Categories Security

Securing Your Network in an Internet of Things (Part 1)

If you would like to read the next part in this article series please go to Securing Your Network in an Internet of Things (Part 2).

Some IT professionals may make the mistake of dismissing all the talk about IoT as something that just pertains to consumers. After all, much of the hype centers around the phenomenon of connected washers and dryers and toasters and “smart” refrigerators. The real story, however, is much broader than that. IoT will encompass “things” of all types across both personal and business worlds.

The scope of IoT

Some people look at the Internet of Things as a futuristic vision of what the world will someday be, but in fact that future is already here, and has been creeping up on us for quite some time. Just look around and you’ll see a plethora of devices connected to the Internet that don’t fit the category of traditional computing device (that is, desktops, laptops, tablets and smart phones).

Many homes and office buildings use IP surveillance cameras as part of their physical security strategies. Many electrical and natural gas meters in both residential and business environments are now connected to the Internet to allow for easy monitoring of energy usage, and thermostats are likewise Internet-connected so they can be controlled remotely.

Lighting systems are Internet-enabled, making it possible to turn lights on and off from any location to save energy or simulate occupancy to thwart burglars. Even door locks can be connected to the Internet so that if you forget to lock them when you leave, you can just get online and do it with an app instead of having to turn around and drive back to the house or office.

According to reports from research company IDC, they’re predicting that by 2020 there will be more than 28 billion IoT devices on the Internet, and Gartner predicted almost 5 billion by the end of this year (this does not include traditional computer devices). Those are staggering numbers, and the possibility of that many devices all globally connected and sharing information with one another carries with it some pretty staggering security implications, as well.

IoT goes hand-in-hand with another of 2015’s predicted top trends, that of Big Data and Big Data Analytics. It makes sense, because these billions of Internet-connected “things” are going to generate enormous amounts of data, both structured and unstructured. In order to fully take advantage of IoT, we will need to have new and more efficient ways to compile, filter, sort through, analyze and utilize all of that information.

Benefits of an Internet of Things

Before we delve into the many challenges on the security front that IoT is sure to bring, we should talk a little about the benefits of connecting this diversity of devices to the Internet. An Internet of things, like so much of the technology on which it’s built, will make our lives easier in many ways. The convenience and time-saving aspects of the IoT will allow us to get more done, more efficiently. More connected devices will enable more tedious tasks to be automated so that we can concentrate our energies on more complex and/or more pleasurable tasks.

One area in which IoT has a vast amount of potential (some of which is already being realized) is in the field of medicine and health care. Medical devices are increasingly utilizing Internet connectivity, with pacemakers and other implanted monitors sending patients’ physical data back to their doctors, monitoring equipment in ambulances can transmit vital information to hospitals so ER personnel already have it on hand when the patient arrives, and we even have bathroom scales reporting patients’ weight to apps that can integrate the information with other health-related data. Surgeons can perform operations over the Internet, using remotely controlled robotic systems.

We are just beginning to fully enter the era of connected cars, although for quite some time now vehicles have been able to report their statuses through services such as OnStar, providing owners with regular updates on such diagnostic items as tire pressure, brakes, oil pressure, and so forth. Cars can also be locked and unlocked remotely, either by the service or by the car owner using an app on a smart phone.

According to Gartner’s predictions, by 2020 one out of every five automobiles on the road will have some sort of wireless Internet connection, making them one of the most important elements of the Internet of Things. At present in-vehicle wi-if connectivity is more commonly seen in high end luxury vehicles, but that’s changing. For businesses, this means it will be easier to manage their fleets of company vehicles as well as making it easier to keep track of those assets and the employees who use them.

The IoT will also enable the use of sensors to monitor weather events, water quality, atmospheric conditions, and infrastructure elements such as bridges, roads and railroad tracks, and public transportation systems as well as safety conditions in factories, plants and other workplaces. This could significantly reduce the incidence of occupational accidents and catastrophic events.

These are only a few of the ways in which the IoT has the potential to change the business world.

Is the business world ready for IoT?

Along with the benefits, a full-blown Internet of Things on the scale predicted by analysts will bring some hefty obstacles to be overcome. In order for all of these things to communicate on the Internet, each will need an IP address – but the IPv4 address space is already straining its limits. IPv4 only allows for 4.3 unique addresses, a number that the original founders of the Internet Protocol undoubtedly thought would be more than enough.

Of course, Network Address Translation (NAT) can be used to allow devices in a local network to share a public IP address, but this workaround only goes so far. Many of the “things” that will connect to the IoT of the future will be mobile and won’t be able to sit behind a NAT device. The implementation of IPv6 will be an essential element in enabling a growing IoT. In fact, IoT may turn out to be the motivation that’s needed to finally convince businesses to move from IPv4 to IPv6, something that has happened more slowly than expected because there just wasn’t a good enough reason to invest the time, trouble and money that the transition would require.

In contemplating an Internet of Things where most of our home and business processes are running on machines with embedded electronics that connect them to the Internet, it’s inevitable that question arise over the dependency that will bring. What happens if and when the Internet goes down? We’ve already seen the results of that dependency on smaller scales, with retailers that are unable to process payments (and thus can’t conduct business) when their networked cash registers go offline. In a true IoT, the ramifications of an outage could be much more serious.

The security question

An Internet outage could be caused by weather, failed hardware or a number of other things, but the most worrisome possibility is the damage that a skilled hacker (or perhaps a state-sponsored group of hackers) could do to an IoT, along with the many ways a targeted attack could wreak havoc on individual embedded systems within the IoT. The risks that are involved in having it all – all of our business machines, our household appliances, our means of getting from one place to another, even the vital medical equipment that can keep us alive – all connected to the Internet are pretty obvious.

Unfortunately, the security issues surrounding IoT – some of which most likely won’t emerge until we reach greater saturation – are something that companies don’t seem to be well prepared to deal with. As I mentioned in a recent blog post, though, a recent report from Tripwire shows us that employees are connecting their IoT devices to their corporate networks whether or not the IT department approves, or even knows about it.

In fact, the Tripwire study includes a great deal of pertinent information to which companies should be paying attention so as not to be caught unaware as the IoT encroaches on the business world. We’re going to take a closer look at all of that information in the second half of this article.

Summary

The Internet of Things is upon us, and it’s growing fast. If we don’t get it right the first time, if we let it “just grow that way,” we might wake up one day and discover that we’ve created a monster. In Part 2 of this article, we’ll look at the current state of preparedness for the coming IoT explosion and discuss how your organization can get ready for the onslaught of Internet-connected things that are poised to invade your network.

If you would like to read the next part in this article series please go to Securing Your Network in an Internet of Things (Part 2).

Deb Shinder

Debra Littlejohn Shinder is a technology and security analyst and author specializing in identity, security and cybercrime, utilizing her past experience as a police officer and police academy/criminal justice instructor. She has written numerous books and articles for web and print publications and has been awarded the Microsoft MVP designation for fourteen years in a row.

Share
Published by
Deb Shinder

Recent Posts

Microsoft Teams guest access: How to enable and manage it

Two of the main factors that affect the total cost of an organization’s Microsoft 365…

14 hours ago

Samsung Galaxy Unpacked 2020: Everything you need to know

Samsung rolled out the all-new Galaxy Z Fold 2, Note 20, Note 20 Ultra handsets…

17 hours ago

SAN vs. NAS: Detailed comparison of these two storage technologies

SAN and NAS provide dedicated storage for a group of users using completely different approaches…

20 hours ago

Generation 1 virtual machines: Modernize them and bring them up to date

In many companies, Generation 1 virtual machines have been superseded by Gen 2 VMs. But…

2 days ago

Free VPNs from Hong Kong with ‘no-log policy’ experience data leak

With these free VPNs based in Hong Kong, you may not be paying any money…

2 days ago

Azure DevOps tips and tricks: Using built-in features

These Azure DevOps tips and tricks come fresh from the field where they have been…

2 days ago