Adding Security to the Internet of Everything
The Internet of Everything heralds a new kind of world for everyone. But it also requires a new way of thinking about IT security.
By Jason Deign newsroom.cisco.com
September 24 , 2014
New Opportunities, New Risks: The Internet of Things and Business Innovation
Introducing the Industry’s First Threat-Focused Next-Generation Firewall
What security measures do you think are needed for the Internet of Everything?
Don’t panic just yet: but in a few years, your fridge could become a target for cybercriminals. As the number of devices in the Internet of Everything grows, so does the likelihood that connecting these devices and networking them together could increase the number and type of attack vectors we will see in the future. And that means we need to think differently about IT security and the levels of protection needed for this new, connected world. Protecting all of IoE interactions is crucial in enabling people and organizations to benefit from these advances.
The IoE builds on the foundation of the Internet of Things, or IoT. By comparison, the IoT refers to the networked connection of physical objects (doesn’t include the “people” and “process” components of IoE). IoT is a single technology transition, while IoE is a superset that includes IoT.
Dima Tokar, co-founder and chief technology officer at MachNation, an Internet of Things (IoT) consultancy, says: “IoT brings efficiency to processes and infrastructure while introducing new technologies that bear security risks which need to be considered and addressed.”
He adds: “IoT devices create new attack vectors for hackers, which can be exploited to get access to sensor data and sensitive personal data. Hackers can also take advantage of poorly secured IoT solutions to interfere with processes and critical infrastructure.”
Thankfully, right now the level of risk from IoT-connected devices is largely a matter of conjecture, according to Professor Rolf H Weber, an IoT expert who is chair for International Business Law at the Faculty of Law in the University of Zurich, Switzerland.
“In theory the risk is substantial, but so far I have not yet seen examples of IoT technologies being compromised,” he says. “However, this could be since the IoT only has a limited practical volume for the time being, which makes it less attractive for hackers.”
What is clear, though, is that the advent of the IoT and the Internet of Everything will demand a re-think on security strategies.
“To some, it might seem far-fetched to think something as mundane as a wearable device for tracking fitness or a digital video recorder could pose a significant security risk or would be of any interest to a hacker. But as cars and other nontraditional computing devices start to resemble standard computing platforms more and more, they could be vulnerable to the same threats that target traditional computing devices.” -Cisco 2014 Midyear Security Report
According to the Cisco 2014 Midyear Security Report: “To some, it might seem far-fetched to think something as mundane as a wearable device for tracking fitness or a digital video recorder could pose a significant security risk or would be of any interest to a hacker.
“But as cars and other nontraditional computing devices start to resemble standard computing platforms more and more, they could be vulnerable to the same threats that target traditional computing devices.”
One of the security challenges with the IoT is that hackers could potentially gather much more personal data than at present.
The Cisco report warns: “When adversaries reach a point where they can begin correlating information from different sources … they will be able to gain a much bigger picture about a user than if they were looking at information from only one device, system, or application.”
How to deal with this growing potential threat? Experts say security may need to be built into the fabric of the IoT in an integrated way. Piecemeal or silo-based systems won’t do.
Organizations have a wide range of disparate technologies and processes to protect their information technology (IT) and operational technology (OT) networks, as well as their physical spaces. The combined IT and OT networks are evolving to become IoT networks, equally affected by the wealth of devices and increased attack surface the IoT brings. Decision makers in enterprises need to shift their vision of security to recognize that since every aspect of the network is now working together, cybersecurity and physical security solutions must also work together with a coordinated focus on threats.
Tokar says: “The security risks of an IoT solution are a combination of existing risks from each component of the value chain, as well as new risks introduced by the solution as a whole.”
Hence, he advises: “A secure IoT solution must not only rely on security best practices for each component used in the solution but also take a holistic pass at security end-to-end.”
Research from the SANS Institute predicts the biggest challenge for IoT security could be patch management, implying that software updates and the like may increasingly need to be delivered in a fully automated way via the network.
The fear that IoT devices could spread malware to companies, or be subject to denial-of-service attacks, were concerns voiced by 26 percent and 13 percent of people surveyed by the SANS Institute.
About half of respondents thought devices might pose a risk by virtue of being connected to the Internet. Almost a quarter felt the command and control channel to the device could be an attack risk, while 10.7 percent cited the device’s OS
But the research also highlights how the IT community has got IoT security in its sights. About half of respondents said they were either completely prepared for it or could cope with minor modifications to their existing setups.
“Security professionals are already dealing with the first several waves of Internet-connected things and have begun to plan for the next wave of more diverse, more complex devices,” says the Institute’s report.
However, it adds: “The basic critical security controls … will face new barriers to success if manufacturers don’t increase their level of attention to security and if enterprise security processes and controls don’t evolve.”
Weber agrees that infrastructure and service providers may need to improve security measures. “Furthermore, data protection rules in cross-border data delivery must be strengthened,” he says.
**Important note** - contact our sister company for very powerful solutions for IP management (IPv4 and IPv6, security, firewall and APT solutions:
In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” will be published soon follow by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:
If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio Additionally, I provide content for an online newsletter via paper.li. I have also established Netiquette discussion groups with Linkedin and Yahoo. I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. Further, I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and have been a contributor to numerous blogs and publications.
Lastly, I am the founder and president of Tabula Rosa Systems, a company that provides “best of breed” products for network, security and system management and services. Tabula Rosa has a new blog and Twitter site which offers great IT product information for virtually anyone.