If you would like to read the next part in this article series please go to Embracing The Internet of Things as well as its Security Challenges (Part 2).
Microsoft will be releasing a version of Windows 10 OS at the end of July 2015, specifically designed for use with the Internet of Things. The exciting bit is that there are so many new things that we have not yet imagined. The challenge will be to secure them.
Just this week a leading car manufacturer recalled over 1.4 million vehicles because they could be hacked into and there was a threat that they could be commandeered remotely.
Introduction
The IoT; the introduction of products (devices or sensors) that can connect to the Internet and thereby communicate with us, others or other devices, enabling the broadcast of information from the world’s devices, processing and transferring data as previously may have been unfounded. These devices do not include smartphones, tablets and computers.
Microsoft have designed and specifically released a version of windows 10 crafted for devices that will form the basis of the Internet of Things. The platform is to run the new .Net Micro Framework, this is aimed at things that are a “sub Pre-installation Environment and in sub-class of device,” such as wearables, vehicles and communication devices.
This new class of OS is aimed at things that can’t run a full OS, but instead will be service-backed devices that leverage networks and online services, where counterpart apps for interacting with these devices may run on phones, tablets and PCs.
This merges into a whole new industry and security segment of sub-mobile devices, MDM is just a blip on the radar when IoT fully launches…
The Internet of Things (IoT) is merging the digital and physical environments. It’s the next evolution in technology. We are seeing use of IoT in our homes, our vehicles and throughout many industries and the potential benefits are great.
It is a relatively new technology trend and it is anticipated that by 2020 there will be at least 50 billion devices connected to the Internet. For some time already, there have been more devices connected to the Internet than people.
The new security concerns surrounding the Internet of things penetrates all subsists as the opportunities for the IoT expand and the IoT become more prevalent in our every day lives. Majority of us, often unaware that this is even occurring, but these devices and sensors are processing large amounts of data and have the ability to make changes to our physical environment, this is something that we must not underestimate, if we are to ensure security and safety.
We need to counter and understand the security risks; industries and consumers will want to acquire the endless opportunities obtainable through this technology and we will need to approach security differently to contend with the new security challenges that this presents.
Using our imagination the possibilities and benefits to the consumer are great, the potential risk posed can be just as big. The IoT works at the centre of many critical processes and if not secured properly the fallout will be severe and may affect our health, our homes and businesses. We cannot afford to compromise on security when it comes IoT.
Benefits of the Internet of things include:
- Tracking behaviour for real-time marketing
- Improved environmental and situational understanding
- Sensor-driven decision analytics (advanced decision making)
- Process optimisation
- Optimised resource consumption
- Instantaneous control and response in multifaceted autonomous systems
The security challenge
All parties are concerned for the challenges that come with this growing technology, those manufacturing the devices, the businesses and consumers utilising them as well as the IT professionals whose responsibility it is to manage them.
The security challenges don’t really change, they just take a different application. The pillars of security will still stand and be counted, Confidentiality, Integrity and Availability.
Multitudes of devices are being connected to public and private networks globally and with each connection an additional potential entry point and potential security concern is introduced, this endpoint could be used maliciously in the future. These devices have the potential for connecting to and allowing access into many consumers and business networks if not secured properly. Network security alone will not suffice.
To add to the security complexity each device has a different functionality, varying capabilities and different vendors, differing types of data and amounts of data they process and differing potential security risk that each inadvertently impose. The challenge of keeping up with and supporting the infinite numbers of devices and their potential vulnerabilities is alarming.
Another challenge is the lack of standardisation in this area so each manufacturer may be taking a different approach to securing their devices.
The IoT has multiple layers to address. The devices themselves are vulnerable as well as the platforms that support the devices. Many of the devices are built using open source resources and this in turn may be cause for further vulnerability and risk. The software utilised for IoT may be vulnerable to threat due to the code not being secure enough. Further to this, vulnerabilities can be found in the device function, how and where the device is used.
The resulting merger of operational technology with information technology brings about joint security and safety challenges, safety challenges that were not prevalent before.
Previous to the IoT, systems were considered isolated and thus secure however the IoT presents the ability for devices to communicate outside of these secure boundaries.
With many of these devices communicating very important information or enabling life-changing functionalities, getting the security wrong is a big cause for concern. This technology functions to change our physical environment and if compromised can have detrimental repercussions.
A one-size fits all approach does not suffice to safeguard the security of such connected devices. So how do we secure the IoT? We need to change the way in which we approach security or develop the approach to effectively secure the IoT.
We need to counter the potential risk to personal safety, compromised privacy and security, the facilitation of attacks on other systems, enabling of unauthorised access and exploitation of personal information, all within very challenging environments and under varying and challenging scenarios.
The industries developing the devices that will utilise the IoT as well as the consumer of the technology should be acknowledgeable of the steps they can take at various levels to ensure security is implemented correctly.
The IoT technology will continue to evolve so it is important to choose an approach to security whereby you get the fundamentals right. Consumers need to gain confidence in the technology and the best way to initiate this is through a solid product built on secure foundation and principles running a secure operating system.
Conclusion
By 2017 it is anticipated that more than 20% of businesses will be offering services specifically to address the security of IoT market.
Microsoft is positioned to take advantage of this expanding market too. Microsoft will be releasing a Windows 10 OS specifically designed for running on IoT devices (sensor, development boards, gateways and embedded devices).
A secure OS is a fundamental attribute. Windows 10 OS for the IoT comprises capabilities specifically for managing the security and privacy risks and challenges of the IoT. Focuses such as medical devices, robotics and smart machine applications have been alluded to. We will look at the security attributes of the Windows OS IoT in further detail in the article to follow.
There is no avoiding it, the IoT is expanding and will be inevitable and vast for both business and consumer alike. We need to embrace this new technology but also address the challenges intelligently. Look out for Part two of this article where we will consider the manufacturer and administrators approach to security of IoT.
If you would like to read the next part in this article series please go to Embracing The Internet of Things as well as its Security Challenges (Part 2).
