Written by Laurent Dupont

Niko

Creating IoT security awareness

Niko puts security at the heart of home automation

To increase the awareness and knowledge of IoT security within its development teams, Niko invests in tailor-made training and coaching.

The advent of the Internet – and by extension the Internet of Things – has also caused quite a landslide in the world of home and building automation. “With hindsight, classic home automation mainly operated on closed or so-called standalone systems”, says Lieven Gesquière. As chief architect, he leads a team of system architects at Niko, a manufacturer of switchgear, detectors, and solutions for home automation. “Connectivity to the Internet only came later. And with it, the opening up of the home network or LAN to the outside world.” Consequence: the smart house was no longer a safe haven.

IoT security

SDLC

Awareness

More than just a band-aid on the wound

“Your home is a particularly sensitive environment,” Gesquière realizes. “Just like no one wants to leave their front door open, no one wants to make their home technologically accessible to anyone. Unfortunately, that insight did not prevent that familiar home environment from being harder to shield hermetically from the outside world. Also because home automation products were becoming increasingly complex and their communication with and exposure to external networks and systems was increasing.

Ironically, because of that, aspects such as security and privacy became increasingly important. In fact, they are now essential. Niko is setting the bar high. “Right from the start of the design phase and throughout the entire product life cycle, we take security into account. And we continue to maintain and improve that security. After all, there’s nothing worse than a breach of security on a customer’s premises: you don’t want to be in the papers for that.

Just like no one wants to leave their front door open, no one wants to make their home technologically accessible to anyone.

Lieven Gesquière – Chief Architect @ Niko Group

Creating IoT security awareness

Niko’s R&D organization is involved in the development of all connected products. Niko has always recognized security and privacy protection as essential in its products and has been assisted – for several years now – by Toreon, and independent consultancy firm for IT security that specializes in industrial security and IoT. “As a developer, you need to ensure that IoT devices are resistant to the most common attacks and that you can always make the necessary updates safely and securely,” says Sebastien Deleersnyder, CEO of Toreon. “Toreon and Niko’s development teams blended their expertise in IoT security. Toreon advised them exactly what to look out for when securing and updating IoT devices, what threats exist, and how to protect against various attacks.

In a first phase, we did this through formal training. Today, we provide security coaching to the product developers”. “This evolution towards a coaching role is extremely important,” stresses Lieven Gesquière. “Our product developers should keep up with the evolution of IoT attack techniques and have to be able to carry out many of the security tasks independently”. For this reason, a few security champions were appointed who regularly test and challenge employees.