The Time for IoT Security is Now (before it’s too late)

by Jeff Wiener on April 24, 2015

Here’s a scary thought: A next-gen cyber-terrorist hacks into an airplane from the ground, assumes control of the aircraft, and remotedly crashes it into the ground. While such a thing may sound like the plot of an action movie this was actually one of the possible scenarios detailed in a recent Government Accountability Office report on the security vulnerabilities in modern commercial aircraft.

While such a scenario remains highly unlikely, the problem is that it’s not impossible, and more to the point, such threats exist across the entire gamut of connected devices. So if such attacks are possible against an Internet-connected aircraft, how much more likely are such cyber-intrusions likely to happen on our more pedestrian connected devices in the growing world of the Internet of Things (IoT)?

According to security expert and CTO of Resilient Systems Bruce Schneier, while direct cyber-attacks against networks controlling aircraft or self-driving cars or other critical infrastructure are a real threat, they aren’t very likely. What is likely however—and significantly more disconcerting—are the attacks against less protected devices across the growing Internet of Things, devices that could act as gateways into what is quickly becoming an all-encompassing inter-connected network, where one hole in the dam, as it were, could quickly lead to an entire systematic collapse.

As Schneier writes, “Future attacks will be exactly like what’s happening on the Internet today with your computer and smartphones, only they will be with everything. It’s all one network, and it’s all critical infrastructure.”

“We’ve already seen vulnerabilities in baby monitors, cars, medical equipment and all sorts of other Internet-connected devices. In February, Toyota recalled 1.9 million Prius cars because of a software vulnerability. Expect similar vulnerabilities in our smart thermostats, smart light bulbs and everything else connected to the smart power grid. The Internet of Things will bring computers into every aspect of our life and society. Those computers will be on the network and will be vulnerable to attack,” Schneier writes.

He adds, “And because they’ll all be networked together, a vulnerability in one device will affect the security of everything else.” Simply put, while most of us are well aware that a vulnerability in our router can impact the security of entire home network, consider that in the growing Internet of Things, a similar vulnerability in your Internet-connected refrigerator or heating system can now offer hackers the same gateway, only those devices have no security protocols in place.

As mentioned, the security problem IoT now faces is not unlike the one the PC industry faced in its early days, a problem that the industry chose to ignore until it was too late and then spent decades trying to unsuccessfully play catch-up. If we want to help secure both the pedestrian and critical networks of our connected everything tomorrow, Schneier notes, we have to start deploying security protocols today, when IoT is still a fledgling industry.

So while assuming remote control of an airplane is an unlikely scenario the point that Schneier, among others, is trying to make is that security needs to be part of the growing IoT industry on the ground floor; for whether its airplanes or smart refrigerators or network connected footwear, when they’re all connected, everything is vulnerable.

Previous post:

Next post: