Use iot gateways and Edge devices. To mitigate against an overall lack of security, many companies are using iot gateways and edge devices to segregate and provide layers of protection between insecure devices and the Internet. Get involved in interests creating standards. On a macro level, the best thing you can do to ensure iot security over the long run is to get involved in setting standards both in your particular industry and in tech as a whole. This article was produced by wired brand Lab for dxc technology. Last month, we released a set of features in preview designed to make it easier than ever to display real-time streaming data in your Power bi dashboards. Check out the announcement if you havent already. Today, i want to show you just how easy this can. Many of you have expressed interest in using Power bi to display real-time sensor data.
So what can companies do now to latch on to iot without making security compromises? Moyer had a few suggestions: take an integration approach. This is a case where more is better. Moyer said beauty that companies using iot should integrate management solutions and bring the iot platform in for primary connectivity and data movement and pull that data into an analytics environment thats more sophisticated and lets them do a behavioral analysis, which can be automated. By integrating those components, you can be more confident that what youve got from a feed in an iot environment is more statistically valid, he said. Pick the right iot devices. Those are devices that have a super-strong ecosystem and a set of partners that are being open about how theyre sharing information.
Proponents argue that machine learning can spot general usage patterns and alert the system when abnormalities occur. Bitdefender, for instance, looks at cloud server data from all endpoints and uses machine learning to identify abnormal or malicious behavior. Just as a credit cards system might flag a 1,000 splurge in a foreign country as suspicious, a ml system might identify unusual behavior from a sensor or smart device. Because iot devices are limited in function, it should be relatively easy to spot such abnormalities. Since the use of machine learning for security is still new, defenders of this approach advocate using a security system that includes human intervention. The real solution: A combination of everything. While ai may play a bigger role in iot security than initially thought, a comprehensive iot solution will include a bit of everything, including government regulation, standards and. The industry is capable of creating such a solution, but the catch is that it needs to do it on a very accelerated timetable. At the moment, in the race between iot security and iot adoption, the latter is winning.
The, internet of, things — a problem statement
All of those bodies are working on standards, protocols memory and best practices for security iot environments. Ultimately what will change the market is buyers, who will begin demanding standards, moyer said. Standards get set for lots of reasons, moyer said. Some are regulatory but a lot are because buyers say its important. Lacking standards, woods sees several paths to improve iot security. One is transparency in business models. If youre buying 1,000 fleet vehicles, one might be able to do over-the-air updates and the other wed have to replace manually and it would take seven months, woods said.
Its a different risk calculus. Another solution is to require manufacturers to assume liability for their devices. Woods said thats currently the case for hardware devices, but it is often unclear who assumes liability for software malfunctions. Ai to the rescue? A wild card in this scenario is artificial intelligence.
Thats why security standards are imperative. Who will set the standards? Various government agencies already regulate some iot devices. For instance, the faa regulates drones and the national Highway traffic Safety Administration regulates autonomous vehicles. The department of Homeland Security is getting involved with iot-based smart cities initiatives.
The fda also has oversight of iot medical devices. At the moment though, no government agency oversees the iot used in smart factories or consumer-focused iot devices for smart homes. In 2015, the federal Trade commission issued a report on iot that included advice on best practices. In early 2017, the ftc also issued a challenge to the public to create a tool that would address security vulnerabilities caused by out-of-date software in iot devices and offered a 25,000 prize for the winner. Moyer said that while the government will regulate some aspects of iot, he believes that only the industry can create a standard. He envisions two pathways to such a standard: Either buyers will push for one and refuse to purchase items that dont support a standard or a dominant player or two will set a de facto standard with its market dominance. I dont think its going to happen that way, moyer said, noting that no such player exists. Instead of one or two standards, the industry has several right now and none appears to be edging toward dominance. Those include vendor-based standards and ones put forth by the iot security foundation, the ieee, the Trusted Computing Group, the iot world Alliance and the Industrial Internet Consortium Security working Group.
Problem, statements, internet, of, things
The devices also produce a huge amount of data. Its not just 21 billion devices you have to work with, said kieran McCorry, director of technology programs at dxc. Its all the wood data generated from 21 billion devices. Theres huge amounts of data that are almost orders of magnitude more than the number of devices that are out there producing that data. Its a massive data-crunching problem. Taking such shortcomings into account, businesses can protect themselves to a certain extent by following best practices for iot security. But if compliance isnt 100 (which it wont be) then, inevitably, attacks will occur and the industry will lose faith in iot.
Many iot devices require manual intervention to be upgraded while others cant be upgraded at all. Some of write these devices were built very rapidly with limited design thinking beyond Iteration 1 and theyre not update-able, said moyer. Iot devices are a weak link that allows hackers to infiltrate an it system. This is especially true if the devices are linked to the overall network. Many iot devices have default passwords that hackers can look up online. The mirai distributed denial of services attack was possible because of this very fact. The devices may have backdoors that provide openings for hackers. The cost of security for a device may negate its financial value. When you have a 2-cent component, when you put a dollars worth of security on top of it, youve just broken the business model, said beau woods, an iot security expert.
standards are not in place and vendors keep struggling to embed the right level of intelligence and management into products. . Add the increasing collaboration among attackers and the it creates a need to address these challenges across a set of dimensions. Consider what we face with the security of iot devices; Unlike pcs or smartphones, iot devices are generally short on processing power and memory. That means that they lack robust security solutions and encryption protocols that would protect them from threats. Because such devices are connected to the Internet, they will encounter threats daily. And search engines for iot devices exist that offer hackers an entrée into webcams, routers and security systems. Security was never contemplated in the design or development stages for many of these Internet-connected devices. Its not just the devices themselves that lack security capability; many of the networks and protocols that connect them dont have a robust end-to-end encryption mechanism.
Gartner predicts that by 2020 there will be some 21 billion, iot devices in existence, up from 5 billion in 2015. About 8 billion of those devices will be industrial, not consumer devices. Both present a juicy target for hackers. For some, it seems like iot is a slow-motion wreck playing out in real time. The reason that the industry hasnt backed off is the value proposition is very powerful, said Chris moyer, cto and vp-cybersecurity at dxc. The risk proposition is also very powerful and thats where the balancing is going. Regardless of the industrys appetite, iot isnt likely to get scale until the industry addresses its security issue. That will take a cooperation among vendors, government intervention and standardization.
The, internet of, things -concept and, problem, statement, the it law wiki
Iot is coming and a lot of it execs are scared silly. Or maybe its more accurate to say they are resigned to their fates. In a may study of 553 it decision makers, 78 said they thought it was at least somewhat likely that their businesses would suffer data loss or theft enabled by iot devices. Some 72 said the speed at which iot is advancing makes it harder to keep up with evolving security requirements. Such fears are rooted in reality. Last October, hackers took down the company that controls much of the Internets domain name system infrastructure using some paperless 100,000 malicious endpoints from iot devices. More recently, the wannaCry ransomware attack crippled some bank of China atm networks and washing machine networks. For naysayers, those attacks validated fears that hackers could cause mayhem by commandeering our iot devices. At the same time, the iot industry continues its steady growth path.