Managing risk in the era of the Internet of Things
A topic that has been heavily discussed this year, and one that is sure to impress us further in 2015, is the ‘Internet of Things’ (IoT). Gartner’s definition of the IoT is, take a deep breath… “The network of physical objects that contain embedded technology to communicate and sense or interact with their internal states or the external environment.” In other words, devices, systems and services that can be automated in nearly all fields with advanced connectivity. Smart objects will also fall into the IoT – this refers to objects in the physical world that transmit information about their condition, environment or data to be analysed (with the help of embedded devices).
Despite the software and network-driven opportunities that the IoT brings, there are security challenges that shouldn’t be overlooked. It’s been predicted that by 2020, twenty-six billion devices will be connected to the internet. These new applications and embedded devices generating new data will no doubt make better processing, storage and security a high priority. Given that all software-driven devices have the ability to communicate with an external device and with each other, they are also susceptible to attacks; data and processes can be compromised and highly-valuable IP can be lost. We’ve seen that embedded devices or smart objects are no strangers to hacking threats. In recent news, we heard of smart meters in Spain that could be hacked to cut power bills. Poorly protected credentials inside these devices were what allowed hackers to take control over them. If the software inside these devices had been protected through multiple layers of security, this could have been prevented.
To minimise the risk around the IoT, a new set of rules is required for software licensing, entitlement management and IP protection. The IoT environment needs an “interpretation HUB” (server-type) that can function as a knowledge base for connecting all the diverse options. The “HUB” would then require various levels of security, starting with the infrastructure and continuing to the software embedded within each end point device – preventing hacking and tampering on the one end, and collecting usage data and performance metrics on the other.
Organisations also need to prevent reverse engineering by encrypting everything, including the data and software embedded within the sensors and extending to the data that is carried between devices. The logins of people and systems also need to be secured with authentication codes solely linked to corresponding hardware. Should a hacker be able to enter the system, they will find it more difficult to reverse engineer applications or remotely determine the specifics of an IT infrastructure if the environment is encrypted.
Certain industries in particular will continue to experience big changes from the IoT, such as manufacturing – where trucks, appliances and manufacturing equipment will be connected to the internet. The damage in these situations could depend on the motives of those involved but it could mean that malicious outsiders gather private information or manipulate more sinister objectives, such as de-activating an alarm or damaging critical equipment in power stations.
As our own homes and wider infrastructure become increasingly connected, it’s imperative that we have secure, authenticated, encrypted connectivity among everything – from refrigerators to light bulbs to our cars. Only when security challenges are addressed will we be able to realise the full benefits of a truly connected environment.
Written by: Jamie Longmuir, regional director at SafeNet
Jamie has 19 years’ experience in enterprise software and services. At SafeNet, he oversees the technical specialists and sales teams, implementing new licensing models, IP protection and entitlement management strategies.