Cybersecurity in IoT: Achieving Digital Security in an Age of Surveillance


In the 2006 science fiction thriller Déjá Vu, Denzel Washington plays a government agent who uses novel government technology to fold time and space back onto itself so that he can retroactively prevent a terrorist attack. It’s a creative interpretation of the concept of déjà vu, and, of course, Washington’s character uses this technology only for good. While the idea of literally bending time and space to repeat the past is relegated to science fiction, the film raises important questions about the ethics and prevalence of government surveillance, which are particularly prescient for our modern times.

As part of the natural evolution of technology, the internet of things (IoT) has established itself as one of the most transformative innovations of our time. IoT is a simple process of connecting existing devices to the internet so that they can send and receive data that allows them to act independently. Dubbed “smart” devices, they are becoming incredibly popular. We are connecting billions of IoT devices to the internet, and Gartner predicts that we will connect more than 20 billion IoT devices by 2020. This includes everything from smart home systems to driverless cars. The full range of the ordinary to the extraordinary is represented by the IoT.

Unfortunately, all of these connected devices and the troves of data that they transmit through the internet are fodder for government surveillance. As Shay Hershkovitz eloquently wrote in Wired, “There is little doubt that the web is the greatest gift that any intelligence agency could have ever asked for.” The internet is a place where we willingly provide our personal data to companies and governments in exchange for the pale privilege of surfing the web.

This is especially true with IoT. All of our connected devices continuously broadcast our information, and the collection can be used in unimaginable ways. Former director of national intelligence James Clapper said during congressional testimony that “In the future, intelligence services might use the [internet of things] for identification, surveillance, monitoring, location tracking, and targeting for recruitment or to gain access to networks or users credentials.

Even for people with nothing to hide, this is a concerning statement. With all the data shared through IoT, it’s almost like surveillance projects do have the ability to bend time and space to repeat the past.

Fortunately, we are making progress here with the development of blockchain technology, the decentralized ledger system that’s enabling and securing the most valuable cryptocurrencies in the world, and is also offering security solutions for IoT that may allow the practice to thrive while still preserving privacy and security.

The blockchain decentralizes the network.

One of the obvious but unique aspects of IoT is that all of its devices broadcast their information through the internet. Even two devices sitting directly next to one another will communicate across millions of miles of internet infrastructure. Since these devices broadcast through cloud services housed in centralized servers, there are evident and vulnerable points of attack or surveillance.

The blockchain runs a decentralized ledger system, which distributes information across a network of computers and uses a consensus algorithm to ensure parity. IBMembraces this approach in its IoT for business products, noting that the blockchain “enables your business partners to access and supply IoT data without the need for a central authority or management.”

Moreover, according to Deloitte, IBM and Samsung have put together a proof of concept using the Ethereum blockchain to improve the technical capabilities of IoT and to enhance its security. Their product has secured financing from Verizon Ventures, the investment division of Verizon Communications, which indicates that the security enhancements produced by decentralization are offering promising results.

The blockchain enables tokenized information.

The blockchain was initially conceived by bitcoin developers to facilitate p2p transactions without the use of an intermediary like a bank. It’s been pretty successful so far, and this same concept can be applied to IoT. The creation of unique IoT related tokens can allow individuals to participate in the ecosystem while still protecting their most vulnerable information.

In many ways, tokenized information is the perfect balance between accessibility and privacy. After all, the IoT becomes a lot less compelling if it can’t adapt to your use-cases. In this case, the token acts as a substitute for a person’s actual information. Therefore, IoT can achieve a personal connection without ever revealing any personal information. It’s an ironic scenario, but it’s one that makes all the difference in preserving privacy.

The blockchain is unchangeable.

One of the most troubling aspects of government surveillance is their ability to conceal their actions. Without whistleblowers like Edward Snowden or ironic hacks on government databases, the extent of surveillance is rarely known or understood. The blockchain offers a transparent framework that records activity and ensures that records cannot be tampered with.

The blockchain’s transparency is a hallmark of the platform, and it’s a valuable measure toward ensuring that user’s data is accurate, intact, and secure. There is no slowing IoT development, and that’s a good thing. With the blockchain, IoT can secure users’ privacy before it becomes a commodity of government surveillance programs.

Unfortunately, we know that surveillance programs rarely play the heroic role that they do in films like Déjà vu. In fact, for IoT to ignore this fact would cause some unfortunate déjà vu as it falls victim to the same privacy violations already plaguing the internet.

The post Cybersecurity in IoT: Achieving Digital Security in an Age of Surveillance appeared first on ReadWrite.


Achieving EAM excellence in Oil and Gas

Oil and gas companies are facing major changes due to an era of lower oil and gas prices. Energy companies are increasing their investments in analytics, mobile, and Internet of Things capabilities. These investments will help them to reduce costs, improve operations and be more secure. The companies are connecting their processes, people and their assets (things).

In order to extract oil and gas in today’s economic environment, companies need to utilize and understand cutting-edge technologies and to employ highly skilled engineers, which comes at a high price. Maintaining the highest safety standards possible is paramount and companies are constantly improving their behavior, safety and leadership skills.

IBM is using its technological expertise and decades of leadership to help organizations in the oil and gas industries. From exploration and production to refining and marketing, IBM offers IoT solutions for oil and gas operations. With deep industry and process expertise, IBM helps oil and gas companies to enhance operational sectors, which can improve efficiency and optimize global resources in ways that enable organizations to focus on operational efficiency and resource utilization.

Asset Management for the Oil and Gas Industry

Figure 1: Who uses Maximo for oil and gas?

Figure 1: Who uses Maximo?

Asset management in the Oil and Gas industry can be a mammoth task and requires tremendous efforts. It involves managing several aspects including asset analysis, facilitating compliance efforts, planning shutdowns, reducing manual intervention, responding to complex supply chain demands, aligning roles and responsibilities and facilitating continuous improvements and much more.

IBM Maximo for Oil and Gas is built on a service-oriented architecture. It brings together traditionally separate business functions onto a single, integrated platform, and then adds a layer of industry specific functionality to support the unique requirements of the industry. It can help organizations boost operational intelligence and realize operational excellence with standardization, convergence, collaboration and the adoption of industry-standard operational practices.

IBM Maximo for Oil and Gas can be used to:

  • Understand best practices to help improve the productivity and efficiency of critical assets
  • Manage each asset’s life cycle including acquisition, work management, inventory control, purchasing and preventive maintenance
  • Specifically address the specialized industry concerns such as failure codes, asset specifications, location details, prioritization matrix, regulatory compliance and condition for work
  • Help reduce cost and facilitate and automate common processes
  • Easily integrate into most existing business systems, because it is built on J2EE component-based Internet architecture.

It also helps managers to improve asset analysis, facilitate compliance efforts,  plan shutdowns, instill integrity management, reduce manual intervention, respond to complex supply chain demands, align roles and responsibilities, facilitate continuous improvement, standardize and sharing data, improve organizational learning and address health, safety and environment needs.

Maximo software provides IoT solutions necessary to collect valuable knowledge, improve operational efficiency, and manage and operate mission-critical assets safely and productively. As oil and gas companies strive for operational excellence in a world that’s growing smaller and smarter, Maximo helps provide a competitive advantage.

Manage critical physical assets on one common platform

Maximo for Oil and Gas is a complete enterprise asset management solution that helps manage production equipment, facilities, transportation and infrastructure assets on a single, integrated platform. It helps organizations improve safety, reliability and compliance performance. It does this while reducing costs through standardization, convergence, collaboration and the adoption of better operational practices.

  • To learn more about the capabilities of the solution, please read the Solution Brief.
  • Explore further resources such as case studies, videos and more.

The post Achieving EAM excellence in Oil and Gas appeared first on Internet of Things blog.

Internet of Things blog

Step Six: Achieving Compliance

Step six in our series “Ten Steps to Drive a Connected Product Program,” looks at achieving compliance

  • Often the same person who is most concerned about IT security is also responsible for compliance.
  • Simplify the compliance process by offering automated, regulation-specific compliance reports around user authentication, access control, and product performance.
  • Most organizations overspend on audits, offering automated compliance reports helps reduce the cost and complexity.

The following statement may come as a surprise. In a 2011 survey of healthcare organizations, the Ponemon Institute asked, “Who is most responsible for preventing and detecting data breach incidents within your organization?” The answer: “The compliance department.”1 (In other words, the same compliance officer who ensures that all devices in the hospital lab are compliant with FDA standards for product safety and performance is also typically responsible for security technologies that defend the organization’s private data.) Let’s agree that this is a daunting job.

Most of your customers, if not all, will fall under one or more of the following compliance umbrellas: FDA, Good Manufacturing Practices, Sarbanes-Oxley, PCI-DSS, GLBA, FISMA, the Joint Commission, HITECH, HIPAA, the Data Protection Act, and the Freedom of Information Act. In most cases, organizations use compliance frameworks and standards (such as COBIT, ISO, ISA, IEC and NIST) to serve as over-arching guidelines to inform them on how to comply.

While there is no silver bullet to satisfy all of these rules and regulations, you can help your customers simplify the compliance process by offering automated, regulation-specific compliance reports around user authentication, access control, and product performance. Automating the compliance process provides numerous benefits to compliance officers, including the centralization of audit information, the ability to manage third-party risks more effectively, and an increased confidence in the company’s security compliance posture around the connected products initiative. An automated compliance approach also gives compliance officers more timely compliance status information, thus simplifying the work load for the never-ending cycle of external audits.

Internal Considerations:

  • Expect a security conversation. Appreciate the impact of adding intelligent devices to a network, and anticipate your customers’ security concerns around suitability and acceptability. Add credibility by demonstrating your knowledge in this area.
  • Enterprise and network security policies often require management to take a close look at vendors. Strict vendor guidelines should be anticipated by you and by counsel.
  • There are obvious differences between compliance and security. But they are very similar in more than one way. One of which is that they are designed to assure a higher standard of business performance. If your organization has standards to which it complies, now is the time to share this information.

External Considerations:

  • Many organizations overspend on audits; offering automated compliance reports helps reduce the cost and complexity of your customer’s compliance programs.
  • Understand your customer’s compliance umbrella. The lab manager concerned with FDA medical device approval is a distinctly different persona than the retailer concerned with PCI DSS. Be prepared with some sample automated compliance reports.
  • Take proactive measures to help take the cost and complexity out of compliance and security.

Securing Your IoT Infrastructure

As more components of your IoT infrastructure becomes connected, the demand for a solution that protects manufacturers and their end-customers from hackers, malware, and unsafe operations continues to increase. So how will you secure your existing IoT devices and prepare your infrastructure for the double-digit increases that are occurring year-over-year? Listen to this webcast replay that talks about how to address key challenges.

1 Security technologies are essential to defend an organization’s private data, yet according to December 2011 Ponemon Institute Research Study: Providers’ perceptions about their organizations’ privacy and security environment. Security technologies are considered essential or very important to defending their organizations’ patient data, according to 72 percent of respondents. The function considered by respondents to be most responsible for preventing and detecting data breach incidents is the compliance department (36 percent) followed by no one person or department (25 percent). The IT and IT security functions are at a lowly 14 percent and 12 percent, respectively. This is virtually unchanged from last year

Series: Ten Steps to Drive a Connected Product Program

The post Step Six: Achieving Compliance appeared first on ThingWorx.

Thingworx Blog – ThingWorx