The Thing is… What is an IoT Device (and should we care)?
Against the background of a thriving digital economy, it’s evident just how many of the technologies we rely on today are going to be a big part of our interconnected future. Yet, in just a few short years, much of what we now take for granted could change beyond recognition and in ways few of us might have predicted.
In this age of digital disruption, transformation is everywhere and everything. And it’s about to reach deeper into our lives. While the personal computer era was transformative for many of us, the next step will be even bigger. Just look at the numbers. According to some media reports, there are around two billion computers in the world, depending on how you define them (traditional PCs, laptops, mobile devices, etc.). However, industry pundits state that by 2020 the number of devices, or ‘things’ connected to the web, could be closer to 20 billion.
The Internet of Things (IoT) represents another dimension to how technological innovation continues to transform our lives. Fitness monitors, smart meters, smart appliances and a host of internet-enabled devices that range from the mundane to the imaginative, with many improving our lives by recording, capturing and sharing data on almost every aspect of our behavior and lifestyle. We even have devices talking to devices, with embedded software providing autonomous, and even predictive, functions. While some devices are high-end or system critical, such as thermal sensors in an aircraft engine or nuclear power station, many are manufactured as commodity appliances, with little scrutiny or development into their design beyond performing their primary function.
As a security specialist, I have always embraced innovation and share the same enthusiasm for new technologies that benefit us all. But I also recognise that innovation carries a responsibility. In this case, there’s now a pressing need to extend a new generation of network security across the entire IoT ecosystem. If malware can target any device with an IP address, why not hi-jack an insecure wi-fi enabled sensor which has factory-default settings? And attacks don’t need to be complex… no phishing or scam emails required. Just an injection of code into the smallest embedded IP device and once compromised, it begins a new life following a new set of ‘rogue’ instructions. An internet-connected CCTV camera could become part of a botnet to remotely attack and bring down a website or company network as was shown in the recent DDOS attack on the website of prominent security Blogger Brian Krebs (https://krebsonsecurity.com/2016/09/krebsonsecurity-hit-with-record-ddos/)
So what is an IoT device? It can be a lot of things. But the one thing it must be is safe.
With the surface area for cyber-attacks set to become larger than ever, deciding how and where to deploy security in the network is now crucial. In place of traditional multi-layered, perimeter solutions, we must now move towards counter-measures that are software-defined, automated and without borders. By utilising a blend of physical, virtual and cloud resources, an integrated, pervasive architecture can adapt to each threat across the network. Driven by the burgeoning growth in mobile-centric technologies and IoT, it's fast becoming essential to secure every point of access in the network, both inside and outside… in other words, it's become a zero trust world for anything connected to the network, ‘dumb’ or otherwise.
In my next blog, I’ll look at preventing IoT devices from joining the ‘drone army.’