Security is a hugely important issue for the Internet of Things (IoT). And, according to experts, a lot of work remains to be done.
Julie Knudson, writing at Enterprise Networking Planet, puts the situation in stark terms. She writes that not only are there no universal standards, but that even within individual categories – such as sensors, for instance – manufacturers have taken a proprietary approach to security. This is a yellow flag because it will make it more difficult to universally deploy a specific approach to security once it is decided upon.
The bottom line: This is scary stuff. The problems of a lack of security became pretty clear earlier this month when a hacker claimed that he could take control of a commercial airplane. Other stories – for instance, hacking into a car and disabling the brakes – show the extent of the risks. Something as simple as de-synchronizing lights on Internet of Things control traffic control networks could wreak havoc.
David Navetta and Seth Jaffe, analysts writing on the Norton, Rose, Fulbright Blog Network, noted that implementing IoT security poses particular problems and challenges for a couple of reasons. Commonalities in design enable one type of hack to be used to compromise many different types of devices. Added to this is the fact that the inexpensive nature of most devices dis-incentivizes patching. That dynamic will keep vulnerable devices in the field well past the time that a fix is available.
The good news, at least according to Debra Donston-Miller at CIO, is that the challenge – though it is intimidating – is not insurmountable. The first step is for IT departments to approach things with a healthy dose of skepticism and to not assume that a particular IoT-networked connection is secure.
Now more than ever it is imperative to have a data security policy in place, especially with the rise of IoT. For one thing, the collective size of the Internet-of-Things industry means that it will be deeply enmeshed in just about every crevice of everyday life. Many of these will be of marginal importance: Nobody is going to hack somebody’s alarm clock to change the radio station. However, many – from the power grid to health care – will be life and death matters. On top of that, the fact that there will be such a pervasive layer of things that need to be secure that implementing it after deployment will be a challenging, even if approaches are agreed upon.
It is clear that vehicles are one of the places that the Internet of Things is particularly common and one in which is various implementations – from essentially frivolous entertainment to vital safety – come together. Thus, a vehicle is a good place to look to see where this is going. Alexandre Palus, the automotive architecture and enablement manager at Freescale, suggests steps in facilitating IoT security in vehicles. He suggests implanting security at every level – from chip to finished product -- and keeping an especially close eye on the human element. He also advises the industry to continue working on standards and to aim for those with a long lifespan. Designers should be educated on security issues.
There seem to be some common sense steps that organizations can take at this point. Before diving deeply into I-o-T deployments, the company’s IT department should sit down with the potential vendors and have a deep discussion about security. How are the devices secured today? How in the connection between the sensor or other IOT-enabled element and the data collection point secured? What organizations and consortiums is the vendor involved in? Are the products architected in such a way that security can be seamlessly integrated once standards emerge?