The internet of things (IoT) is everywhere. It’s in our homes, cars, offices and most commonly around our wrists. It’s changing the way factories are run, how health care is delivered and how cities operate. With an estimated 5.5 million new “things” connected each day, and an expected 6.4 billion in circulation by the end of 2016, according to Gartner research, the IoT will increasingly become part of our lives. But with the IoT’s proliferation comes great responsibility. You cannot take the security of the rapidly expanding IoT ecosystem for granted. Even the smallest, most minimally connected device must have the appropriate safeguards built in throughout its lifecycle. It’s time to focus on IoT security at the point of design to securely manage devices from inception through implementation. “The potential of IoT devices and sensors is enormous,” says Mike Eftimakis, IoT Product Manager at ARM. “However, if we fail to ensure the security of each device, it’s very likely that the exploitation of unguarded vulnerabilities will stop progress, preventing us from ever fully realizing that vast potential.” Here are Eftimakis’s tips for implementing IoT security within products.
To some, the idea of an appliance or a car getting connected to the Internet is as strange as the idea of a phone without physical keys was back in the day. It holds the promise of a future still unimaginable to the common folk, but one with nearly unlimited potential. Unfortunately, it also holds unprecedented danger: danger that could go far beyond the risk of smartphones or computers getting hacked. Because although it is terrible, and inconvenient, when online accounts and sensitive data get pilfered, the effects are still predominantly in the digital world.
When the Internet of Things goes bad, the danger to human lives becomes even more real.
Industrial control systems (ICS) are just as critical to daily life yet cyber protections aren’t always built in, particularly when it comes to decades-old legacy systems. As a result, the need to maintain these older systems is critical. They also don’t have unique identification numbers to help manufacturers alert industrial organizations of new vulnerabilities or recommended upgrades. Without the ICS, operations in utilities and oil and gas would come to a halt, yet new research from RSA revealed energy organizations, alongside government, ranked lowest in cyber maturity, with only 18 percent of respondents classifying as developed or advantaged. Further, incident response (IR) capabilities were reported to be either “ad hoc” or “nonexistent.”.
Source: 3 Steps Towards Building Cyber Resilience Into Critical Infrastructure | Dark Reading
We are reaching a new critical shortage in the workforce. In addition to the health care sector’s impending lack of qualified nurses (and enough teachers to educate new ones) industry experts are sounding a similar alarm for cybersecurity experts.
Since the massive breach at Target in 2013, many other organizations have fallen prey to cybercriminals. The next year saw hacks into UPS, Goodwill, JP Morgan Chase, Sony, and others. Forrester Research predicted that 60% of brands would experience a breach of sensitive data in 2015. That estimate may have been conservative considering that last year, those organizations successfully targeted by cyberhackers included the FBI, Trump’s hotel chain, Experian, and Scottrade, among others.
Intel is trying to position itself as a major provider of microchips for various IoT devices. BI Intelligence projects that the global installed base of IoT devices will grow from 4.2 billion in 2015 to 24 billion in 2020. IoT devices have different requirements from traditional PC microchips, and Intel has been placing a greater emphasis on providing low-power chips at a low cost in the IoT space.
At the same time, changing demands are altering seemingly fundamental laws of chip development. The Semiconductor Industry Association (SIA) projects that transistor sizes will stop shrinking after 2021. With the shift to mobile, remote, and battery-operated devices, including those that are central to the IoT, low power consumption has become one of the main requirements for microchips.
This goal is in conflict with the traditional aim of scaling down the size of the chips to increase transistor density. The increase in IoT devices will raise the demand for greater power efficiency in chips, causing a major shift in microchip design for Intel and its competitors.
“The Internet of what? The internet of things is a term you may have heard a lot recently. It features heavily in discussions about our future – and, increasingly, our present. But what is it?
This is a simple guide to the term, the impact it’s set to have, and how it might change your life.”
Will Whenever the Internet of Things (IoT) is the subject, the discussion tends to veer off into topics of security and safety. When it’s the industrial IoT being talked about, the question of how to keep the company running enters the conversation, too. It all boils down to quality, and how it’s defined for software.
Source: InformationWeek Why Software Quality Standards Matter For Industrial IoT – InformationWeek
This has prompted the Information Commissioner’s Office (ICO) to reissue its wake-up callfrom 2014 to parents over the security of baby monitors. Two years on from the discovery of the Russian site, the ICO says parents still haven’t changed their behaviour, and it’s calling on them to take responsibility for the security of their devices.
The tech firms have concluded that any IoT system can be compromised unless a system-level root of trust is established through a combination of code signing, encryption and authentication.
The resulting Open Trust Protocol (OTrP) combines a secure architecture with trusted code management, using technologies proven in large-scale banking and sensitive data applications on mass-market devices such as smartphones and tablets.
The protocol set out standard practices for installing, updating and deleting applications, and to manage security configuration in a trusted execution environment (TEE).
Source: Computer Weekly Tech firms tackle IoT security with management protocol