Securing the Internet of Things

Lisa Bock, Author - Ethical Hacking:
Penetration Testing. Linda.com

The Internet of Things (IoT) is a collection of devices attached to the Internet that collect and exchange data using nodes and controllers. A device on the Internet of Things is an internet-connected smart device. Unlike a computer that computes, the design of an IoT device is to do a particular task, such as monitor temperature or record video. The device gathers data; it then transmits it to a remote location.

Billions of smart devices make up the Internet of things. From RFID tags to refrigerators, they are talking to us and to each other. Business and consumers are recognizing the value of integration of IoT products and systems into their infrastructure. Prior to tethering any device to the IoT, we need to take a minute and consider the security and privacy issues.

In the evolution of computers and technology, we have gone through cycles of security and privacy awareness. When thinking about early computerization and the internet, we must go back to the late 50’s and early 60’s we had mainframes and the ARPAnet. Mainframes were giant data crunching machines, and the ARPAnet, the beginning of what we know of as the Internet today.

During that time, there really wasn’t any concern about security; In fact, on a mainframe the only security issue was concerns over physical security, where someone might accidentally break a vacuum tube. As far as the Internet, there really wasn’t any as the early ARPAnet only had a few hosts. As far as vulnerabilities, Grace Hopper identified the first computer bug – a moth that had flown into the system.

Things began to change in the 70-80’s, as the idea of the personal computer became widespread. With more computers in the home, the Internet was gaining popularity and more and more hosts were connecting. The first worm was the Morris worm, written by a Cornell student, who released the worm and then subsequently brought the fledgling internet down. At the same time, scientists developed early encryption algorithms and cryptographic techniques to ensure the privacy and integrity of data.

The internet became public in 1992, and that opened a whole world of possibilities. From surfing, reading news feeds, to shopping and banking. The credit card industry developed PCI DSS – a proactive approach to protecting digitally transmitted credit card information. Today, it is a common practice to exchange data in an encrypted stream using SSL or TLS.

Most organizations have layers of security: security appliances, such as firewalls, IDS, Policies, which are the rules, regulations, and procedures and Security Education Training and awareness. As we enter the next generation of computing, Web 4.0 the IoT, we need to reexamine the whole of idea security, as the IoT is changing everything. Millions of people and businesses are purchasing and implementing devices to enhance our lives.

When we think of a perfect world using the IoT, we see grandpa living at home. We are confident he is moving about the house, his heart is in good shape, and he has milk in the refrigerator. However, the real concern is the webcam in the garage can, and might have possibly been a part of DDoS.

Our world is changing. With all the awesome possibilities the IoT brings, we must keep in mind the many security and privacy considerations.