The Internet of Things (IoT) is gaining visibility. The ability to connect and manage devices via the Internet is an emerging technology frequently talked about in the media and businesses. The excitement and business opportunities are there, but some of the visibility and discussions taking place are not always positive. A growing issue is IoT security challenges. Some security providers are already sounding the alarm voicing their concerns about the vulnerabilities and challenges IoT faces.
More Exposure to Attacks
From a business perspective, IoT creates a wider surface for attacks to occur. It has already started. A steel mill in Germany was hacked and control was taken of a blast furnace. The attackers entered their network via a phishing email. This is how they gained user names and passwords. With some engineering expertise, they were able to take control of the equipment. The blast furnace could not be shut down as normal causing damages.
In your home, numerous devices are connected to the Internet like your home alarm, thermostat, router, smart TV, gaming console and more. Vulnerabilities exist in these devices making you susceptible to security threats.
A Call to Action
With the lack of security measures in place, the risk to privacy is enhanced. In a talk at a Consumer Electronics Show earlier this year, Federal Trade Commissioner Edith Ramirez emphasized the missing security and privacy measures in IoT and the increase we may start to see in home hacking.
The three points she highlighted consisted of:
- Ubiquitous data collection
- The potential for unexpected use of consumer data
- Heightened security risks
She raised the point that companies need to change their business model to protect consumer information. This can be achieved by:
- Adopting security by design
- Engaging in data minimization
- Increasing transparency and the choice to opt out of data use
An Easy Fix?
There are some unique challenges to implementing security in IoT that pose some issues to resolve. There is no quick fix. The security measures in place today for the Internet are not so easy to transfer. Some re-engineering is required to incorporate some of the best practices that are in place, such as:
- Some devices do not require authentication credentials
- Some devices are designed for low consumption
- Some have low connectivity
- The amount of disk space required for blacklisting is not practical for IoT applications
- Extensive variety of IoT applications
Layer and Layer Some More
Security for the Internet is addressed in layers. This includes spam protection, malware protection, anti-virus, and more. The same thought process and approach needs to be done for IoT. It needs to be thought of as an end-to-end solution; from the operating system, through the various stages of the device life-cycle. It needs to be embedded into the device and not approached as an add-on. The hardware security features should continuously support and maintain the secure computer base throughout the device stack.
Summary
More measures need to be put in place to secure IoT from security threats. The history of the Internet took the same course decades ago. As attacks and concerns grew so did the measures to protect users against malware.
IoT can take advantage of the technology used to protect against threats on the Internet and the decades of lessons learned. Some effort is required to re-engineer the technology to be used on these devices. We need to react now because the exposure is there and the security attacks are on the rise.
Leave a Comment