The light switch in your room sends the turn-on request to the Internet, and the lamp on the ceiling receives it...
That's how Gleb Nitsman, senior product manager for software developer DataArt, illustrates the Internet of Things (IoT).
"Suddenly the Internet becomes overfilled with billions of machine-to-machine requests that data centers and network facilities have to process in a timely manner," he said. This crossfire of data and networks is a vulnerable culture for industrial firms who rely on its future. For IoT, the battle cry for security and governance is on.
"With the IoT, the network's vulnerability creates the potential for connected devices in smart factories to be subjected to attack," said William Bain, ScaleOut Software CEO and founder in Bellevue, Wash. "Manufacturing facilities must implement pervasive security strategies to protect themselves from cyberthreats, for example, by encrypting all communications on critical infrastructure systems, using secure network protocols, and incorporating firewalls to isolate IoT devices from external networks. It is important to have a designated network administration team that constantly monitors the network and investigates potential threats. Lastly, IoT devices must meet appropriate standards for security and data governance to seamlessly fit within the organization's overall security strategy."
A sensitive point of exposure is critical processes that enterprises reveal on the Internet. That's a concern for Aron Semle, product manager for Kepware Technologies in Portland, Maine. "IoT will enable companies to do this by accident, so security needs to be in the forefront of everyone's mind and a key tenant when designing the network."
Semle added that the IoT networks operate under the guise of the Internet rather than a proverbial IT network. He said that a lot of what "saves" the industry today from typical security threats is that systems don't look like modern IT-based systems.
"Many don't expose Web servers and REST or SOAP APIs," he said. "IoT will change this." But Semle is concerned about raw data coming from manufacturing plants, and the IP this data holds. Regardless of the protocol -- MQTT, CoAP, AMQP, OPC UA and more -- there are standard ways to protect this data in transit, and when stored on the IoT system, he said. "So although this can't be ignored, I don't see it as a huge issue. The real focus should be on limiting the attack surface of IoT-enabled control networks."
Nowadays, more than ever, we live in a mobile world. We have smartphones with apps, tablets and a multitude of devices that rule our worlds, personally and professionally. Steve Durbin, managing director of the Information Security Forum noted that an increasing security threat comes from the BYOD movement and our emerging mobile mindset; mobile applications are increasingly managing all facets of our lives. The demand for mobile products is so rapid, security pros struggle to keep up with it.
"To meet this increased demand, developers are working under intense pressure, and on paper-thin profit margins, which is sacrificing security and thorough testing in favor of speed of delivery and the lowest cost," said Durbin. "This is resulting in poor-quality products that can be more easily hijacked by criminals or hacktivists."
Durbin added that while the IoT is still in its infancy, we have an opportunity to build in new approaches to security if we start preparing now. So the light switch that turns on remotely or the parameters that are monitored from miles away all need to be incorporated into security plans to ensure networks are safe.
"Security teams should take the initiative to research security best practices to secure these emerging devices, and be prepared to update their security policies as even more interconnected devices make their way onto enterprise networks," Durbin said. "Enterprises with the appropriate expertise, leadership, policy and strategy in place will be agile enough to respond to the inevitable security lapses. Those who do not closely monitor the growth of the IoT may find themselves on the outside looking in."
Tips for securing the Internet of Things
Challenges that hold IoT projects back