Adding Security to the Internet of Everything
The
Internet of Everything heralds a new kind of world for everyone. But it
also requires a new way of thinking about IT security.
By Jason Deign newsroom.cisco.com
September 24 , 2014
Related Link:
New Opportunities, New Risks: The Internet of Things and Business Innovation
Introducing the Industry’s First Threat-Focused Next-Generation Firewall
DISQUS:
What security measures do you think are needed for the Internet of Everything?
Don’t panic just yet: but in a few years, your fridge could become a target for cybercriminals. As the number of devices in the Internet of Everything
grows, so does the likelihood that connecting these devices and
networking them together could increase the number and type of attack
vectors we will see in the future. And that means we need to think
differently about IT security and the levels of protection needed for
this new, connected world. Protecting all of IoE interactions is crucial
in enabling people and organizations to benefit from these advances.
The
IoE builds on the foundation of the Internet of Things, or IoT. By
comparison, the IoT refers to the networked connection of physical
objects (doesn’t include the “people” and “process” components of IoE).
IoT is a single technology transition, while IoE is a superset that
includes IoT.
Dima Tokar, co-founder and chief technology officer at MachNation, an Internet of Things
(IoT) consultancy, says: “IoT brings efficiency to processes and
infrastructure while introducing new technologies that bear security
risks which need to be considered and addressed.”
He
adds: “IoT devices create new attack vectors for hackers, which can be
exploited to get access to sensor data and sensitive personal data.
Hackers can also take advantage of poorly secured IoT solutions to
interfere with processes and critical infrastructure.”
Thankfully, right now the level of risk from IoT-connected devices is largely a matter of conjecture, according to Professor Rolf H Weber, an IoT expert who is chair for International Business Law at the Faculty of Law in the University of Zurich, Switzerland.
“In
theory the risk is substantial, but so far I have not yet seen examples
of IoT technologies being compromised,” he says. “However, this could
be since the IoT only has a limited practical volume for the time being,
which makes it less attractive for hackers.”
What
is clear, though, is that the advent of the IoT and the Internet of
Everything will demand a re-think on security strategies.
“To
some, it might seem far-fetched to think something as mundane as a
wearable device for tracking fitness or a digital video recorder could
pose a significant security risk or would be of any interest to a
hacker. But as cars and other nontraditional computing devices start to
resemble standard computing platforms more and more, they could be
vulnerable to the same threats that target traditional computing
devices.” -Cisco 2014 Midyear Security Report
According to the Cisco 2014 Midyear Security Report:
“To some, it might seem far-fetched to think something as mundane as a
wearable device for tracking fitness or a digital video recorder could
pose a significant security risk or would be of any interest to a
hacker.
“But
as cars and other nontraditional computing devices start to resemble
standard computing platforms more and more, they could be vulnerable to
the same threats that target traditional computing devices.”
One of the security challenges with the IoT is that hackers could potentially gather much more personal data than at present.
The
Cisco report warns: “When adversaries reach a point where they can
begin correlating information from different sources … they will be able
to gain a much bigger picture about a user than if they were looking at
information from only one device, system, or application.”
How
to deal with this growing potential threat? Experts say security may
need to be built into the fabric of the IoT in an integrated way.
Piecemeal or silo-based systems won’t do.
Organizations
have a wide range of disparate technologies and processes to protect
their information technology (IT) and operational technology (OT)
networks, as well as their physical spaces. The combined IT and OT
networks are evolving to become IoT networks, equally affected by the
wealth of devices and increased attack surface the IoT brings. Decision
makers in enterprises need to shift their vision of security to
recognize that since every aspect of the network is now working
together, cybersecurity and physical security solutions must also work
together with a coordinated focus on threats.
Tokar
says: “The security risks of an IoT solution are a combination of
existing risks from each component of the value chain, as well as new
risks introduced by the solution as a whole.”
Hence,
he advises: “A secure IoT solution must not only rely on security best
practices for each component used in the solution but also take a
holistic pass at security end-to-end.”
Research from the SANS Institute predicts the biggest challenge for IoT security could be patch management, implying that software updates and the like may increasingly need to be delivered in a fully automated way via the network.
The fear that IoT devices could spread malware to companies, or be subject to denial-of-service attacks, were concerns voiced by 26 percent and 13 percent of people surveyed by the SANS Institute.
About
half of respondents thought devices might pose a risk by virtue of
being connected to the Internet. Almost a quarter felt the command and
control channel to the device could be an attack risk, while 10.7
percent cited the device’s OS
.
But
the research also highlights how the IT community has got IoT security
in its sights. About half of respondents said they were either
completely prepared for it or could cope with minor modifications to
their existing setups.
“Security
professionals are already dealing with the first several waves of
Internet-connected things and have begun to plan for the next wave of
more diverse, more complex devices,” says the Institute’s report.
However,
it adds: “The basic critical security controls … will face new barriers
to success if manufacturers don’t increase their level of attention to
security and if enterprise security processes and controls don’t
evolve.”
Weber
agrees that infrastructure and service providers may need to improve
security measures. “Furthermore, data protection rules in cross-border
data delivery must be strengthened,” he says.
===================================
**Important note** - contact our sister company for very powerful solutions for IP management (IPv4 and IPv6, security, firewall and APT solutions:
www.tabularosa.net
In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” will be published soon follow by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:
www.amazon.com/author/paulbabicki
If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio Additionally, I provide content for an online newsletter via paper.li. I have also established Netiquette discussion groups with Linkedin and Yahoo. I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. Further, I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and have been a contributor to numerous blogs and publications.
Lastly, I am the founder and president of Tabula Rosa Systems,
a company that provides “best of breed” products for network, security
and system management and services. Tabula Rosa has a new blog and Twitter site which offers great IT product information for virtually anyone.
==============================================
No comments:
Post a Comment