The Internet of Things and Security

If connected machines are making people more connected, does this trust come at a price and what safeguards do we need to put in place?

by Dr Guy Bunker.

What is the Internet of Things?

The Internet of Things (IoT) – or “Machine to Machine (M2)- is the result of superfast mobile technology paving the way for machines, other than laptops and smart phones, and other inanimate objects to interact without the need for human intervention. So what use could this be to a business? Essentially, with different machines connected on a limitless network, business can benefit from controlling and monitoring *everything* on a much larger scale and more efficiently. Smart meters in houses are just one example. As I’ve talked about before, “human error” is one the greatest risks in security so if we can automate processes as much as possible without the need for human intervention then, theoretically, the inadvertent enemy within is removed.

What can I do with it and what are the risks?

One example of the benefits to a system is in Galacia, Spain, where sensors are being used to monitor soil conditions in the vineyards to provide warnings of disease and enable traceability from grape to bottle. The idea is that devices can monitor one aspect of the process then communicate with another machine to do the next step when necessary, and so on. However, whilst one aspect of the “enemy within” can be eliminated by removing the risk of human error, the solution as a whole only works if the “Internet of Things” is completely secure. Recently we learned of everyday household “smart” appliances being hacked into, including at least one refrigerator, in what may be the first proven Internet of Things (IoT)- based cyber-attack involving conventional household 'smart' appliances. Without security, IoT creates considerably more risk for both individuals and businesses. Imagine if your fridge ordered a thousand boxes of cereal, or started to download and distribute porn?

Changing mentality and the Tipping Point

Forrester’s WEF in Davos, Marissa Mayer cited how “sharing economy” apps are revolutionising the world. 150,000 people let strangers stay at their home last year through Airbnb; 1.5 million people assigned tasks to strangers through TaskRabbit and 56 percent would consider renting out their cars to strangers. It’s a human trait for people to see the good in others, unfortunately there is, as per usual, a small percentage who ruin it. Too many stories in the press around faked hotel reviews and ‘likes’ mean that the trust soon disappears. Nonetheless, the figures speak for themselves and it seems that technology is changing how we interact and the amount of information that we’re freely willing to share online. Whilst there are concerns that the Internet of Things opens new avenues for privacy invasion and cyber-crime (the utility companies can tell through smart meters whether you are at home, at work or on holiday – which is good for them for planning etc., but what if that information fell into the wrong hands?), do we need to sacrifice privacy to ensure data protection and cyber security? According to Forrester researchers, “people recognise they need to give up some of their privacy to be protected”.

Cyber risks- Supply Chain Value

Whilst we secure our PCs and laptops with anti-virus and security technology, we are very unlikely to have added any kind of software onto the kitchen “smart” fridge; we’re always too keen to try out the new technology available without protecting our own information and data. Have you read the small print on smart TVs? Time to look closely at them if you haven’t. It’s precisely this ease of accessibility which makes the Internet of Things both highly desirable in its technological potential, but also highly risky for everyday use.

Essentially, in a network of everyday appliances and devices which includes access to a computer with valuable/ personal data or through the app (did you use the web browser on the TV to buy something, does your fridge know your credit card number?), that network is only as secure as its weakest link. The Internet of Things has come from logistics and supply chain automation and so, just like in any supply-chain or value-chain where there’s an exchange of information, hackers target the weak point to access valuable data in otherwise secure devices. But this is not a new cyber risk; this is something that even financial institutions can be prey to if they don’t consider the security of each point the value chain. What’s crucial here is that, with changing attitudes to how we use technology, we should adapt our attitude to security accordingly. We ensure our home PCs are secured as a matter of course; we must also do this with our smart appliances that are connected on the same network - a fact which is even more relevant to businesses with the increase of BYOD.

In summary...

The Internet of Things promises an exciting digital evolution both for the consumer and the business owner, but in order to enjoy the advantages we need to ensure that cyber security policies and supporting technologies are put in place tailored to protecting the entire network of devices.