The Internet-of-Things (IoT) concept has been making the technology rounds for several years. Today, big businesses and small companies are getting on board with the notion that a host of tiny, interconnected devices could pave the way to some kind of low-cost, highly agile Utopia. However, as Dave Lewis of Forbes noted, IoT security should emerge as a critical field as IoT becomes a reality. Yet, studies confirm that users almost inevitably opt for simplicity of function over security of form. So, how do enterprises — and manufacturers — ensure that devices and applications on the edge are up to snuff?
According to a recent Computerworld article, chip maker Intel is already making good on IoT's big promise. The company claims that by retrofitting CPU tester modules in a semiconductor manufacturing plant, it was able to identify common causes of component failure and save more than $9 million. Philip Cronin, sales director for Intel Asia-Pacific, says this kind of preventative maintenance is good practice, calling it "one of the bigger plays because it lends itself to IoT easily." Next steps in predictive analytics are easy to imagine: HVAC units that can detect and communicate minor failures before they become big problems, or product-tracking sensors used to monitor temperature and humidity. Intel's plan is to ally with the Open Interconnect Consortium and Industrial Internet Consortium to develop IoT standards and best practices.
It's not quite so simple, however. Gadget points out that as the number of IoT devices in use rises exponentially — Gartner predicts 20 billion installed units by 2020 — so does the attack surface. And since IoT devices don't need the same high-level functions as smartphones, tablets or desktop computers, almost any manufacturer with a viable market could design, create and mass-produce a wirelessly connected, always-on product. The result is a lack of reliable IoT security controls coupled with an ever-expanding set of access points. For example, consider what would happen with an IoT version of the Backoff malware, which infected networks via physical point-of-sale machines. If malicious actors could compromise production line monitors or health-based wearables, the results could be disastrous.
Despite physical differences and a unique production lifecycle, there's a common thread between the past and the future: applications. They might be simple, as with a few lines of code to record certain variables and pass on the information, or complex, in such cases as apps designed to monitor heart rates and other vital signs. But they follow the same basic rules and so have the same basic problem — application insecurity.
Companies are familiar with this issue, having dealt with Heartbleed, Shellshock, Poodle and a host of other application vulnerabilities this year alone. Companies are finding ways to manage these application risks using a blend of programmatic testing and real-time monitoring that encompasses everything from in-house apps to third-party code. However, IoT seems like a different conversation — and it is, when it comes to production and performance — but when it comes to security, the common denominator is application insecurity. This means companies designing IoT products can build security in at a low cost, and enterprises purchasing these devices can add security testing protocols even if they didn't build or code the apps being used.
Bottom line? The scope of IoT security makes it a challenge; the form makes it familiar.
Photo Source: Wikimedia Commons