellon University, where he worked with the Quality of Life Technology Foundry; a National Science Foundation Engineering Resource Center.
He was a Vice President in AT&T’s Strategic Business Development organization, where he had responsibility for identifying new business opportunities across all AT&T business units. He also evaluated all venture opportunities and managed the full Minority Investment Portfolio for AT&T.
Prior to AT&T, Carl was a Managing Director at Digital Island, a Cable & Wireless Company, a start-up provider of global hosting and content delivery services. Previous to that, Carl was on the launch team for Aerial Communications, a start-up provider of GSM services in seven markets across the U.S., where he was the Head of Sales Operations and Distribution Strategy.
Carl continues in his role as a Partner at Skyline Partners, a private equity firm based in Denver that specializes in select investments and specialized management consulting. Carl is an avid backpacker and lover of the outdoors.
Dr. Andrew Barton is Chief Technology Officer for Fleet Space Technologies. In that role, he coordinates the company’s technology planning, oversees the technical staff and manages strategic partnership engagements with supplier and technical partners.
Andrew previously worked at the XPRIZE Foundation as Director of Technical Operations for the Google Lunar XPRIZE where he was responsible for the implementation of all technical aspects of the prize including development of the format and award criteria of the $5.25 million Milestone Prizes, selecting and managing the panel of independent judges and communicating technical aspects of the prize to the space industry and the general public.
Prior to his role at XPRIZE, Andrew was involved in the private space industry in Europe as a technology developer, project manager and entrepreneur. Among other roles, he also worked for four years as a specialist at the European Space Agency in the Netherlands where he supported the development of scientific satellites, future planetary landing missions and the VEGA launch vehicle.
Andrew holds a Ph.D. and a bachelors degree in aerospace engineering from the University of Sydney and a Masters degree in Space Studies from the International Space University.