Remote Work Opens Network Infrastructures to Security Risks
As the workplace shifts to the home, network security becomes a greater challenge. Hardware authentication, strong encryption, and shielded cabling will become essential in computers and IoT products.
The coronavirus pandemic has set the stage for a comprehensive shift in workplace settings and network infrastructures. Significant reorganization of company IT structures are needed as more office workers settle into permanent home offices.
While the pandemic will eventually end, the investments made to develop remote workplaces will have lasting effects. Many major companies have declared remote work permanent, and are scaling back on commercial office space and accelerating their IT modernization plans. These plans often involve moving more of the IT infrastructure away from on-premises server rooms and in-house data centers and onto major cloud services platforms, like Microsoft Azure and Amazon Web Services. Purchasing cloud services allows firms to delegate issues like security and infrastructure management to specialist service providers that can benefit from economies of scale and established, proven methodologies. This year, even many IT managers are working from home, managing virtual infrastructures running on virtual machines in AWS and Azure datacenters.
Whether a company relies on physical IT infrastructure in the office or elsewhere, it is still vulnerable to virtual and physical cyberattacks. As we’ve discussed previously, major cloud services providers employ elaborate security measures that are beyond the reach of most of their customers. Consequently, companies that use major cloud services providers have become more concerned about virtual attacks rather than physical attacks. However, the remote work landscape actually presents new risks for physical attacks.
As workers spend more time in their homes, they are buying a huge amount of consumer electronics (in addition to desks and office chairs) to deck out their home workspaces. Personal computer sales jumped by 11% to 72.3 million units in the second quarter compared to the same quarter last year, after years of declining sales. Sales were even higher in the U.S., where sales grew by 14% to 21.4 million during the same period compared to the second quarter of 2019. Computer peripherals, including storage and input and output devices, also saw significant growth, along with smart home products. Smart home devices include web service-enabled home monitoring and control devices like lighting and HVAC control systems, security systems and cameras, and home media systems.
As the corporate physical IT infrastructure grows more remote from the worker, the home IT infrastructure is growing closer to the worker and broader in scope. Companies delegate issues like physical IT infrastructure to cloud service providers, but who is looking after the security of a steadily growing domestic Internet of Things?
Securing the Domestic IoT
The home-based workplace faces a new set of vulnerabilities. Smart technologies, like deadbolts that can be unlocked with a phone app and web-enabled security systems, are targets for cyberattacks that lead to physical intrusion. For consumer-grade IoT systems, most of these issues are being addressed with software security measures. However, growing awareness about the increasing sophistication of attackers is also giving rise to more secure hardware measures for IoT devices. For example, an IoT smart door lock could be the target of an attack mimicking an authentic server request. Devices fitted with an electronic authentication device within the lock offer mutual authentication via a series of challenges the device and server issue to each other in order to confirm that the request is genuine. Confirming that the device is also genuine is equally, as a sophisticated bad actor may be able to replace the lock with a convincing replica.
Manufacturers offer components like Maxim Integrated’s Maxim DS28C36 Deep Cover Secure Authenticator, available from Mouser, which can protect against cyberattacks in a physical home office as well as its equipment. Authentication using hardware components allows individual IoT devices to confirm server requests, as well as provide confirmation that the device itself hasn’t been tampered with or replaced with a counterfeit.
Corporate IT at Home
Of course, what is relevant to home IoT security is even more relevant to enterprise applications, which usually offer a lot more goodies that sophisticated bad actors might want to get their hands on. However, the current pandemic-inspired reality means that a lot of highly-sensitive corporate traffic is now flowing across home networks that haven’t fundamentally changed much in 10 or 15 years. The distinction between enterprise and consumer security is becoming blurred.
With this merging of corporate IT and home networks, some commentators have recommended security upgrades to the home network. Penny Heyes, co-founder of the Trust Bridge, a data security consulting firm, spoke on the ECIA’s Channel Channel podcast about the need for organizations to protect data being used by home office workers. In addition to the software-based precautions Heyes discusses, including adherence to strict data security strategies like multifactor authentication, the physical network security in the home office environment must be protected.
With a wide range of people working from home, including C-suite executives of public companies and IT managers responsible for critical infrastructure assets, the potential for physical attacks on corporate traffic on home networks has never been higher — and the strategies for bad actors to execute such attacks are out there.
At the 2020 Black Hat USA conference, security firm Armis presented a novel cyberattack strategy that affords network access through radio and other attacks on unshielded Ethernet cabling. While corporate office networks with large bundles of Ethernet cabling running side-by-side may widely employ well-shielded Ethernet cabling to limit electromagnetic interference (EMI), it is uncommon for home network applications. With this new cyberattack strategy available, however, the choice of whether to use shielded or unshielded Ethernet cabling is now a serious consideration for designers of home networks and computing products.
Lessons for the Electronics Industry
As working from home becomes part of the workplace reality, manufacturers of home network electronics like routers, modems, and cabling will have to take enterprise grade security for consumer products more seriously. Features like hardware authentication, strong encryption, and shielded cabling will become more essential. Companies must understand that their corporate networks are in the hands of cloud providers and their home-based employees, and cyberattacks don’t stop at the walls of their offices — if those walls even still exist.
Like this article? Check out our other data centers and cloud computing articles, our 2020 and 2019 Article Archives, and our Datacom/Telecom and Consumer Market Pages.
- 30 Years of Automotive CAN - March 30, 2021
- Industrial Interconnects Enable Advanced Process Controls in the Fresh Water Industry - February 23, 2021
- Remote Work Opens Network Infrastructures to Security Risks - December 8, 2020