IoT Cyber security THE problem for next generation
Cyber security is finally gaining the attention it so desperately deserves, as people everywhere are starting to realize the importance of these systems and how they pervade our lives. But It’s not just the electronic voting booth hacks that should have us worried, as technology creeps into everyday life. The Internet of Things, an initiative bent on embedding computing and networking functionality into pretty much everything (giving rise to a new moniker: IoE), is just as, if not more at risk from hackers.
IoT/IoE encompasses anything with connected technology
Printers, Smart lighting, smart thermostats, Driver-less cars, smart factories, smart grids, and so forth. Some medical implants also harness low-range wireless communications, and vulnerabilities have been found in a few pacemakers. The increasingly critical nature of these technologies, and constant breaches show that cyber security hasn’t evolved at the same pace as the other aspects itself.
Printers the greatest example of lacking IoT Security
One of the oldest devices connected to the the internet still remains one of the most vulnerable. White hat hackers (basically well-intentioned offensive security freelancers) have demonstrated just how many vulnerable, ill-configured or worse yet – default password using printers are connected to the internet.
We’re talking about technology that has been around for decades, and proper cyber security has yet to reach all of these devices. Something has to change as the damage caused by a smart thermostat or medical implant can be a lot more catastrophic than expensive printer ink.
Software Companies taking the initiative
Canonical, a company well known for their popular Server and desktop linux distribution, Ubuntu, has decided to expand its ecosystem into the IoT. Marketed as Ubuntu core, this stripped down linux-based operating system implements many security-by-design features along with a robust updating system. They aren’t the only ones launching security-conscious IoT platforms and many other vendors are starting to take interest in the area.
Political unrest may be a key driver
With the well-known vulnerabilities in digital voting programs, the greater than controversial outcomes and fixed remarks by president trump on “election rigging”, cyber safety has taken a forefront in right this moment’s media. Boosted by the Russian hacking scandals and potential connections to ongoing occasions, individuals are realizing that current-gen cyber safety is insufficient.
Considering social engineering is the largest vector for malware and on of the most effective ways into hardened networks, this mindset will go a long ways into perpetrating a culture of privacy, encryption and overall security.
Transparency the way forward
Technology with closed-source firmware/hardware has always suffered from eventual vendor abandonment, and this often leads to expensive vulnerable systems that cannot be upgraded. Much in the same way that CSP’s decided to adopt an open hardware/software model with SDN/NFV, embedded technology vendors must make their systems as open and transparent as possible so the can be easily audited, monitored and maintained.
Take for example the incident with the thousands of Chinese DVR’s with vulnerable firmware. Instead of pushing a simple firmware update, they had to replace the thousands of devices. Given the ever-evolving nature of malware, hackers and software exploits, in this day and age a system that cannot be updated should be considered as a massive security liability.
Because of the typically low cost nature of IoT units, I see open and collaborative platforms – like Ubuntu core – as a good way to create safe, simply up-gradable units whereas protecting prices to minimal. Within the industrial sector (healthcare, manufacturing, transport) firms have much more to work with, and as trade 4.0 takes of safety will likely be applied in these next-generation programs from the ground-up.
Please follow and like us: