Image Credit: CN Lab.
Everyone is excited about the “Internet of Things,” also known as, IoT. Imagine, cars able to talk to other cars, devices able to contact repair facilities when repairs are needed, cars able to connect to the traffic grid, and refrigerators able to alert you when your milk or orange juice is running low.
According to Dr. Stefen Ferber of Bosch Software (@Stefferber on Twitter), “The Internet of Things is a place where technology and business meet, leading to the creation of new disruptive business models.”
But here’s how I see the situation. Cars may become mobile data-gathering devices. When an unsuspecting driver passes by, the attacker can grab your personal information including your name, address, vehicle identification number (VIN), and any other pertinent automotive information they can get away with in order to steal your identity.
Consider this scenario: a fast driver could have his or her vehicle connect with the traffic grid, so that whenever his or her car approaches an intersection, the light immediately turns green.
Since your home and devices will be able to communicate, an unscrupulous repair person could discover your home security codes or spy on you with your own cameras by inserting a virus into one of those devices.
There is a very obvious reason as to why I’ve shared my paranoia. With all of the technology we have available today, and the devices we have in place to keep intruders out, we are still fighting a considerable battle against people, organizations, companies, and other countries that are trying to steal our data, intellectual property, and secrets.
And so now, we add the “Internet of Things” to the equation which will also be using Internet protocols. Companies and organizations that never had to deal with security issues will now have to think about ways to keep inbound and outbound data safe for all devices. Those of us who are security professionals have the tools and know the rules to keep most of the bad stuff out. But what happens when there is no oversight? Anybody will be able to get into the game of the “Internet of Things.” Most network devices have the ability to be secured, but who says that the vendors of this new world will know what to do?
I have read numerous articles on this topic, but so far, none have addressed the security issues related to billions of devices being able to access the Internet. This conversation must begin before IoT becomes even more prominent.
Unlike the beginning of the Internet revolution, when the world was just beginning to network and risks to data were low, data breaches were almost inconceivable. The stakes are now higher, and the data that exists is worth trillions of dollars.
Dr. Stefan Ferber wrote in a recent Harvard Business Review blog post, “By 2015, not only will 75% of the world’s population have access to the Internet, so will some 6 billion devices. The fact that there will be a global system of interconnected computer networks, sensors, actuators, and devices all using the Internet protocol holds so much potential to change our lives that it is often referred to as the Internet’s next generation.”
Let’s say that number again: six billion devices. How many companies who manufacture and sell those six billion devices will place security of the Internet as a priority? That is a large number of attack vectors.
At the moment, those of you in the mid-size market are affected by devices such as IP wireless cameras and printers that can be used to deliver Denial of Service (DoS) attacks against your own network. With the Internet of Things, you will need to look closer, even to devices that may not be added to your network, but just might be in the vicinity of your network. So when the time comes, tread carefully and be sure, before you add one of these “wonderful” new devices, check to see what type of security protocols (if any) your new device includes.
It looks like those of us in the security industry have our work cut out for us.
Here’s the HBR post mentioned above:
This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet. I’ve been compensated to contribute to this program, but the opinions expressed in this post are my own and don’t necessarily represent IBM’s positions, strategies or opinions.