Smart spies and how to secure the IoT future
Richard Parris, CEO, Intercede
Both Cisco and Ericsson forecast there will be approximately 50 billion connected devices in operation globally by 2020. Whatever the exact figure, we can predict one certainty: IoT will play an increasingly dominant role in our lives, redefining them as we know it.
What we cannot guarantee, though, is that this IoT ecosystem will be safe, secure, reliable and robust.
In recent years we have witnessed the damage wrought by IoT security breaches, including the world’s largest botnet hack on Dyn last year. Many smart devices are inherently insecure, with operating systems and networks which facilitate the connections also at risk from infiltration and manipulation, says Richard Parris, CEO, Intercede.
The IoT is slowly entering fields like healthcare and energy, and if we consider the damage lax security can cause at present, just think how severe this could be in more critical environments. If security is not addressed by all parties now, the rosy vision of a connected world of the future will never be a reality.
A spy in your living room?
It was over a year ago when we discovered that users of IoT search engine Shodan were able to browse and access insecure webcams. These users could then watch and relay the images recorded on these devices, which included everything from footage of schools and shops to a sleeping baby.
Hackers set their sights on a much larger target last November, when reports emerged of Mirai malware – which utilises insecure smart devices – being used in an attempt to bring down the entire internet infrastructure of Liberia. Fast forward to 2017 and we hear the news that the UK’s MI5 has allegedly colluded with the CIA to help create malware for infiltrating Samsung smart TVs.
Establishing digital trust
IoT technology may be progressive, but the security aspect of this ecosystem is trailing far behind. Until now, there has been little effort to create relationships between those involved in the IoT landscape, yet this will be crucial in order to ensure a security and impenetrability. Consumers are already benefitting from smart gadgets, and as the IoT moves into fields like healthcare and transport, building a chain of trust will be of more pressing concern.
The number of parties involved in the IoT chain for any smart device means that one weak link can jeopardise its security. Therefore, digital trust must be established at every touch-point in the vast web that facilitates and powers devices. The Trust Continuum proof-of-concept has created a foundation for this end-to-end model, which now needs to be replicated on a global scale.
Establishing digital trust across the entire IoT chain necessitates close collaboration on every level. This begins at the inception of every smart device, and requires trust and key management infrastructure to be built into the very hardware – the silicon chips – at the design stage, making them ‘trust-ready’.
These security features can then be activated and further relationships established between the ‘trust-enabled’ device and subsequent elements in the lifecycle of the device. From the software programming, apps, connections, services, and data centres; to the people, businesses, hardware, and virtualised infrastructure: all must work together to deploy and manage trusted services, improve the end-user experience, and ensure that the IoT is safe and profitable.
More must also be done to make it easier for developers to integrate security into their products and allow updates in real time to ensure the delivery of secure services across any number of platforms.
It is vital that a smart anything is running authentic software, for example, so that mutual trust can be created between the device and server, and from there the services it accesses via the server. This trust must then be continued; between the multiple cryptographic touch-points between IoT node and the cloud.
It is only when all entities and all relationships in the chain are managed in this way that hackers can be prevented from invading the ecosystem and compromising the digital exchange.
A working group to champion this idea has been a positive start. And tech companies have begun to come together to address the lack of cyber security standard around the IoT.
But what’s needed now is for everyone to get involved and to progress the necessary products, services, technologies, policies and standards to ensure digital trust across the board. We can only imagine the opportunities a connected world could deliver, but this will only be realised if all parties act now to establish a solid chain of digital trust.
The author of this blog is Richard Parris, CEO, Intercede
Comment on this article below or via Twitter @IoTGN