Internet of Things Security Must Be Center Stage

Carl Weinschenk
Slide Show

Mobile Development Trends for 2014

It is literally impossible to keep pace with the potential uses of computing and communications technology loosely categorized as the Internet of Things (IoT). Though definitions and predictions on the level of ubiquity vary, there is universal agreement that this class of equipment and services increasingly will permeate just about everything consumers and businesses do. Indeed, it is safe to say that an individual will encounter IoT multiple times per day, often without realizing it.

That’s actually chilling. The IoT will offer such a buffet of opportunities to crackers that we all should be a bit afraid. And success, from the bad guy’s standpoint, isn’t just getting into somebody’s email. It could do such things as disrupt heart pacemakers, identify homes that are empty and ripe for burglary, raise the temperature in container trucks carrying sensitive cargo, turn all the lights green at intersections and so on.

eWeek and other sites report today that Cisco is sponsoring the $300,000 Internet of Things Security Grand Challenge. The contest was announced at RSA security conference last month. As many as six winners, each garnering $50,000 to $75,000, will be chosen by a panel of experts.


Chris Young, the senior vice president of Cisco’s Security Group, posted at the Cisco blog on the challenge on Feb. 27. He addressed the need:

For example, in the healthcare sector, it’s easy to imagine how Internet-connected devices and systems are revolutionizing patient care. In the transportation sector, technologists are already connecting vehicles and their subsystems to the Internet. It is also, unfortunately, too easy to imagine how these world-changing developments could go terribly wrong when attacked or corrupted by bad actors.

The call by Cisco and others is to accelerate work on this challenge. If the industry fails, the implications are dire. At Forbes, Debra Donston-Miller laid out the IoT security problem and offered four steps that Chris Clearfield, a principal at the SystemLogic consultancy, said should be taken in the creation of devices: Existing system engineering tools should be applied to the IoT threat, modular hardware and software designs should be used, open security standards should be employed where possible, and a “skeptical culture” should be encouraged.

At Electronics Weekly, Steve Bush got a bit deeper into the concepts around building security into devices and the web of interconnections into which they eventually will fit. The reality is that security must be job one at the granular level – how each device and application is put together – and at each successive higher level. These include how elements are managed and communications sessions are conducted. The problem, as with any other sort of electronic security, is that the people trying to use the systems for nefarious purposes are as smart and well trained and, in most cases, as well financed, as the good guys.

It is not difficult to understand the dangers of the IoT. Indeed, each story on the topic seems to have completely different, highly believable, very creative and extremely chilling scenarios. At this point, the best practice is simply to overprovision security at every step in the process.



Add Comment      Leave a comment on this blog post

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 
Resource centers

Business Intelligence

Business performance information for strategic and operational decision-making

SOA

SOA uses interoperable services grouped around business processes to ease data integration

Data Warehousing

Data warehousing helps companies make sense of their operational data