“What GAO Found
The Internet of Things (IoT) is the set of Internet-capable devices, such as wearable fitness devices and smartphones, that interact with the physical environment and typically contain elements for sensing, communicating, processing, and actuating. Even as the IoT creates many benefits, it is important to acknowledge its emerging security implications. The Department of Defense (DOD) has identified numerous security risks with IoT devices and conducted some assessments that examined such security risks, such as infrastructure-related and intelligence assessments. Risks with IoT devices can generally be divided into risks with the devices themselves and risks with how they are used. For example, risks with the devices include limited encryption and a limited ability to patch or upgrade devices. Risks with how they are used—operational risks—include insider threats and unauthorized communication of information to third parties. DOD has developed IoT threat scenarios involving intelligence collection and the endangerment of senior DOD leadership—scenarios that incorporate IoT security risks (see figure). Although DOD has begun to examine security risks of IoT devices through its infrastructure-related and intelligence assessments, the department has not conducted required assessments related to the security of its operations.”
Heralding the shift from centralised to decentralised manufacturing, Industry 4.0 integrates IoT, data, and services, and creates networks where connected devices can talk to each other.
Last October, millions of internet-connected devices infected by Mirai malware—including many closed-circuit cameras and DVRs—bombarded internet company Dyn with traffic, causing a denial-of-service attack so massive it led to widespread outages and congestion online.
On the bright side, the crippling attack has actually led to an important and promising legislative development. On Aug. 1, a group of senators introduced a bill, the Internet of Things Cybersecurity Improvement Act of 2017, that could make some strides toward securing the ever-growing number of online devices that, generally, comprise the so-called “Internet of Things.”
Many companies begin an internet of things (IoT) journey with great expectations, only to end up with disappointing business results. Gartner recently estimated that through 2018 “80% of IoT implementations will squander transformational opportunities” and fail to monetize IoT data. And a new survey by Cisco found that one-third of all completed IoT projects were not considered a success. In my experience with dozens of organizations implementing IoT solutions, those that achieved their expected ROI changed their traditional business approaches in one or more of the following ways:
Because the Internet of Things (IoT) is creating its own ecosystem, the biggest challenge for the industry is how companies secure and manage the exponential growth of decentralized endpoint devices. Unfortunately, most security experts only know how to defend against attacks from a centralized perspective. Most Chief Information Security Officers (CISO) only understand centralized networks and depend on choke points or linear cyber kill chains that focus on traditional perimeter and inbound security protocols to defend against malware, viruses and other attacks that inevitably overwhelm networks and damage servers, devices and workstations.
Depending on who you ask, you might get a different definition of the Internet of Things (IoT). Some might even call it the Internet of Everything or the Internet of Everywhere. Whatever name might stick in the future, one thing is certain – it is going to change the way we live our lives.
For the purpose of being consistent throughout this report, I will use Kevin Ashton’s definition of The Internet of Things:
“The Internet of Things means sensors connected to the Internet and behaving in an Internet-like way by making open, ad hoc connections, sharing data freely, and allowing unexpected applications, so computers can understand the world around them and become humanity’s nervous system.”
“Stop checking whether or not you’ve achieved your step goal. Right now.
The widespread use of bring-your-own-device (BYOD) strategies and the shift towards interoperability within the Internet of Things (IoT) — the interconnection of computing devices embedded in everyday objects such as watches, refrigerators and cars via the internet — has laid ground for a lot of innovation, especially when it comes to monitoring health care data. Think fitness watches and trackers such as the Apple Watch and Fitbit. You’re probably wearing one of those right now, aren’t you?”
Internet of Things breaches and security incidents have hit nearly half of the companies that use such devices, and the cost to deal with these attacks is usually more than traditional breaches, according to recent survey results.In two separate reports, each of the studies found that 46% of respondents report they suffered a security breach or incident as a result of an attack on IoT devices.
Many people are still unsure what the concept of #internet of Things is, while experts on the subject are already throwing out staggering numbers on how many devices will be ‘online’ by 2020. From the mind-boggling 30 billion devices as predicted by the analysts at “Gartner,” to a bit more toned down predictions of 26 connected devices, as is the opinion of another analytical group, “Stringify.” Even if the concept is still unclear to everybody who uses a modern machine or an appliance, an obvious question of #Security comes to mind when you consider such an enormous number of ‘things’ connected online. Is there a significant threat or do you think that nobody cares about your ‘networked’ coffee machine?