‘’Billions of connected things’’ – sounds good isn’t it?
As good as it may sound, these billions of IoT devices come with compounding problems. These IoT problems or concerns are not akin to the usual IT security concerns; in fact, they are even more intense and dangerous. In the year 2015, popular security firm, Kaspersky produced an article on IoT and its consequences. The article was quoted as saying that many people do not understand if IoT is really essential in their sphere of work and if it indeed is, then they are not completely aware of the consequences when it comes to IoT security.
The article quoted two cases of networks – a Smarthome and a Car wash, which were successfully hacked into showcasing their vulnerabilities. This pointed out to the absolute lack of security in the above two cases and at a larger level – the world wasn’t exactly prepared for the kind of IoT threats.
Another interesting white paper by Wind River, a world leader in embedded systems for connected things – ‘’Searching for the Silver Bullet’’, published in January of 2015 talks extensively about the problem of IoT security. It summarized the basic problem with IoT security in three simple and yet profound points –
- IoT security must be the foundational enabler of IoT process
- There is currently no consensus on IoT security implementation in IoT devices
- A very unrealistic and largely prevalent belief is – that it is possible to compress 25 years of security process into novel IoT devices
In short, the paper said that – “there is no silver bullet that can mitigate IoT threats’’
Two and half years later as we reach the last quarter of 2017, not surprisingly, the above three statements still hold absolutely true!Sadly, even with all the efforts towards IoT security we haven’t achieved much as IoT security still lacks a punch and the threat landscape keeps increasing.
What are the major compelling areas of IoT security?
Broadly, categorized there are four critical areas of IoT security –
Flood of IoT devices :
With industry after industry embracing IoT, the number of connected devices is increasing by the day. This is a major concern for two main reasons –
First, many IoT devices are manufactured with little or no security as manufactures are either not aware of security compliance or do not want to focus on the same.
Second, more connected devices means greater “attack area’’ for hackers and compounding amount of security threats.
Unfortunately, what compounds to problem of ignorance of device manufacturers is the lack of IoT device security standards from both governmentsand industry. As far as manufacturers are concerned it’s just about making unsecured devices and letting them ‘loose’ into the IoT network. This makes IoT system even more vulnerable and threat prone. Hacking and controlling cars, smart homes, utilities equipment, grids, and even microwaves are but a few examples of threats looming large over the IoT landscape.
Data Galore :
It is simple math – more devices give rise to more data. With terra bytes of data running via the connected devices, it becomes very difficult to protect data. On one side there are vast amounts of corporate data to deal with and on the other, an equal amount of private or personal data. Both sets of data are prone to hacking and once leaked can cause serious damage to their respective owners. There is another issue here, while hackers gaining access to private data is one thing, corporations gaining access and capturing private data is another and equally dangerous thing- one never knows how the data can be utilized!
Consider the example of British Petroleum America which introduced Fitbits to track health and fitness levels of employees. While this could benefit health of employees and help company claim lower health insurance, it also allows company to collect critical health data of employees and one can never know how this can be used or even worse, what if this data falls into the hands of hackers.
Continual updates :
IoT network requires updates on two fronts – Device and Software. An increasing number of devices get embedded into IoT network with little or no security. Even if these devices were provided with the required security, what happens when hackers get smarter and create better ways to hack these devices? There is a need to ensure that devices which are already part of the IoT network get regular and relevant updates to ensure they are secure.
Easy going Consumers :
Automation has bettered living standards, thanks to technology that certain tasks are automated and benefit users in time and effort terms.But then automation has also made consumers lazy. IoT devices are a bit different and as consumers, we should be well aware of how and when to use these devices. Buying quality and secured devices is one thing and ensuring that the manufacturers update and rectify these devices in case of concern is another.
Another important aspect to keep in mind is – avoid unnecessary usage of IoT devices, if there is no use for the microwave or the refrigerator, it is better to switch them off from the internet. This way, we can ensure that the devices are not connected unnecessarily.
The future of IoT security is in the hands of all stakeholders starting from corporations to device manufacturers to software providers to users and governments. No one stakeholder is less important and less eligible than the other. There is a huge and powerful threat out there in the form of intelligent and persistent hackers, the only way to counter such elements is to stand together and take IoT security as an integral part of IoT process and not as a reaction tosecurity incidents.