The Internet of Things (IoT) is changing the way we live, making us more efficient and making our lives easier. After all, now you can lock your door with your smartphone and change the temperature in your home while you drive back from vacation. Do you need more eggs? Use your refrigerator’s camera to double-check while you’re at the grocery store.
A heart monitor implant can tell your cardiologist how things are going, and you can find your lost dog by checking his microchip online. More practical applications are found every day in business and industries from healthcare to agriculture to transportation.
The IoT refers to any of the billions of devices with sensing abilities or that are somehow connected to the internet. These devices bring peace of mind to homeowners, doctors, and pet owners, plus all the rest of us. But on the flip side of this convenience, the extra layer of connectivity brings security risks and hence the need of IoT risk management.
New technology always contains risks. As we create, we figure out uses for things. Meanwhile, others are working on ways to use them against us. Internet-connected devices are like any tool: they can be used for good or evil.
You may recall the internet going down for a day or two (depending on your location) in October 2016. Experts later determined our IoT was to blame. All of those hundreds of thousands of Internet-connected devices were hacked to contribute to the attack. As the MIT Technology Review put it:
“When mobilized together, these pieces of innocent hardware can be used to send Web page requests to servers at such a rate that genuine requests are completely ignored. Sometimes, servers even fail altogether.”
The IoT today is also in control of many things we rely on in modern society: utility grids, transportation, communication. Because IoT is used to automate many of our business and personal processes, these hacks can lead to everything from property destruction to damaged equipment to personal safety risks. Take, for example, transmitters implanted into people with cardiac devices. These transmitters monitor people while they are sleeping, but the U.S. Food and Drug Administration confirms the devices have security risks and could be hacked.
The internet abounds with malicious code, or malware, and many devices are contaminated without the owners realizing the problem. As one news article put it:
“Increasingly, employees carry their own devices to work, perhaps unwittingly bringing cyber infections and malware into contact with an office network, or bringing devices with weak defenses that can be forcibly recruited into in a hostile robotic network, or botnet, for attacks elsewhere.”
The internet was long-ago built with the idea that its decentralized structure will prevent a takedown. However, repeated attacks of similar nature have experts saying someone is trying to take down the internet.
IoT Security Issues
Studies and surveys indicate most people do not realize how many of their devices, appliances, and things connect to the internet. Such devices are manufactured in large quantities, mass produced for both business and personal use. Therefore once a hacker figures out how to hack one specific device, he or she has figured out a way into the millions that have been sold. These devices have long life cycles, which means they will be attached to your light bulb for years to come.
Because this technology is so new, it is unclear who is responsible for the security and privacy of IoT devices — manufacturers, service providers, resellers, or users. Typically, engineers have assumed no one would want to hack smaller objects, so many are not created with basic security measures and may not be easily upgraded.
Also, there are many IoT standards and protocols, all varied, which leads to inconsistency. That complexity makes devices more vulnerable.
Strengthening IoT Security
According to a report outlined in a Cyberscoop article, tightening IoT Security will require work on all fronts, with no one “silver bullet.” Some of the IoT risk management steps include:
● Access logs for IoT devices
● Effective and secure password policies
● Network security and device authentication
● Design with the goal of security and privacy
Users need to take control of their own security as well. Many people forget or do not realize they need to update the software or firmware on physical devices. Those updates are often security improvements. Users can also start small: changing their login information on any all devices from “admin” and “password” to a stronger string of characters.
But we cannot rely on the end user to manage security, prompting some engineers to argue for a standardized process. In a Forbes piece, How To Make 2019 The Year Of IoT Security, contributor William H. Saito says engineers must rethink the approach. “IoT systems have to design security from the beginning on the principle that they will be attacked and compromised.”
Is the IoT security risk worth the benefits?
Saito says yes, and we couldn’t say it better: “For the first time ever, mankind is using ever cheaper and more powerful IoT devices to collect data automatically from sensors on a mass scale. … It will also bring forth a whole new realm of possibilities that we have yet to tap into or understand. We all just need to think with an updated security engineering mindset, and this is the year to get serious about it.”