The internet of things is defined as the interconnectivity or networking of devices, sensors and electronics to communicate through software. With IoT and the typical computing infrastructure that is very familiar, the change in data, access, connectivity and monitoring requires a cybersecurity approach. We tend to add technology to the existing fabric of our lives without considering how the bad guys will attack. We are seeing IoT in our homes, automobiles, food safety, medical devices, critical infrastructure and manufacturing — just to name a few.
Let’s talk about our homes and us as consumers of IoT first. We have access to some cool and innovative technologies at home. A favorite is Amazon’s Alexa digital assistant. Alexa can turn on lights, change the temperature of a thermostat, change watering days and times on your irrigation controller, manage webcams, and turn on and off the television. All this is amazing, but it raises the question: Have we opened ourselves up to more vulnerabilities at home? An illustration of webcam vulnerability was widely seen in the distributed denial-of-service attack of Dyn in late 2016.
Medical devices are just as vulnerable, now that blood pressure cuffs, glucometers, insulin pumps, pacemakers, ICU real-time monitors and many others are connected to the internet. Home healthcare uses wearables for monitoring of statuses and medication reminders. All of these connected devices have been purpose-built for function with limited security and data protection. We have seen hacks into insulin pumps manipulating the dosing. The seriousness of a personal attack is not outweighed by the threat to healthcare systems and records that can be accessed through these devices, all labeled as, personally identifiable information.
Lastly, manufacturing sensors and devices are a common threat, as they are unmanaged. As seen with Petya, NotPetya and WannaCry, unmanaged devices have been the target for spreading ransomware across networks. The attackers are looking for the easiest entry point and the sensors of unmanaged IoT devices, which have become active targets. Manufacturing under government contracts has been a key target and supply chain SMBs now have required guidance for compliance. Some of the most critical aerospace designs have been stolen through cyberattacks that have a significant effect on our national security, as well as the economy for lost programs from these smaller manufacturers, whereas in food safety, the monitoring and prevention of agroterrorism is paramount to protect our national food supply.
What should we do? The list of actions remains very similar. Make sure all devices are not set to default (i.e., change passwords) — this is a typical flaw in the devices of SMBs as well as consumer devices. Verify all devices and sensors are managed and monitored. Properly segment your network — create an internal, guest and IoT network at a minimum. Some other helpful considerations around a cybersecurity program include updating firewalls, securing remote access, reviewing security configurations, operating system updates and patches, training staff members, improving security policies and changing control procedures.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.