Internet of Things (IoT) is one of those terms that conjures up a wealth of opportunities, as well as some daunting challenges. Embedded sensors in devices such as cars, kitchen appliances, home security systems, heart monitors, fitness bands, and smart watches can definitely make life easier. But collecting, using, and sharing this kind of information over the Internet can make data security, and even personal safety, an enormous concern.
IDC’s global 2016 survey illustrates both the promise and the growing pains of IoT. For 56% of enterprises, IoT is part of their strategic plans for the next two or three years. But the state of adoption varies widely among industries, with manufacturing, retail, and financial services on the cutting edge, and government, healthcare, and utilities moving more slowly. For these latter industries, complying with regulations is an essential part of adoption.
Because IoT can provide an avenue for hackers to penetrate connected cars, critical infrastructure, and even people's homes, several tech companies are focusing on cyber security in order to secure the privacy and safety of IoT data.
Imagine your car suddenly being taken over and driven remotely. Or your home security system being hacked so that it spies on you and your family. These kinds of possibilities are enough to make consumers think twice about the promise of IoT. They are also opening the eyes of the vendor community to the dangers of connecting products when IoT security is not adequately understood and addressed.
If the great potential of IoT can only be realized when basic security safeguards are in place, what should those safeguards be?
At the most basic level, IoT security must encompass the complete system surrounding an IoT device or connected product. This includes mobile and web apps, servers, databases, and integrations with other systems:
At a macro level, it also includes:
· The ability to address potential security vulnerabilities in IoT devices or applications through patching and security upgrades throughout their lifecycle
· Common industry definitions so consumers know what they are getting as they add IoT to their everyday lives
Because these last two represent such widespread concerns, NTIA is planning to launch a new multi-stakeholder process to support better consumer understanding of IoT products that support security upgrades. The goal will be to promote transparency in how patches or upgrades to IoT devices and applications are deployed, and also a set of common, shared definitions and tools.
The advent of IoT comes with some scary predictions:
“Sometime during 2017 we should anticipate the release of an automatically propagating IoT worm that installs a small, persistent malicious payload that not only continues to infect and propagate amongst other vulnerable IoT devices, but automatically changes all the passwords necessary to remotely manage the device itself. The owners of the now locked-out devices will be forced to pay a ransom to the mastermind behind the worm in order to learn the new password, thereby taking the ransomware threat to the next level. To prevent this worm – and future versions – device owners will not only have to preemptively change default passwords of the devices, but also manage the patch level of the kernel software on the device to prevent exploitation of new vulnerabilities.”
The burden is on IoT companies to make their devices secure, even if vulnerabilities are not necessarily solely their industry's fault.
Jeannie Warner, security strategist at WhiteHat Security, feels that new guidelines will force more application security vendors to partner with device control testing labs. This will help the innovative organization manage risk by identifying vulnerabilities early in development, continue to monitor challenges during testing, and help release more secure products.
hese simple steps will go a long way toward making IoT devices and their users more secure:
As we realize the Internet of Things’ enormous potential, let’s give ourselves the best shot at an innovative and secure experience for everyone connected to the IoT world.