https://www.iotworldtoday.com/wp-content/themes/ioti_child/assets/images/logo/IoTWorldToday-mobile-logo.png
  • Home
  • News
    • Back
    • Roundups
  • Strategy
  • Special Reports
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Podcasts
    • Strategic Partners
    • Latest videos
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Editorial Submissions
  • Events
    • Back
    • IoT World Expo Austin
Iot World Today
  • NEWSLETTER
  • Home
  • News
    • Back
    • Roundups
  • Strategy
  • Special Reports
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Podcasts
    • Strategic Partners
    • Latest videos
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Editorial Submissions
  • Events
    • Back
    • IoT World Expo Austin
  • newsletter
  • IIoT
  • Cities
  • Energy
  • Homes/Buildings
  • Transportation/Logistics
  • Connected Health Care
  • Retail
  • AI
  • Metaverse
  • Development
  • Security
ioti.com

Security


Thinkstock

IoT

Relearning Cybersecurity Strategy in an IoT World

When it comes to cybersecurity strategy in an IoT World, it is better to assume everything you know is wrong than to presume you're safe.
  • Written by Don Deloach
  • 4th May 2018

In recent decades, the world has transformed dramatically. Even since 2010, smart connected technology has helped redefine everything from our cars, homes, cities and towns, offices, farms and even athletic fields while giving rise to new products like wearables and smart speakers. And while we may think we have made sense of this new world, sometimes a landscape changes so fundamentally that we must call into question our fundamental assumptions about our technological reality. Now is such a time, especially when it comes to cybersecurity in our Internet of Things era.  

Before we delve into the how IoT is redefining cybersecurity strategy, let’s imagine the IoT possibilities of the present and near future. Think of cars that can “wake up” and anticipate our arrival as we get close to them. Connected sensors in the vehicle can also transform our experience behind the wheel, up until the moment we park and get out of the vehicle. And let’s be honest, it won’t be long before the car is probably parking itself. Wherever we get out, we likely are not far from a public Wi-Fi hotspot. And if it’s time to take a break from working, you might want to take public transportation to a stadium to see your home team play football. To get there, you might get on a highly instrumented bus or train with the ability to self-diagnose mechanical failures while traveling across infrastructure that includes bridges with vibration analysis. Once you arrive at a stadium, you’ll find it instrumented to the point you receive location-aware ads on your smartphone. These notifications might tell you where to find the shortest beer lines based on your specific preference or that a new jersey for your favorite player is for sale at the game.

Once you get back to your seat and see the action on the field, you witness a massive hit. Instead of wondering what happened to the player on the receiving end, you can access empirical data generated from sensors in the player’s helmet in correlation with other biometric measurements. You are so taken aback by the action on the field that your heart jumped, prompting a cloud-based analytics program to kick in to analyze your pulse after your watch and pacemaker detected your spike in heart rate, signaling an alert before your pulse returns to normal.

But as much as we think we can anticipate the world waiting for us just around the corner, there is often a gap between what we think we know and reality. A scene from “Men in Black” captured this well, when “Agent K” said: “1,500 years ago, everybody knew that the Earth was the center of the universe. 500 years ago, everybody knew that the Earth was flat. And 15 minutes ago, you knew that people were alone on this planet. Imagine what you’ll know tomorrow.” Imagine indeed. As Erik Brynjolfsson and Andrew McAfee so adeptly showed in their book, “The Second Machine Age,” the world is advancing at an ever-increasing rate thanks to the combinatorial impacts of an array of technologies. When we think we can comprehend this world fully, we are reminded that with each passing day, it is more difficult to do so.

It may be a truism that smart, connected technologies are fundamentally changing the field of cybersecurity while opening up new vistas of vulnerabilities. Yet from a security standpoint, many people still think they are safe based on personal assurances. Their self-talk might include statements bordering on magical thinking like “I didn’t get hacked last year, so I won’t this year either,” or “No one will guess my password: 123456.” More security-conscious people might tell themselves: “I have an excellent password. It is so long and complex, people think I am crazy,” or they might have a more strategic approach, telling themselves: “I only engage with any technology under a fairly strict set of circumstances.”

While cybermaturity of individuals varies considerably, most people assume that they — and the organizations they work for — are safe from cyberattacks. Every day, however, we see ample evidence debunking that myth. It would be one thing if this false sense of security were limited to consumers and individuals. It’s quite another when it extends to employees of large corporations with massive infrastructure and even chief security officers. But it does. So it makes sense to ask why?

In my opinion, this is mostly an artifact of the Internet of Things and the hype surrounding it. For quite some time, I have been a huge champion of IoT, and continue to believe it is changing our world for the better. But with that opportunity comes the responsibility of understanding and adapting to the cybersecurity challenges it raises. Workers at many organizations often have a poor awareness of the connected IoT devices surrounding them. More security-conscious workers may feel assured what they have read and heard about cybersecurity over the years will keep them safe.

While it may be tempting to think that cybersecurity best practices have long been codified and that we can look to the past to help secure the future, the cybersecurity strategy you need to protect yourself or your enterprise this year is appreciably different than it was in, say, 2010.

IoT has extended the interaction and reaches of the infrastructure beyond employees, beyond the four walls of the company, and beyond the tightly guarded architecture of the past. For instance, smart car keys have chips in them that communicate with a vehicle. The instrumentation throughout the car has massively increased, as well. The use of low-power, wearable devices has steadily risen, leading to everything from counting steps to sophisticated healthcare applications such as automated medication delivery and adaptable cardiac support. We monitor our infrastructure with super small, low-power devices. We track assets using similar technology using low-power, wide-area networks that allow for use cases today that would have been entirely impractical from a cost and deployment standpoint just a few years ago.

So all good, right? Our world stands to benefit from the perfusion of connected technology that surrounds us. Maybe. If we want to build a new world, we need to let go of what we think we know and consider the risks carefully of surrounding ourselves with autonomous connected devices. We can’t continue to assume that our enterprise companies are safe.

Already, we know internet hotspots are not safe. Hacking at a local public hotspot happens all the time, and is not particularly difficult. But we tend to think less often about the risk of a hacker accessing our car by way of a Bluetooth-connected tire valve. It’s not clear that the infotainment system you use in your car is safe from hackers either. When security researchers took remote control of a Jeep in 2015, their point of entry was the infotainment system. And roughly two years before that, when hackers breached a gateway server at retail giant Target to obtain data from some 40 million credit and debit card shoppers, they did so through another unexpected portal — from an HVAC vendor that did work for the retailer. The arbitrary-seeming nature of IoT-based attacks continues to surprise. There’s no shortage of anecdotes like these, where a hacker gains access by looking to a seemingly-random point of entry to launch an attack. Only recently, hackers breached a casino to the dismay of the high rollers in their database via the thermometer in the aquarium in the casino lobby.

Stories like these should serve as a reminder that what we think we know about security has to be relearned in the context of the Internet of Things. The ecosystem in our IoT world is fundamentally different than it was before. The attack surface is everywhere, and this equates to a massive increase in vulnerability. In the traditional security model, we could build a castle with a moat to keep the bad guys out. But now, it’s no longer about protecting the castle walls and ensuring the moat is big enough. The castle is everywhere, and we must protect everything and everyone we care about, no matter where they are. As IoT blurs the lines between the digital and physical, so does the notion that there is anywhere to hide from cybercriminals. We are not protecting the beach; we are safeguarding each grain of sand. This concept is a material change from the past. Think of it as protecting each session or engagement, noting that the interaction may or may not involve humans. Increasingly, those interactions won’t. But what initiates the session? Is it a small device? If so, does a traditional security stack even run on that device? What is the device talking to? And how do the messages get there? If it is communicating with an application that resides in a public cloud, is the access via a local public Wi-Fi hotspot with lax security protections?

In an IoT world, the person or device initiating the transmission of data must be viewed in the context of the interaction (session) and the entire path from the creation of that data to the consumption of that data and all interim hops in between. When the protocols change, the session needs to be protected. If the starting point is a low-power device below the traditional protection points (like the tire valve or thermometer, or even the pacemaker), the session needs to be protected. When the interaction uses public Wi-Fi, the session needs to be protected. The same applies when the interaction gets into the cloud, but is normally “unpackaged” within that infrastructure. Until the data is delivered into the consuming application where the right constituent with the proper authorization needs to consume that data, the session needs to be safeguarded. Full stop. These realizations are examples of the rethinking of security in the broader IoT world. The benefits of IoT can change life as we know it — for the better. Much better. But we can only realize its potential if we can also take steps to avoid the unintended consequences of increased vulnerability and the undermining of our data, privacy, companies and public infrastructure.

Tags: Article Security Technologies

Related Content


  • Caltech campus
    Robots Could Gain Sense of Touch, With New Artificial Skin
    New design can help businesses determine the presence of hazardous materials, offer greater safety for workers
  • Clearview AI Fined $9.4M Over Facial Data Scraping
    The company was ordered to delete any data it held on U.K. citizens.
  • Microsoft Ramping up Cybersecurity Service Offerings
    Three new managed services will boost the company’s presence in the security space
  • IoT Product Roundup
    IoT Product Roundup: PTC, Nokia, Arm and More
    All the latest Internet of Things products

Leave a comment Cancel reply

-or-

Log in with your IoT World Today account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest News

  • Northrop Grumman Harnesses IoT for New Missile Integration Facility 
  • Microsoft Extends Secured-Core Program to IoT Devices
  • Spot the Robot Dog Helps Police Ahead of Boston’s Fourth of July Celebration
  • Unmanned Robotic Combat Vehicle Being Tested

Roundups

View all

IoT Deals & Partnerships Roundup: Nokia, Accenture and More

29th July 2022

IoT Deals & Partnerships Roundup: Nokia, SoftBank, Microsoft and More

15th July 2022

IoT Product Roundup: Nokia, Energous, Dashbot and More

6th July 2022

White Papers

View all

The Role of Manufacturing Technology in Continuous Improvement Ebook

6th April 2022

IIoT Platform Trends for Manufacturing in 2022

6th April 2022

Events

View all

IoT World Expo Austin

2nd November 2022 - 3rd November 2022

Latest Videos

View all
Image shows a road within the Curiosity Lab at Peachtree Corners

Brandon Branham, Peachtree Corners, on Smart Cities

Peachtree Corners CTO and assistant city manager chats with IoT World Today’s Chuck Martin about what’s happening at Curiosity Labs

Image shows a Beep electric autonomous shuttle

Joe Moye, Beep, on Self-Driving Shuttles

Beep’s CEO chatted with IoT World Today’s Chuck Martin about the deployment of the company’s electric autonomous shuttles

E-books

View all

How Remote Access Helps Enterprises Improve IT Service and Employee Satisfaction

12th January 2022

An Integrated Approach to IoT Security

6th November 2020

Webinars

View all

Is MQTT becoming the de facto standard of Industry 4.0? The impact of IoT on industrial automation protocols

18th August 2022

Building trust for a connected world

25th August 2022

Is MQTT becoming the de facto standard of Industry 4.0? The impact of IoT on industrial automation protocols

18th August 2022

Special Reports

View all

Omdia’s Smart Home Market Dynamics Report

7th January 2022

Cybersecurity Protection Increasingly Depends on Machine Learning

28th October 2020

IoT Security Best Practices for Industry and Enterprise

20th October 2020

Twitter

IoTWorldToday, IoTWorldSeries

The Future of 5G Featured at IoT World 2022 dlvr.it/SW6Szm https://t.co/eXWr6mfQya

5th August 2022
IoTWorldToday, IoTWorldSeries

Mars Drones Complete Testing on Active Volcano dlvr.it/SW6M4d https://t.co/mB8Suz1hzU

5th August 2022
IoTWorldToday, IoTWorldSeries

Honeywell Partnership Provides Flying Car Control Technologies dlvr.it/SW3t5n https://t.co/iFftFZaHxD

4th August 2022
IoTWorldToday, IoTWorldSeries

Driverless Autonomous Vehicles Arrive in China dlvr.it/SW3nzN https://t.co/nAVugrMzqG

4th August 2022
IoTWorldToday, IoTWorldSeries

Hyundai Reveals Futuristic Smart City With Automated Transport dlvr.it/SW3jgr https://t.co/fPaR8B0ikN

4th August 2022
IoTWorldToday, IoTWorldSeries

More Intelligently Converting DC Voltages dlvr.it/SW2tKz https://t.co/SMFWhTPpCW

4th August 2022
IoTWorldToday, IoTWorldSeries

Illinois Researchers Use AI to Teach Robots Teamwork dlvr.it/SW1DsC https://t.co/M3wqXN9JaR

3rd August 2022
IoTWorldToday, IoTWorldSeries

BMW Reveals $308M Test Track for Autonomous Cars dlvr.it/SW0D8q https://t.co/3zXFVnl4rd

3rd August 2022

Newsletter

Sign up for IoT World Today newsletters: vertical industry coverage on Tuesdays and horizontal tech coverage on Thursdays.

Special Reports

Our Special Reports take an in-depth look at key topics within the IoT space. Download our latest reports.

Business Resources

Find the latest white papers and other resources from selected vendors.

Media Kit and Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • IoT World Series
  • Channel Futures
  • RISC-V
  • Dark Reading
  • ITPro Today
  • Web Hosting Talk

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Login/Register

FOLLOW IoT World Today ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X