LPWANS: A Hidden IoT Security Risk

Make sure your company is not caught off-guard by low-power wide-area networks in corporate environments.
By Andrew Howard
Dec 10, 2017

Interest in low-power wide-area networks (LPWANs) among Internet of Things (IoT) providers and end users is skyrocketing. LPWAN towers are popping up all over because they can connect devices across large geographic areas due to their long range, while using less battery power on the devices they connect, and offering cheaper data subscriptions than traditional cellular networks.

In fact, BI Intelligence estimates that the number of IoT devices connected via LPWANs will reach 700 million by 2021, which it says represents "remarkable growth for such a new technology that has little present adoption." Such rapid adoption will not come without challenges. The biggest of these is security. Security personnel have visibility and control on their own network, but lose this when devices communicate via a third-party network, such as an LPWAN. In all probability, these networks already permeate your organization. The question is whether any devices are already deployed that use these networks.

That being said, here are several tips on what chief strategy officers and others can do to prepare for the growing popularity of lower-power and cheaper data connections finding their way into their organizations.

• Manage the risk: Update your organizations threat model. Take into account small, out-of-band sensor technologies and identify the risks they could pose to your organization.

• Increase your visibility: Use your people, processes and technology within the organization to detect LPWAN devices before they become a problem. You can't tactically respond to a threat if you are unaware of it. Deploy a wireless discovery and mapping platform to identify devices inside your organization. Modify your procurement policies to ensure qualified security staff check for LPWAN antennas present in new devices before they enter the facility. In addition, understand what sensors are present on each device and whether they introduce new risks to your environment. Assume an attacker could take full control of a device, and decide what a malicious device could do where it is deployed. Finally, educate your personnel on the risks posed by these devices. Use your threat model for specific examples if they are not too sensitive. Teach them to identify and report unknown devices.

JOIN THE CONVERSATION ON TWITTER
Loading
ASK THE EXPERTS
Simply enter a question for our experts.
Sign up for the RFID Journal Newsletter
We will never sell or share your information
RFID Journal LIVE! RFID in Health Care LIVE! LatAm LIVE! Brasil LIVE! Europe RFID Connect Virtual Events RFID Journal Awards Webinars Presentations