IoT – The Internet of Treachery
So the Internet is a far cry from what it was when things were kicked off back in the early 80s; essentially the combination of two huge networks. It grew from there but didn’t really get popular (in my eyes) till the World Wide Web came later in the 90s. That’s when things started to go a bit crazy…
So where are we now? Welcome to the 21st Century Internet: The Internet of Things
This is a world where pretty much anything you could possibly want to have a connection to the Internet, can.
It’s a very interesting world indeed, one where I’ve genuinely heard a person say:
“I can connect to my fridge from my phone to see what’s inside it so I can shop properly after work if I need to!”
Sounds pretty convenient, right?
The thing that I can’t help but think about here though is; with this level of connectivity and all of those different things where you can store and get information from, how is it all being kept secure?
We live in a world where being on the Internet and mass interconnectivity can be treacherous, it’s far more treacherous than it has ever been and it’s only going to get worse. When you live in an age where:
- Huge retail companies are breached through their air conditioners1
- Service providers having their customers’ routers taken offline2
- Internet infrastructure companies having services denied by CCTV devices, camcorders etc3
- Cars potentially being hijacked through their radios4
You’ve got to wonder to yourself, how do we keep these devices secure?
Don’t get me wrong, the Internet and what’s possible with it is incredible. It’s an absolutely fantastic way to allow people access to resources and because of the developments in being able to deliver high speed networks over incredible distances, devices that can store, process and transmit data too; it’s evolved into an amazing way for people to create and consume services that weren’t really conceivable until now. The amazing part is that it just doesn’t seem to stop growing!
With local (and potentially national) governments delivering services through the use of IoT such as power, water, waste disposal, law enforcement, education and welfare; we are living in the era of the smart city too. IoT is now becoming a key enabler of national infrastructure.
The crux of the matter here though is, the devices that are connected to the Internet (in whatever way) need to be kept secure.
Internet security involves everything now
Our devices that we connect to the Internet; to let us do those things such as turn the heating on or record a video and upload it to a site on the fly or change settings on devices etc. are being used against us. The Internet of Things or IoT security landscape needs to be radically addressed.
How do you secure these types of devices though? The answer is down to baking security into the devices themselves.
Symantec as a vendor has been working on solutions to secure IoT devices and has been working with the likes of ARM and other tech firms on what is known as the Open Trust Protocol (OTrP) for IoT devices.
The idea is to give IoT devices a similar security architecture that lots of banking devices and smartphones use to safeguard sensitive data at present, essentially working behind the scenes to protect the device without interfering with the OS itself.5
While the OTrP is available for companies to test right now, there still hasn’t been an official release for it. Enter another Symantec solution:
Symantec Embedded Security: Critical System Protection
Where this differs from OTrP is that it is a signature-less security agent installed onto the device. The beauty of this solution is
- It’s an officially released solution.
- It can be integrated by the device manufacturer pre-sale or installed post-sale as part of a company’s cyber security strategy.
The agent itself provides:
- A host firewall
- Device and configuration control
- File integrity monitoring
- Intrusion detection
- OS hardening
- Application whitelisting
- Automatic sandboxing
- Support for a myriad of Windows embedded OSs as well as QNX (one of the most commonly used real-time operating systems (RTOS) worldwide)
It’s my own opinion that there isn’t enough coverage on how to secure IoT devices and more about what and how a device was compromised, this is the wrong way to go about it. We live in a world where collaboration has been one of the biggest driving factors which has resulted in the limitless possibilities we have before us, let’s not let this progress become our ultimate downfall.
We at Arrow have divisions that can assist any business that is thinking about IoT as an enabler; from the design and manufacturing processes, securing the device itself right through to data analytics to get the most out of the information these devices create. Come and speak to us about how we can collaborate with you now to shape the solutions of tomorrow.
Arrow Bandwidth Episode 1 – IOT 101: From Sensor to Sunset
Welcome to Arrow Bandwidth, the podcast from Arrow UK to help the channel better understand the trends, technologies and concepts facing the IT industry today.
Digital Transformation? Just wait until the Blockchain takes hold!
Have you heard of Blockchain? If you haven't, you need to read Richard Holmes great analysis on how Blockchain may well be the biggest tech disrupter since the World Wide Web.
Arrow Bandwidth Season 2, Ep 2 - IOT Six Months On
IOT was the subject of our first ever episode back in February - what does it look like six months later? David and Rich are joined by Neil Cattermull from Compare the Cloud.