The Internet of Things is unavoidable, securing it should be a priority
The Internet of Things (IoT) started like any other buzzword: poorly defined, used too often, and generally misunderstood. However, it stood the test of time and is now increasingly becoming part of everyday language, even with those outside the IT world.
Security professionals generally frown when they hear a fridge manufacturer wants to connect his product to the Internet, which is understandable since they can anticipate a variety of things going wrong. I assume it’s like when a doctor hears you’re about to engage in a full contact sport and he knows you’re not even close to being in shape.
Those working in the security industry know that they can’t stand in the way of progress, even if the end result can be dangerous.
The process of making the world a highly connected place certainly won’t slow down, even though we’re increasingly aware of the potential security issues. Budgets won’t grow, software developers will always be pressured to deliver a product on a deadline without much testing for vulnerabilities. So what can we do? Brace for impact.
The IoT impact on daily life
Let’s say you’ve built a smart home and you can open and close your garage door remotely by using your mobile device. It’s handy if a neighbor wants to borrow a hedge trimmer and you’re at work. However, would you be comfortable with someone getting access to your device and finding out exactly when you open your garage door every day? They could easily find out when you’re not usually at home, and they wouldn’t even need to follow you around for that information since the data is in your device.
You might assume that the software provided by the manufacturer is secure and nearly impossible to break. And, of course, you’d be wrong.
The types of threats we expect to see targeting the growing global IoT ecosystem will be malicious attacks from cybercriminals, according to Michelle Tinsley, Director of Mobility & Secure Payment Solutions at Intel. “Manufacturers should think about deploying security at each point in the end-to-end solution. We must build security into these devices, rather than thinking of it as an afterthought.”
A smarter world
Looking at the big picture, beyond personal convenience, we have the idea of smart cities. By using smart meters for example, a city can efficiently monitor how much energy is used in a certain location at a certain time, which enables them to build a more adequate infrastructure for the needs of its citizens. With more installations, and especially with critical infrastructure at stake, the level of concern rises.
While smart cities present an exceptional opportunity for growth, sustainability, and social improvement, the projects can’t just be smart, they also need to be safe.
Backed by leading IT security researchers, companies and organizations, including IOActive, Kaspersky Lab, Bastille, and the Cloud Security Alliance, the global Securing Smart Cities initiative aims to solve the cybersecurity challenges smart cities face through collaboration and information sharing.
Security, always the dreaded question
The IoT is in its infancy at the moment and there is not nearly enough awareness about potential problems, nor is there detailed regulation that would push for extensive security testing of certain categories of products.
According to a recent study by Progress and Harbor Research, developers around the globe agreed security and personal privacy, data privacy and protection from malicious attack, and general integration and data management are the top challenges in designing, deploying and engaging customers with IoT apps.
Encryption is the foundation of trust for IoT, according to Tsion Gonen, Vice President of Strategy for Identity and Data Protection at Gemalto. “Communication between devices and their masters requires encryption as it validates who can talk to whom and validates what is sent as being valid. In addition, as sensitive data travels through the cloud and IoT environment, it should be encrypted to prevent interception. Likewise, stored data should be transparently and seamlessly encrypted to prevent theft,” Gonen added.
The problem nowadays is that we’re probably going to see a massive increase in interconnected devices in a small timeframe. In fact, according to IDC, the IoT market in manufacturing operations will grow from $42.2 billion in 2013 to $98.8 billion in 2018. What does that mean in term of devices? Gartner expects the world to have 25 billion connected things in use by 2020.
With everything that’s at stake, can anyone afford to be naïve when it comes to the security and privacy implications of the Internet of Things?