Blockchain could fix IoT security gaps, says NIST report

Over 20 billion IoT devices will be in use by 2020 according to Gartner, with North America and Europe leading smart home growth. At the end of 2015, North America was already leading, with 12.7 million smart homes. By 2020, the number is expected to rise to some 46.2 million, according to a market research report.

IoT is defining our future following its integration in so many homes and organizations. But cybersecurity will always be a concern, as the number of attacks on smart devices and data breaches has gone up in the past two years. Hackers are not afraid to turn IoT devices into weapons, as we have seen with the Mirai malware infection. The large botnet created from tens of thousands of vulnerable devices launched large DDoS attacks on networks, including DynDNS and almost 1 million Deutsche Telekom routers.

Any home or business integrating this technology risks data breaches and attacks if the devices are not properly secured. Because IoT is also popular with government agencies, regulators want to enforce minimum guidelines for international cybersecurity standardization and to encourage organizations to focus more on security. NIST (National Institute of Standards and Technology), one of the bodies looking into security roadmaps for IoT, warns that malicious actors are increasingly interested in connected devices.

“It is expected to be even more revolutionary and ubiquitous in the future. Yet, the adoption of IoT brings cybersecurity risks that pose a significant threat to the Nation,” reads NIST’s draft report Status of International Cybersecurity Standardization for IoT. “The disruption of Dyn and associated Internet services underscores the significant, systemic harm that may be caused by malware dedicated to exploiting the security vulnerabilities of IoT components.”

The report says blockchain could help secure IoT devices.

“Blockchain is an evolving technology that could revolutionize IoT security,” it says. “The blockchain model favors peer-to-peer interactions between devices and thus de-centralizes security.”

Arguing that the IoT could become an ‘Internet of Threats,’ Sen. Ed Markey (D-Mass.) and Rep. Ted Lieu (D-Calif.) proposed the Cyber Shield Act that, if passed by US government, would unite a number of cybersecurity experts into a committee to develop IoT security standards. Under this bill, manufacturers would voluntarily submit their devices for evaluation to ensure they meet cybersecurity standards and reduce risks. Approved would carry a cyber shield logo.