Although not purely an IoT play, one can see the application of weather data in all its forms being important for IoT
FOSS is the future
Free and open source software (FOSS) has become a force to reckon with in many markets, especially so in connected embedded devices. For example, VDC Research predicts embedded Linux will run roughly 65% of embedded products shipped by 2017 (it’s over 50%now.) Besides the obvious advantages of reusing code it encourages open standards and frameworks. Here’s a good post on this topic:
The energy sector is one of the key infrastructure sectors and certainly a highlight of the IoT vision, for example, the SmartGrid. As such it’s a key target for attack since significant disruption of service has large economic effects (possibly strategic as well.) Unfortunately, it’s a very vulnerable sector since many of the existing systems are exploitable and it doesn’t seem that company executives are taking the problems seriously.
Complacency a key issue
Executive complacency is probably the key issue in IoT and specifically energy sector manufactures. With a startling 88% of companies lacking confidence that their shipping devices are configured appropriated for secure operation.
The energy sector is particularly vulnerable via many of the same vectors that other industrial control systems are with possible higher impact given the targets. These include:
- Unauthorized access and exploitation of Internet facing interfaces
- Exploitation of vulnerabilities in control system devices and software
- Malware infections control system networks
- SQL injection via exploitation of web application vulnerabilities
- Network scanning and probing
- Targeted spear-phishing campaigns (specialized phishing campaigns targeted at employees and known targets.)
- Strategic web site compromises
What needs to be done
A Four-Step Guide to Security Assurance for IoT Devices
Although this white paper is not IoT-focused it’s comprehensive and well thought out. In particular is the emphasis on making security a top priority from top down in an organization. I like this quote “Here’s part of the problem: Too often security remains one step removed from the officers and directors of the company. Security is seen as a technology issue. But security is first and foremost a people issue.” In fact, security is often foisted to software development teams as in “fix the security, or else.” The recommendations here are excellent and apply to all industries: Make sure security is the CEO’s responsibility, adopt a risk driven approach, appoint someone to champion security (and give them authority), and get outside help.