Although not purely an IoT play, one can see the application of weather data in all its forms being important for IoT
IBM is purchasing The Weather Company’s product business:
Data sources, a new gold mine for IoT?
Reply
Monthly Archives: October 2015
Open Source Technologies are Key to IoT Growth
FOSS is the future
Free and open source software (FOSS) has become a force to reckon with in many markets, especially so in connected embedded devices. For example, VDC Research predicts embedded Linux will run roughly 65% of embedded products shipped by 2017 (it’s over 50%now.) Besides the obvious advantages of reusing code it encourages open standards and frameworks. Here’s a good post on this topic:
Round-up: Open source technologies are key to the growth of Internet of Things
The energy sector is a key target for cyber attacks
Introduction
The energy sector is one of the key infrastructure sectors and certainly a highlight of the IoT vision, for example, the SmartGrid. As such it’s a key target for attack since significant disruption of service has large economic effects (possibly strategic as well.) Unfortunately, it’s a very vulnerable sector since many of the existing systems are exploitable and it doesn’t seem that company executives are taking the problems seriously.
Complacency a key issue
Executive complacency is probably the key issue in IoT and specifically energy sector manufactures. With a startling 88% of companies lacking confidence that their shipping devices are configured appropriated for secure operation.
Critical infrastructure executives complacent about IoT security, study shows
Attack vectors
The energy sector is particularly vulnerable via many of the same vectors that other industrial control systems are with possible higher impact given the targets. These include:
- Unauthorized access and exploitation of Internet facing interfaces
- Exploitation of vulnerabilities in control system devices and software
- Malware infections control system networks
- SQL injection via exploitation of web application vulnerabilities
- Network scanning and probing
- Targeted spear-phishing campaigns (specialized phishing campaigns targeted at employees and known targets.)
- Strategic web site compromises
What needs to be done
Frankly, with complacency being a key issue, security needs to be taken more seriously. In fact, in a previous post, I point to a well written paper from AT&T that discusses this. A security-first approach is needed for every project, regardless of size. Here’s another set of articles I’ve written that covers a four step process for security assurance in IoT devices and by extension connected devices in the Energy sector:
A Four-Step Guide to Security Assurance for IoT Devices
A Four-Step Guide to Security Assurance for IoT Devices
AT&T: Security is first and foremost a people issue.
Although this white paper is not IoT-focused it’s comprehensive and well thought out. In particular is the emphasis on making security a top priority from top down in an organization. I like this quote “Here’s part of the problem: Too often security remains one step removed from the officers and directors of the company. Security is seen as a technology issue. But security is first and foremost a people issue.” In fact, security is often foisted to software development teams as in “fix the security, or else.” The recommendations here are excellent and apply to all industries: Make sure security is the CEO’s responsibility, adopt a risk driven approach, appoint someone to champion security (and give them authority), and get outside help.