The internet gave us the opportunity to connect in ways we could never have dreamed possible. The Internet of Things will take us beyond connection become part of living, moving global nervous system, IoT or the “internet of things” refers to any object is equipped with a unique digital tracker giving it the ability to send and receive information without human interaction. The “thing” can be any man made or organic object, which can be given the ability to transfer data over a network.
Kevin Ashton, cofounder and executive director of the Auto-ID Center at MIT, first mentioned the Internet of Things in a presentation he made to Procter & Gamble. Here’s how Ashton explains the potential of the Internet of Things:
“Today computers — and, therefore, the Internet — are almost wholly dependent on human beings for information. Nearly all of the roughly 50 petabytes (a petabyte is 1,024 terabytes) of data available on the Internet were first captured and created by human beings by typing, pressing a record button, taking a digital picture or scanning a bar code.
The problem is, people have limited time, attention and accuracy — all of which means they are not very good at capturing data about things in the real world. If we had computers that knew everything there was to know about things — using data they gathered without any help from us — we would be able to track and count everything and greatly reduce waste, loss and cost. We would know when things needed replacing, repairing or recalling and whether they were fresh or past their best.”
For example, a heart monitor can be equipped to send information to your doctors office, a sprinkler system can be set up to determine if your lawn needs watering and perform the task, all without YOU having to do anything.
Another example is Google’s acquisition of Nest, a company that makes a thermostat that extracts data from the environment, including information about lighting, humidity, and the daily behavior of a home’s residents in order to automatically adjust the temperature settings based the resident’s preferences.
Because the sensors embedded in physical objects are linked through wired and wireless networks, often using the same Internet Protocol (IP) that connects the Internet, security for IoT will become a primary concern for many IoT related products and businesses. As example there are hundreds of thousands of homes equipped with video cameras today that stream images to tablets and mobile phones of owners. In the healthcare industry, wrist bands and other wearable devices are being made so your doctor gets an intimation when you fall sick. Auto manufacturers are building cars that can sense when other vehicles are too close, so that accidents can become a thing of the past.
The IoT movement has already seen some of the biggest companies in every field — AT&T, Ericsson, Nokia, Qualcomm, Accenture, Vodafone, General Motors, Mercedes Benz and BMW, among many, many others — investing significantly on developing new products. These companies are adding wireless connectivity to their devices, bringing network connectivity and remote management to their offerings in order to appeal to a growing number of smart consumers.
But while IoT offers a huge business opportunity, consumer rights advocates and privacy watchdogs fear complete chaos. So far, only Google and a few other sites you visited while surfing the Net or posting on a social website kept track of your interests. But as personal devices increasingly get connected to the Internet, and transmit data, it will be hard for you to keep any part of your life a secret. A smart car will log the roads you drive on and your driving style and will share the captured data with your car workshop. The toothbrush will inform your dentist each time you forget to brush before going to bed. The refrigerator will tell the grocer how much and what you are consuming. The smart television set will send out data on the programmes you watch. And the sneakers you wear will upload your walking pattern to the fitness website. Pretty soon, every bit of your life will be tracked and uploaded as you start embracing smart devices.
The endless variety of IoT applications poses an equally wide vari¬ety of security challenges.In factory floor automation, deeply embedded programmable logic controllers (PLCs) that operate robotic systems are typi¬cally integrated with the enterprise IT infrastructure.How can those PLCs be shielded from human interference while at the same time protecting the investment in the IT infrastructure and leveraging the security controls available?
A smart meter—one which is able to send energy usage data to the utility operator for dynamic billing or real-time power grid optimization—must be able to protect that information from unauthorized usage or disclosure. Information that power usage has dropped could indicate that a home is empty, mak¬ing it an ideal target for a burglary or worse.
In August of 2013 a couple in Houston heard a stranger talking to their 2-year-old daughter through the baby monitor. The monitor in question, a Foscam, allows for remote monitoring from around the world. Remote access is a handy feature for parents away on a trip that want to check in on things at home, but quite distressing if that remote connection has been hacked into by a malicious stranger.
If privacy is the big casualty in an IoT environment, a cyber-attack is a nightmare. The worst Trojan attack today can, at best, paralyse your work and home computers — and perhaps damage your mobile phone. In a connected world, such an attack can very well cripple your life — from shutting off your smart air conditioner to preventing you from entering your house or starting your car by attacking the onboard computers. That is why IoT is seen as a huge opportunity by all kinds of cyber security firms.
The following are other IoT security tactics you should consider implementing:
Knowing no one single control is going to adequately protect a device, how do we apply what we have learned over the past 25 years to implement security in a variety of scenarios? We do so through a multi-layered approach to security that starts at the beginning when power is applied, establishes a trusted computing baseline, and anchors that trust in something immutable that can-not be tampered with.
- Design a good perimeter protection with a firewall and an intrusion prevention system.
- Include everything in a security information and event management environment.
- Implement an emergency response program.
- Include a good identity and access management program with your IoT program for central user control. Consider, for instance, using a cloud identity approach.
- Implement two-factor authentication where practical.
- Have the administrators of your devices use privileged user control.
- Search for standardization. This is only in its beginning stages now, but the market will soon define standards for the IoT, including security standards.
If you have a third-party IoT provider, consider due diligence.
Stay informed with key sources of security through groups such as the National Institute of Standards and Technology (NIST).
Suitable solutions need to be designed and deployed, which are independent from the exploited platform and able to guarantee: confidentiality, access control, and privacy for users and things, trustworthiness among devices and users, compliance with defined security and privacy policies.