We’re living in unprecedented times. The COVID-19 pandemic has disrupted nearly every industry, causing economic damage that will have long-lasting repercussions. The World Bank forecasts a 5.2 percent contraction globally GDP this year — the biggest global recession in decades. The recessions in wealthy and emerging economies alike are causing industries to localize production and shorten supply chains, and the impact on human activity — from health to employment — is profound.
As vaccines are delivered and countries start to reopen, the conversation is shifting from containment of the virus to economic rebound of economies. Yet the crisis is far from over, with the World Health Organization reporting a five-fold increase in COVID-19-related cyber attacks. Some of these attacks may have exploited an unsecured connected device, meaning trust must be established in companies who are leveraging digital transformation strategies to become fully operational and mitigate future pandemic effects.
Digital transformation strategies and technology must focus on users’ and organizations’ safety and help build societies prepared for the next global crisis. To do this, we must apply the right thinking in advance to vaccinate IoT against future threats.
More Resilient and Secure Multilayered Cities
By 2050, it’s estimated that nearly 70 percent of the world’s population will live in urban areas. Despite many people leaving cities during the pandemic, populations will bounce back as people look for better professional opportunities. Smart cities are inevitably a part of this future, as we look to technology to solve issues like overcrowding and pollution.
Unfortunately, security, or rather the lack of security, could throw a wrench in smart city planning. While the smart city market is projected to grow to $158 billion in 2022, most of today’s cities are woefully unprepared to handle the data produced by tens of billions of new connected devices powered by the Internet of Things (IoT).
The architecture of smart cities will be multilayered. Some layers will be powered by sensors, which will collect data used by applications that offer insights for smarter decisions. Although IoT devices are designed to help humanity, a single DDoS attack by a hacker can paralyze an entire IoT infrastructure. A single hack could exploit vulnerabilities to take out an entire power grid, traffic system, or water utility system.
Even nuclear power plants aren’t immune from nefarious attacks: In November 2019, there was a breach of a nuclear power plant’s administrative system in India. While this breach didn’t cause critical damage, it also didn’t inspire confidence in nuclear power plant security. And hospitals could be rendered dangerous if their HVAC systems were attacked — a terrifying thought with so many hospitals currently at capacity.
Security concerns have inhibited widespread IoT adoption. According to the IoT Business Index 2020, an Arm-sponsored report by the Economist Intelligence Unit, 45 percent of executives who have worked with IoT believe that security issues have held back consumer adoption, while 37 percent say these concerns have discouraged their companies from pursuing an IoT strategy. To increase consumer trust in IoT, we must therefore enable IoT’s connected networks to find, isolate and remove threats. This means that just as the architecture of smart cities is multilayered, security for IoT-empowered devices must also be layered, offering a secure conduit for data that runs from chip to cloud.
Limiting Control of Network Access
What considerations must be made as societies reopen and industries and businesses ramp up their connectivity? Consumer IoT adoption is still in its early stages, yet 69 percent of enterprises already have more IoT devices on their networks than computers. This poses an increasing attack surface that many companies haven’t adequately addressed.
As networks become increasingly prevalent, finding ways to control their access is essential. In 2019, an eight-year-old girl was taunted in her bedroom via her family’s Ring security camera. In another home, a thermostat was raised to a sweltering 90 degrees after hackers infiltrated the family’s Wi-Fi and Nest camera system.
Fortunately, there’s a way forward. For starters, it’s critical that consumer IoT device manufacturers not only build more secure products but also enterprises, cities, and governments. For example, the Taiwanese city of Taipei relies on IoT-empowered nodes to securely manage city-wide lighting control from a single dashboard, allowing them to push firmware updates over-the-air, while also reducing maintenance costs and road closures. Like most big urban areas, thousands of access points are woven into a city’s infrastructure. Designing chip-to-cloud encryption and secure device access functionality into the ecosystem ensure peace of mind while allowing third-party engineers to read device data without the ability to overwrite it.
Where IT and OT Worlds Collide
Although the security responsibility used to rest primarily with IT departments, the convergence of IT and OT environments forces companies to reexamine their security capabilities as sensors permeate through our infrastructure. Major attacks against an OT network haven’t yet disrupted cities at a wide scale, but with smart cities’ growth, it’s just a matter of time.
Many OT environments are a part of an organization’s legacy system. IPnet, for example, is still being used in operating systems despite not having been supported since 2006, potentially putting millions of connected devices at risk of attack. More than ever, companies need to train security specialists who can mitigate the risks to networks by understanding, protecting, and integrating converging IT and OT environments.
Where Do We Go From Here?
As governments and companies reopen and design and implement smarter, more resilient cities, they will be forced to build trust and reckon with gaps in IoT security. Crucial to smart city initiatives will be filling the gaps by training the right people to enact layered security measures and increasing consumer confidence by preventing hackers from infiltrating their homes, businesses, and the workplace.
These issues, of course, are diverse and complex, but there is one fundamental principle: security isn’t optional. Companies must take care to choose the appropriate platform that provides IoT developers with the necessary functions to assist engineers in creating security components. Companies must also find appropriate, reliable partners committed to building trust and architecting long-term IoT solutions while setting the stage for post-COVID-19 recovery.