A growing mass of poorly secured devices on the Internet of things represents a serious risk to life and property, and the government must intervene to mitigate it. That’s essentially the message that prominent computer security experts recently delivered to Congress.The huge denial-of-service attack in October that crippled the Internet infrastructure provider Dyn and knocked out much of the Web for users in the eastern United States was “benign,” Bruce Schneier, a renowned security scholar and lecturer on public policy at Harvard, said during a hearing last month held by the House Energy and Commerce Committee. No one died. But he said the attack—which relied on a botnet made of hacked webcams, camcorders, baby monitors, and other devices—illustrated the “catastrophic risks” posed by the proliferation of insecure things on the Internet.
They were supposed to be smart. But it turns out that smart devices—the web-connected gadgets that can monitor and control our lights, our locks, our boilers, and even our cars—have a lot to learn.The evidence lies in hacked babycams, compromised braking and steering systems, and, most recently, security cameras that were hijacked to cripple websites with bogus traffic.
Experts say that many connected devices, which make up the growing Internet of Things, or IoT, are putting consumers’ privacy at risk.
The Internet of Things or IoT is this notion that everything around us is connected and intelligent. Your coffee maker talks to the cloud which in turn tells it when to start brewing coffee based on when your alarm clock (which also talks to the cloud) is set. But what if your alarm clock just talked directly to your coffee maker? That’s the basic idea behind “machine to machine” or M2M communications which is the latest buzzword everyone’s getting excited about. Just how excited are people getting about M2M? CB Insights uses their powerful artificial intelligence powered “CB Insights Trends” tool to show us:
In early 2016, we shared our predictions of key security threats likely to hit us this year. As predicted, cyber espionage, ransomware, insider threats, IoT device attacks and attacks on industrial control systems (ICS) all increased in 2016. A number of other targets remain in the line of hackers” fire, with both financial gain and personal notoriety being key drivers of malicious activity.
On the plant network and across multiple devices, safety and cybersecurity have tended to be separate concerns. Yet in our increasingly unsafe networked world, the two considerations have started to bleed into one another. Device manufacturers and embedded software designers, need to be vigilant in order to provide a safe and secure system for applications to do their work.
“Today, we can shop around the clock online, tap an Uber app to summon a ride in minutes, and we have an embarrassment of riches of products and services at our fingertips. We can price check countless items in seconds on our cell phone, spotting both a bargain and a rip-off.
These changes have vastly upped the stakes for retailers, which are frantically pulling all sorts of technology levers to keep step.
And they’re placing big bets on the Internet of Things: Merchants around the globe are poised to spend $2.5 billion on IoT technologies by 2020, according to Juniper Research.”
IBM announced on November 21 new Watson IoT (internet of things) Consulting Solutions, including specific offerings for the automotive, electronics and insurance industries.
Jesus Mantas, GM for IBM Business Consulting explained that the goal with the new IoT Consulting solutions is to help enable organizations recognize and benefit from the business transformation benefits that IoT can help to provide.
“We wanted to create an easy way for clients to consume IoT services in an integrated way,” Mantas told eWEEK. “So instead of organizations needing to buy a platform, hire consultants, put it all together and then build a business, we’re putting it all together inside of an IBM stack.”.
Confronting the dangers posed by the Internet of Things – as demonstrated by the Oct. 21 Mirai DDoS attack – members of the House of Representatives’ Energy and Commerce Committee held a hearing on Wednesday that examined the feasibility of regulating IoT devices.
Speaking before the Subcommittee on Communications and Technology and the Subcommittee on Commerce, Manufacturing, and Trade, experts testified that IoT device manufacturers generally lack the financial incentive to secure their products while device consumers lack the motivation to practice responsible cyber hygiene with said products.
“The market really can’t fix this. The buyer and seller don’t care,” testified Bruce Schneier, a computer security expert and fellow at Harvard University’s Berkman Klein Center for Internet & Society. “I argue that government has to get involved, that this is a market failure and what I need are some good regulations.”
“As the attack surface increases with the introduction of connected devices, the attack potential grows exponentially,” the report said. It said healthcare organisations should set specific IT security requirements for IoT components and identify how they will be interconnected, or connected to the internet. The report argues that device manufacturers need to involve hospitals from the very beginning when designing systems and services.ENISA executive director Udo Helmbrecht said: “Interconnected, decision making devices offer automation and efficiency in hospitals, making them at the same time vulnerable to malicious actions.”
The report warns that there are “several serious vulnerabilities that come with the use of IoT in healthcare that are difficult to address.”