What is the Internet of Secure Things?
December 14, 2017
Security is a big deal. Sure, we all have an idea of the ways cyberattacks are levelled against businesses on a global scale. Thankfully, there is an entire industry in place to combat such infringements. But what about hacking the objects around us? What if a cyber attacker could use your fitness tracker to steal your company password and cause massive damage to corporate property? Or, for that matter, what if your refrigerator allowed hackers to create a backdoor to your cloud storage account? Such breaches may at first seem preventable, and techniques used against such attacks could very well rely on existing security technologies. But what about the consequences of hackers taking direct control of one of these connected devices?
The consequences of hacking IoT objects, in fact, can be deadly. Consider the recent Jeep Cherokee hack in which two security researchers were able to remotely hack into an automobile and take full control of the driving functionality.(1) Such breaches can seem terrifying—especially as this kind of Internet of Things connectivity becomes more and more ubiquitous. Not only automobiles, but IoT promises connectivity to nearly all of the objects around us. It is no wonder, then, that security has been described recently as the ”burning question” for the development of the Internet of Things.(2) Specifically, that question is: what kinds of organizational structures must be in place for IoT to become capable of genuinely powerful security? This article seeks answers to this question, for instance, in the recent call for a tech-telecom alliance to create an Internet of Secure Things, or an IoST.
The good news is that IoT security is being recognized as an important issue. Indeed, many major security firms, as well as technology industry giants, have begun spearheading initiatives to solve the IoT security problem. For instance, Gemalto, a company known for its security work in mobile payments, has already released solutions for automotive and IoT security.(3) Meanwhile, Microsoft plans to include Secure Boot technology, which prevents an alternative boot software from being loaded onto a system, on its Windows 10 IoT operating system. Such measures seem promising, especially given the apparent proactive approach of foreseeing security issues with IoT before they become widespread or even commonplace. It would seem, given these initiatives, that we're already ahead of the IoT security curve.
But considering the fact that many of the most important developments of IoT lie in the future—by 2020 there will be more than 40 billion connected IoT devices—there should still be cause for concern. That is, many of the security challenges of IoT are preventative in nature because, although the number of IoT devices is increasing rapidly, we have not reached the saturation point 40 billion promises. This is where two recently formed IoT security alliances come in. One, The Internet of Things Security Foundation, is a nonprofit formed in 2015 which seeks to address IoT security on an international level. Another is the more recently announced IoT Cybersecurity Alliance, which includes tech and telecom giants such as AT&T, IBM, Palo Alto Networks, and Trustonic. Such endeavors represent the increasing awareness of IoT security, and the need for cross-industry collaboration in creating the security solutions of today's—and tomorrow's—IoT.
However, the establishment of international alliances like the IoT Cybersecurity Alliance does not mean that the work is complete for IoT security. One of the specific challenges that will be of concern, for instance, is the gateway connections that tether various object and devices to manufacturer networks. A particular vulnerability is that these devices are rarely, if ever, in off mode. As TechCrunch notes, ”IoT devices are always connected and always on. In contrast to human-controlled devices, they go through a one-time authentication process, which can make them perfect sources of infiltration into company networks. Therefore, more security needs to be implemented on these gateways to improve the overall security of the system.”(4) Such always on devices, indeed, demand additional security. Another concern is the massive databases that store data sent and received by IoT devices. Security measures will need to be especially sensitive, especially considering recent events that have shaken confidence in consumer privacy.
While the expansion of the IoT has rightfully led to concerns for security, the tech and telecom industries have accepted this challenge accordingly. They've responded with two robust IoT security initiatives that aim to make the Internet of Things a genuinely safe world for its users. Certainly there will be security challenges that will be difficult to predict—it may be impossible to know exactly what security in a world with 40 billion connected devices will require. But what we do know is that security has been and will always be a matter of predicting the next set of challenges that will arise. IoT is no different. And these initiatives aim to make tomorrow's IoT the IoST, an Internet of Secure Things.