CyberNews Cybersecurity Interview with Hatem Oueslati, CEO of IoTerop
This interview originally appeared on Cybernews.
As time goes by, people are adopting more and more new IoT devices. And while they’re usually very convenient assets for everyday usage, they are also great targets for cyber felons.
IoT devices have always been facing cybersecurity challenges, but the pandemic has accelerated the frequency of such attacks. Hackers can attempt to spy or hijack the data, or ask for a ransom. This can result in exposure of one’s sensitive data and financial damage.
As governments are passing various legislations to ensure security for IoT devices, the market has robust solutions to offer, such as IoT Device Management services.
How did IoTerop originate? What has the journey been like since your launch in 2016?
I’ve been working together with my two associates – Jacques Bourhis and David Navarro – for more than 20 years at international companies, including PALM, ACCESS, and INTEL. We have very deep expertise in embedded systems, telecommunications, and cybersecurity. In the early 2000s, we worked on the very first mobile-connected PDAs (Personal Digital Assistants) that are now called Smartphones. We were also strongly involved in the early Security & Device Management standardization bodies. This is where we identified the challenges and opportunities of the emerging Internet of Things. We knew that security, interoperability, and device management would be the key factors for success to meet the expected massive IoT deployments needs. And this is why we left Intel in 2016: to create IoTerop and bring the necessary innovations in order to tackle those challenges.
Since 2020, IoTerop has been a Board member of the OMA SpecWorks organization, which defines IoT device management standards. We have strong leadership in the evolution of OMA Lightweight M2M (LwM2M) specifications, and we participate in the IoXT Alliance and IETF IoT Security Standardization efforts. We strongly believe in the role of Open Standards in creating interoperable, sustainable IoT solutions and enabling strong ecosystems favoring massive deployments. Today, IoTerop supplies its security and device management software solutions to IoT worldwide leaders, including Itron, Thalès, EDMI, ST Microelectronics, EDF, and others. Our technologies are truly game-changers in the areas of Smart Street Lighting, Water and Gas management, Smart Metering, and Asset Tracking.
Can you introduce us to your device management platform? What technology do you use to secure various devices?
Our IoT Device Management Platform, ALASKA, allows service operators and fleet managers of connected objects to easily and remotely operate the life cycle of their connected devices, even the devices that are very constrained. They can easily and quickly configure, parameterize, control, secure, maintain, and update their connected objects remotely, regardless of the connectivity used.
ALASKA is a multi-protocol platform and leverages open standards. It is optimized to work well with the OMA LwM2M standard, implementing IETF DTLS/TLS/OSCORE as security layers and the IPSO/UCIFI object models in order to convey interoperable object semantics, enabling true interoperable interactions and services with a wide range of device types.
ALASKA enables end-to-end security from the device to the cloud thanks to authentication & cyphering protocols specifically designed to meet the constraints of IoT devices (usually limited in computing power, energy, and memory). What is important to understand is that security cannot remain static. Overtime, security vulnerabilities, defects, or bugs require a change to the device security certificates, keys, parameters, or an update of their actual firmware. These mechanisms are extremely important to consider when launching IoT devices and solutions in the market. This is why a Device Management platform is absolutely needed: to ensure the dynamic security and sustainability of your IoT solutions in the long run.
It is evident that establishing Open Standards is an important part of IoTerop. Would you like to share more about your approach?
We are adamant that worldwide IoT adoption and massive deployments cannot happen without Open Standards. Similar to the way that we can’t imagine having a mobile company launch its own smartphone, we know that working only with devices of the same brand over a proprietary network is not sustainable. IoT will inevitably capitalize on Open Standards in the same way that the Internet or mobile industries have reached massive adoption and deployments thanks to Open Standards.
This is the reason why we not only participate in IoT standardization efforts, but are also in the driver’s seat for some of them by leading specifications and contributing to the evolution of IoT Security & Device Management Standards. In 2020, David Navarro, IoTerop’s Co-Founder, was elected to the Board of Directors of the Open Mobile Alliance Specworks with Itron, Ericsson, T-Mobile, AT&T, Qualcomm, and ARM. David has been intimately involved with LwM2M specifications and its evolution since its creation. Our approach is to deliver disruptive solutions leveraging state-of-the-art device management and security standards to our customers very quickly. We’ve built expertise and significant know-how that is extremely valuable in the industry.
How did the recent global events affect the IoT landscape? Have you noticed any new security issues arise recently?
IoT Security is currently a very important subject in the industry. We’ve seen a huge increase in foreign attacks on IoT devices, and governments adopt policies requiring security on IoT objects. The good news is that most industry players have understood that security is an important pillar of their IoT solution. Still, some improvements need to be done so that everyone understands that security is not a “do it and it’s done” scenario. We all need to think about security in a dynamic way: your devices might be stolen, spied on, or hacked. Hackers may find a security vulnerability or exploit a system after deployment. Therefore, companies and institutions need to have a way to detect intrusion, revoke or stop concerned devices, send data to their infrastructures, change their security credentials dynamically, or even fix the vulnerabilities and have a way to update their device software remotely.
With recent events, the world is discovering that cyberattacks can be a way to destabilize industries, cities, and states. In the case of IoT, this could be even more worrying where these devices are more and more involved in our daily lives, such as through managing our streetlights, water, gas or electricity meters, traffic lights, and operating buildings. Usually, IoT devices are the weakest link in the industrial value chain. It is therefore extremely important to secure them and constantly keep them up to date.
In your opinion, what are the most pressing threats associated with IoT devices?
IoT devices like smart water, gas or electricity meters, and streetlights are by definition highly accessible in our cities and communities. They usually link to a wider and critical IT infrastructure. Most of the time, IoT devices are the most vulnerable link within an overall IT infrastructure, and therefore a potential easy-entry door to a critical industrial system. The most likely threat scenarios include spying or hijacking the actual data from IoT devices in order to exploit them or gain critical information about the underlying IT system. When IoT devices are actuators (meaning that they can act on their physical environment) like a barrier controlling the opening of a bridge or lighting city streets, it’s easy to understand that hacking these devices can have negative consequences to citizens’ lives.
Why do you think so many companies struggle to keep all of their devices under control?
Securing IoT-connected devices is not like securing a computer! We all face a number of challenges: IoT devices don’t have the same computing power as PCs, and they are usually constrained in terms of memory, bandwidth, and power. You need to select the right protocols, standards, software, and solutions to meet these constraints. You need to find the right experts who are able to understand these requirements and supply the corresponding technologies and assets within the right price range. IoT is cost-sensitive, which is why you need to have very performant software running on them to ensure the most robust security.
You also need to think about deployments and sustainability. What if you plan to deploy your devices everywhere in the world? Are you able to change a parameter, a security configuration, or certificate remotely without sending someone there? You need to think about those challenges at the earliest possible stage during your solution development and leverage the right expertise.
When it comes to individual users, what security measures do you think are essential for personal devices?
Palo Alto Networks estimates that 98% of all IoT traffic is unencrypted. Without encryption, your device data privacy is potentially at risk. As an individual user, you need to ensure that your personal device doesn’t leak data through a lack of security support! Imagine if someone in the street could easily access your smart watch’s personal health data or your in-door camera video stream. You need to double-check that your personal devices enforce encryption & authentication to ensure your data privacy. You also need to ensure that these security mechanisms are maintained and up to date and that software updates are regularly available and performed.
Since the smart city is one of your main fields of focus, share with us, what do you think cities are going to look like in the near future?
We are already working on making this real. For example, EDMI used our software in its new generation of Smart Water Meters, deployed in Australia and New Zealand. Smart Water Meters can help one of the driest countries on Earth have real-time access to water consumption and prevent water leaks. This leads to significant water resource savings each day.
In a similar way, Urban Control uses our IoT device management platform to manage streetlight controllers which can dynamically control street lighting and significantly reduce their electricity consumption.
And finally, what does the future hold for IoTerop?
Our goal is to be a worldwide leader in the IoT Security & Device Management industry and supply our solutions for operating and managing billions of IoT devices. We’ll continue to support and promote the use of Open Standards as this is the only way to achieve massive IoT deployments and create sustainable and interoperable ecosystems in the long run.
We continue to invest heavily in implementing and supplying disruptive end-to-end IoT solutions to our customers that enforce the combination of state-of-art IoT Security & Device Management features. Thanks to our customers, the deployments of our software solutions are more and more massive and expand to wider market segments, including Smart Cities, Street Lighting, Automotive, Asset Tracking, Smart Metering, Water and Gas, Energy. We are currently accelerating our growth and are already in the process of expanding our business operations to further geographies, including Australia/New Zealand and Northern Europe.
Stay tuned for further announcements!