IoT Security and the value of interoperability
One of the largest and most important components of IoT is security. Unfortunately, is it very often an area where legacy analog companies are the least prepared to deal with, both in their products design as well as in their organizational setups. Lack of a coherent security mechanism in your future portfolio will lead to potential for attacks from a variety of sources including individual hackers, corporations committing espionage, and even cyber-warfare between nation states. Since it is estimated that within a decade there will be as many as a trillion devices accessing the Internet, security becomes paramount.
Devices, things will be more and more connected. The interoperability is unleashing value for both the whole value chain players, not only the end users but also the System Integrators, manufacturers and so forth. Unleashing data creates the conditions to move from Capex driven project and OPEX business models.
For example, high security is required for a smart home containing smart devices including solar power panels, security alarms, refrigerators, lightbulbs, and a television. On October 20th, 2016, a major cyberattack occurred against the U.S.-based internet domain host, Dyn. Part of this attack was carried out using internet-connected devices such as digital recorders and webcams, according to Dyn’s chief strategy officer, Kyle York. About 100,000 Mirai IoT botnet nodes were used to attack at rates up to 1.2 Tbps. Stephanie Weagle, senior director at Corero Network Security, said the release of the Mirai code should be concerning for networking and security professionals worldwide, especially internet service providers (ISPs). She stated, “IoT devices are plug-and-play and the average user is incapable or uninterested in security and may never apply an upgrade or security patch to the device. So, if an IoT device ships with an exploitable vulnerability, it will likely remain vulnerable throughout its lifecycle.”. This problem is exacerbated by the fact that most users will never change default usernames and passwords, said Weagle. “The bad guys know this and gain access to these devices in droves using well understood default credentials”.
IoT devices will be ubiquitous all over the planet, controlling more and more things, creating the conditions for major threats to countries, companies and individuals. The amount of damage that could potentially be done by malicious individuals or groups is phenomenal. One of the issues concerns the devices’ security (login, passwords, physical interfaces and so forth) but also the fact that there is an ever-increasing amount of protocols needed to deal with applications and wireless networks, creating the need to have important protocols colocation in gateways and platforms which, by design, create security holes.
An IoT device will need to be uniquely identified, whether it be a smart house, smart factory, or even a single air pressure sensor mounted on the roof of a home. This introduces a whole new level of complexity and security that must be part, as earlier as possible, of the offer creation process for IoT compatible products and systems. IoT devices will be moved, repaired, modified or swapped out on a regular basis and must therefore be designed accordingly.
Connected devices and the associate IoT components such as gateways, platforms and so forth generate vast amounts of data, even when considering only the information from a single person. That data includes payments, medical information, GPS travel information, and even every word spoken and every sound made in a household. All this information is often stored in the cloud for personal use but also as a source of information for more advance analytics.
IoT Security : The data challenge
The vast amount of data that is available from IoT and other digital methods is valuable in its own right as a business asset. This data and the resultant analysis can be used by businesses to monitor the services and products they offer, and provide guidance for changes in products and services, as well is in the way a business operates.
There are technical challenges to gathering this volume of data:
- First and foremost, real-time transmission of information from devices such as sensors can require far more bandwidth than is available. Consider, for example, a smart operating room in the hospital, which could contain a wide variety of sensing devices to monitor every aspect of a patient’s health including their breathing, heart rate, blood levels, and even skin color and muscle tone. This is an overwhelming amount of information and to provide good patient care, it must be analyzed in real time. Doing so allows very quick decisions to be made, perhaps even automatically, to improve patient health and the possibility of survival.
- The second is the aggregation and intelligence that can be extracted from it. Aggregating all the data so that it can be useful presents another challenge. When considering the concept of smart homes scattered throughout a major metropolitan area, the amount of data is immense and continuous. This information is also extraordinarily useful when examined on an aggregate level. Doing so, you could predict resource usage throughout the city by analyzing the aggregate data and then factoring in the effects of the weather, social events, and other variables. Let’s take the example of a smart stadium that was connected to the surrounding metropolitan area. In a large event, such as a football game, it’s predictable that there will be a surge of traffic as the event begins and ends. Sensors could report on the number of people in the stadium, and adjust traffic patterns automatically as those people begin to leave the parking area. Businesses in the local area – such as restaurants – which normally close early, could receive notifications of the traffic surge and remain open longer.
- The third challenge is the storage and legal ownership of the data. Does the customer own their information? Or do the companies and businesses which collect information own it? Or perhaps the data aggregators own the data; or is the data, once personalized information has been removed, available to the public domain? There is also the legal aspect of it: today’s laws might need to be adapted to cope with global connected things generating more data on private information than any other system/software has in the recent years.
IoT Security : Smart and connected power grids
Internet of things will definitively change the way power is consumed and produced and distributed. End to end connectivity on power grids has never been deployed; connecting demand and generation, unleashing the data that this connection enables will have important impacts on the way our society operates. We should not underestimate the societal benefits of such connected grids which brings to the final customer far more information on the direct impact between individual behaviors and the associate carbon footprints.
There will also be more and more alternative and distributed sources of energy, which in turn, will raise the complexity of such connected grids. When looking back at what network infrastructure looked like in the 90’s, and how it evolved in 10 years moving from basic hub to fully routed/intelligent networks, is a good indicator of what power grid will be going through in the next 10 to 15 years. Digitization of the energy industry, distributed power sources, storage and intelligent grid will have similar impacts, if not greater, than what the internet had on the way we live our everyday life.
Power grids are at the core of our world’s functionality. A country can operate without petrol, but would struggle without power. Petrol, nuclear plants, water dams are, for example, means to get power. Computers, smartphones, for example are means to get information. Who controls information and power can greatly impact our societies and countries.
IoT will be a game changer for this industry and the associate ecosystem. Asset performance management will typically benefit from such changes in the way energy is consumed. We will see more and more real-time supply and demand platforms emerge which will have a direct impact on energy storage, network control and management and so forth. Utilities will also be highly impacted. As stated in IoT and the Future of Networked Energy, A Platform for Enhanced Energy Cloud Applications, Services, and Business Models, written by Neil Strother – Principal Research Analyst and Mackinnon Lawrence – Senior Research Director Published 4Q 2016 by the Navigant Research: “a utility that can delay or avoid investing another $2 billion in generation plants and delivery systems by assembling a smarter IoT-enabled grid is a stronger player. Alternatively, an IoT investment of $2 billion would build the foundation needed to compete for the $1.3 trillion in annual new revenue that will be created across the Energy Cloud in 2030”.
The benefits of getting not only the power demand but also the power generation connected are immense; but the associate risks are even greater. All networks can be hacked, it’s just a matter of time and means. Will power grids be hacked? Yes, however that is not the right question. It is: ‘who and which organization will hack the grid?’, and ‘What are the risk mitigation plans and systems to be deployed when this happens?’. Power is the blood of our economies. Securing the grid, the end to end connection will be an important challenge in the coming years, not only for the utilities but for all the stakeholders in the power generation and consumption value chain.
IoT Security : Why Blockchain might be the answer
If you are reading this blog, you must be looking for more information about powerful trends that are creating a lot of questions without a lot of consistent and satisfactory answers. These trends are the Internet of Things, Blockchain, and Artificial Intelligence.
Internet of Things embraces the connection between things in a global network. Blockchain technology enables trust and secure storage, as well as movement of information between those things. Artificial Intelligence is the missing component that extracts the value out of all this connectivity and the associate amount of information that is shared, moved and stored.
They seem to be disconnected from one another when in fact, if you step back, there are tightly interlaced components and enablers of the digital transformation our society is going through.Blockchain technology promises to be the missing link enabling peer to peer contractual behavior without any third party to “certify” the IoT transaction. It also answers the challenge of scalability, single point of failure, time stamping, record, privacy, trust and reliability in a very consistent way.
Blockchain technology could provide a simple infrastructure for two devices to directly transfer a piece of property (ex: money, data, etc.) between one another with a secured and reliable time-stamped contractual handshake. To enable message exchanges, IoT devices will leverage smart contracts which then model the agreement between the two parties. This feature enables the autonomous functioning of smart devices without the need for centralized authority. If you then extend this peer-to-peer transaction to human to human or human to objects/platforms, you end up with a fully distributed trustworthy digital infrastructure.
Blockchain promises to be a key accelerator of the IoT evolution and spread among all industries and usages as it solves the major roadblock of the IoT: trust, ownership and record. The technology will disrupt not only banking ecosystem and associate financial transactions, but will open the door to a series of IoT usages/applications that will create tomorrow’s unicorns.
Pre-order the IoT Book ‘Digitize Or Die’ HERE & LEARN MORE about IoT Security !