Welcome to the world of Internet of Things (IoT) wherein a glut of devices are connected to the internet which emanates massive amounts of data.
Analysis and use of this data will have real positive impact on our lives. But we have many hoops to jump before we can claim that crown starting with a huge number of devices lacking unified platform with serious issues of security standards threatening the very progress of IoT.
The concept of IoT introduces a wide range of new security risks and challenges to IoT devices, platforms and operating systems, communications, and even the systems to which they're connected. New security technologies will be required to protect IoT devices and platforms from both information attacks and physical tampering, to encrypt their communications, and to address new challenges such as impersonating "things" or denial-of-sleep attacks that drain batteries, to denial-of-service attack (#DoS). But IoT security will be complicated by the fact that many "things" use simple processors and operating systemsthat may not support sophisticated security approaches. In addition to all that "Experienced IoT security specialists are scarce, and security solutions are currently fragmented and involve multiple vendors," said Mr. Jones from Gartner, he added; "New threats will emerge through 2021 as hackers find new ways to attack IoT devices and protocols, so long-lived "things" may need updatable hardware and software to adapt during their life span."
What makes this attack so interesting is that the devices hijacked have been networked to create the internet of things. In this case the offender was likely digital video recorders, those set-top boxes that allow you to record live TV and skip the commercials, and webcams, like those used around houses for security. All these devices now moonlight as zombies under control of malicious actors bent on taking down individual websites or even portions of the internet, as with the Dyn attack.
Considering the trend in connectivity, this is really just a taste of things to come. The deployment of IoT is far outpacing any other networked system. Gartner estimated that, by 2020, 50 billion devices will be connected to the internet. That’s 50 billion new accomplices for an attacker to use to take down the servers that are critical to a functioning internet.
Added to this explosion in connected (and potentially compromised) devices is the increasingly sophisticated and systematic nature of recent attacks. Bruce Schneier, an internationally renowned expert on technology and security, has sounded the alarm on this issue very recently. The combination of a dedicated group of actors and a significant increase in the means to attack networks should be a big concern to us all.
A comprehensive study on IoT by The Internet Society (ISOC) revealed critical issues which will have an impact on IoT:
1. Security Concerns - With so many interconnected devices out there in market and plenty more to come in the near future, a security policy cannot be an afterthought, some of the issues with devices of IoT:
· Some Devices Are More Secure Than Others
· Lack of Updates on Internet of Things Devices
· Communications Security
· Consumer Education
If the IoT devices are poorly secured, cyber attackers will use them as entry points to cause harm to other devices in the network. This will lead to loss of personal data out into the public and the entire trust factor between internet connected devices and people using them will deteriorate.
In order to evade such scenarios, it's extremely critical to ensure the security, resilience and reliability of internet applications to promote use of internet enabled devices among users across the world.
Security constraints for IoT are so critical that even analyst firm Gartner came out with some astounding numbers.
· According to them, the worldwide spend for the IoT security market reached $348 million in 2016, a rise of 23.7% from $281.5 million in 2015.
· Through 2018, over 50% of IoT device manufacturers will not be able to address threats from weak authentication practices.
· By 2020, more than 25% of identified enterprise attacks will involve IoT, though IoT will account for only 10% of IT security budgets.
2. Privacy issues - The possibility of tracking and surveillance of people by government and private agencies increases as the devices are constantly connected to the internet.
These devices collect user data without their permission, analyze them for purposes only known to the parent company. The social embrace of the IoT devices leads people to trust these devices with collection of their personal data without understanding the future implications.
3. Inter-operatability standard issues - In an ideal environment, information exchange should take place between all the interconnected IoT devices. But the actual scenario is inherently more complex and depends on various levels of communication protocols stacks between such devices.
The OEM's producing industry ready IoT devices will need to invest a lot of money and time to create standardized protocols common for all IoT devices or else it will delay product deployment across different verticals.
4. Legal Regulatory and Rights issues - There are no concrete laws present which encompasses the various layers of IoT across the world. The array of devices connected to each other raises many security issues and no existing legal laws address such exposures.
The issues lie in whether current liability laws will extend their arm for devices which are connected to the internet all the time because such devices have complex accountability issues.
5. Emerging Economy and development issues - IoT provides a great platform for enablement of social development in varied societies across the world and with the proliferation of Internet across the various sections of the society in developing countries coupled with lowering costs of microprocessors and sensors will make IoT devices accessible to low income households.
There are four interrelated things that need to change if we are to have a chance to combat this growing threat.
First, we need to change our culture around networked technologies for example not using default/generic passwords and disabling all remote (WAN) access to our devices.
Second, industry leaders need to make security and resilience in digital spaces a priority. When considering overall strategy, whether for an enterprise or a government, cyber strategy must be a key concern.
Third, we need to make a serious attempt at prioritizing security in IoT deployments. Security by design, or ensuring that security is built into technology from the beginning for example security at the chip level is a step in the right direction.
Fourth, innovators and regulators work together to help align incentives, which are currently behind deploy-first-secure-later approaches, to support security in IoT.
Ahmed Banafa is an expert in new tech with appearances on ABC, NBC , CBS, FOX TV and radio stations. He served as a professor, academic advisor and coordinator at well-known American universities and colleges. His researches are featured on Forbes, MIT Technology Review, ComputerWorld and Techonomy. He published over 100 articles about the internet of things, blockchain, artificial intelligence, cloud computing and big data. His research papers are used in many patents, numerous thesis and conferences. He is also a guest speaker at international technology conferences. He is the recipient of several awards, including Distinguished Tenured Staff Award, Instructor of the year and Certificate of Honor from the City and County of San Francisco. Ahmed studied cyber security at Harvard University. He is the author of the book: Secure and Smart Internet of Things Using Blockchain and AI.