We must secure the Internet of Things before someone gets hurt
Dick Cheney, the former vice president of the United States, famously disabled wireless access to his heart pacemaker because he was afraid that terrorists could induce a heart attack. In the 2007 movie “Live Free or Die Hard,” criminals blocked traffic and caused accidents by turning all of Washington, D.C.’s traffic signals to green.
Those real-life and fictional attacks on what we now call the Internet of Things (IoT) had the potential to cause loss of life. Considering all the IoT sensors and controls being used around the world today, it’s only a matter of time before weak security allows bad actors to seize control, enable dangerous behaviors, or trick human operators into performing the wrong action.
It’s only a matter of time. We must secure the Internet of Things before someone gets hurt. But how?
There are many challenges in that areas. For example, identity management. Are you ever exactly sure about which users, devices, or applications are trying to access your data? How can you prove identity within a reasonable doubt, but keep improving confidence that you’ve trusted the right users, and not, say, a terrorist? That means behavioral monitoring, in real time.
Take the challenge of protecting critical information, which may be regulated by laws or industries – or simply extremely valuable to corporations and to thieves. That data may affect lives immediately (like a medical device) or later (like blueprints to a hydroelectric dam’s security systems). How can you be sure that data and those devices are well protected from tampering or illicit access?
Or the networking connections themselves, which link mobile or fixed-line devices back to the data center or the cloud. Are the connections secure? Can hackers gain access by subverting an end-point… and have those connections been tested to be robust, scalable, and impenetrable? Let’s find out how.
Spot the attack. Stop the attack
The challenge in achieving a “secure” network, including the IoT sector, is that “security” is a negative goal, says Robert Haim, principal analyst at ACG Research, who focuses on the networking and telecommunications industries.
“You’re trying to achieve something despite whatever adversaries might do and you don’t know what the capabilities of the adversaries are,” he explains. Since many IoT endpoint devices don’t have enough memory to include sophisticated security software in them. “So what are we going to do?”
There are actually two problems that must be solved, Haim says: “We have to worry about the security of the device itself, and then we also have to think about what we need to do if we get hacked.” It doesn’t help that 55% of companies don’t even know where the threat is coming from, and where the problem is in their network.
Look at actions, not only identity
Mark McGovern, group leader of threat analytics, CA Technologies, says that there’s a huge need to watch what people are doing, once given access to a system. What they do is more important than who they are. “Whether it’s an existing system that’s doing real-time authorisation of 100 million […]
The post We must secure the Internet of Things before someone gets hurt appeared first on IoT Now – How to run an IoT enabled business.