Smart Environments Demand Smarter Security

The incredible benefits we will derive from the growth of IoT is not without its risks.

DataArt
Smart-Environments-Demand-Smarter-Security

“There will be all kinds of hiccups, horror stories, accidents, deliberate acts of sabotage and other bumps along the road that will slow but not stop our greater connectivity. Convenience and empowerment always seem to win for most people, even at some loss of privacy, control or transparency.”
– Scott McLeod, Associate Professor of Educational Leadership at the University of Colorado.

A new year presents the profound opportunity to rethink our personal and professional choices, leaving behind old problems to improve the world around us. And the Internet of Things is poised to put this concept into practice in a myriad of ways.

From smart environments in our homes and businesses to connected vehicles and other radical shifts in transportation, we are on the cusp of experiencing massive changes to virtually every aspect of our daily lives. As predicted by a Forbes report, by 2025 there will be more than 80 billion active smart devices connected to the internet worldwide.

However, the incredible benefits we derive from the continued growth of IoT is not without its risks. As our world becomes increasingly connected, security vulnerabilities also rise exponentially.

For example, automotive cybersecurity researchers Charlie Miller and Chris Valasek demonstrated their ability to remotely take over control of a Jeep Cherokee, sending commands through the vehicle’s entertainment system to its dashboard functions, steering, brakes, and transmission. This frightening discovery led to a massive recall of 1.4 million vehicles, and fortunately, the hack was accomplished by researchers as opposed to those with malicious intent.

And it’s not just connected cars that are vulnerable. Security researchers Andrew Tierney and Ken Munro took advantage of a bug in a particular smart thermostat that allowed them to lock it with malware and demand a ransom to regain control, which would leave the user in the cold until they paid the price.

These are just two of many examples illustrating the potential security problems that exist in connected devices and systems. A recent survey revealed that nearly half of U.S. firms using an Internet of Things (IoT) network have been hit by a recent security breach.

So, what can be done to effectively protect against security breaches as the Internet of Things expands?

Device-level security is one of the keys to the solution. Safeguard techniques include hardware encryption, fail-secure device design, and advanced access control mechanisms. Even in the initial design phase, various platforms can be used to optimize security and privacy, while emerging standards will soon allow for broader applicability and increased safety.

As data is being transmitted between devices, services, and users, communication-level solutions are another essential piece of the puzzle. From Virtual Private Networks (VPN) and firewalls to Intrusion Prevention Systems (IPS), the implementation of this approach in a central gateway and the cloud provides significantly enhanced security.

Service-level approaches focus on secure development processes, including security testing, data masking, and secure design principles. Although there isn’t an official governing body to offer assurance to users about the reputation of specific service providers, organizations such as the Open Web Application Security Project are working to impart secure development guidance for IoT systems, including assessment frameworks and testing guides.

The Internet of Things is changing our lives in tremendous ways, from transportation to our homes and the manner in which we conduct business. There is no silver bullet or magic solution to solve all risks, but as long as we tighten our security belts appropriately, the hiccups and breaches will be thoroughly overshadowed by the monumental benefits to the world.

Written by Igor Ilunin, Head of IoT at DataArt.

Author
DataArt
DataArt
DataArt is a global technology consultancy that designs, develops, and supports unique software solutions. With its deep industry knowledge, DataArt’s IoT team created DeviceHive, an open-source IoT data platform with a wide range of device integr...
DataArt is a global technology consultancy that designs, develops, and supports unique software solutions. With its deep industry knowledge, DataArt’s IoT team created DeviceHive, an open-source IoT data platform with a wide range of device integr...