September 24, 2013
by David Burg
There are 10 billion Internet-connected objects. IoT is creating security vulnerabilities that need to be carefully considered.
Within the last few years the number of devices connected to the Internet exceeded the number of people on the planet— some estimates placing the figure at over 10 billion Internet-connected objects. In coming years a growing number of things—food, furniture, livestock, buildings, clothing, medical devices and even entire cities—will be increasingly interconnected. While the Internet of Things (IoT) brings great convenience to daily life it is also creating significant and little explored security vulnerabilities that need to be carefully considered. As more devices and sensors get connected, we will see changes in business models across numerous sectors, precision marketing and advertising, and homes that are connected and automated.
Companies, organizations and individuals need to begin preparing now for new vulnerabilities and threats resulting from the expansion of the interconnectivity that is at IoT’s core. As the number of networked objects grows exponentially, so too will data transmission and storage methods—as well as the number of threats. Organizations of all types will need to understand threats not only to their own networks but also to other networks as interdependencies increase.
What’s next for Internet of Things security?
The IoT holds great promise but there are new developments and factors that businesses must consider.
- New regulations to mitigate the risks tied to the expansion of the IoT. In June 2013 potential vulnerabilities in medical technology prompted the Food and Drug Administration (FDA) to update its 2005 technology draft guidance on cybersecurity in medical devices; the FDA stated, “The need for effective cybersecurity to assure medical device functionality has become more important with the increasing use of wireless, Internet- and network- connected devices, and the frequent electronic exchange of medical device-related health information.” Similar regulation could come from other agencies that may focus on the emerging vulnerabilities in cars, financial services, and aerospace and defense.
- New vulnerabilities will be a constant concern as the IoT expands. Growth in this space is so rapid that the Internet infrastructure may not ready to accommodate the change. Security is not the first concern in this competitive market. Some data will not go immediately from the user to the Internet server. Local data collection hubs will store information temporarily and then upload it periodically to the Internet. This will give malicious actors more attractive targets to attack, enabling them to go after hubs that may lack either cybersecurity or physical security protocols.
- New threat actors will take note of the new vulnerabilities and may use them to achieve exploits not previously associated with cybercriminals—such as manipulating implanted medical devices to injure or kill.
- New lessons concerning the scalability of the IoT will appear. One example is the Songdo International Business District, a smart city being built from scratch 45 miles from Seoul as a social, business, and security experiment for the Internet of Things. Lessons from such grand models will tell us much about how the IoT can be—or should not be—utilized and how threat actors will focus on a potentially target rich environment.
To date, creation of products that are fully integrated into the IoT has come in fits and starts. Many American consumers have the most experience with the IoT in their homes through linked entertainment, alarm, and appliance systems. Health care, transportation, home appliances, critical manufacturing and clothing and accessories are key sectors that are likely to be the most densely connected. Organizations will need to be mindful of the security risks that will accompany each new technology advancement.