Ever wondered how effective your morning would be if your toothbrush could communicate with your fitness gear, refrigerator and may be your laptop, so everything could happen at a click of a button? This will soon become a reality.
Internet, 'network of networks' may very well be termed as one of mankind's finest inventions and 'Internet of Things' (IoT) could be pitted as the optimal enablement of this invention, owing to its scale and utility. The scenario outlined earlier will soon be real as the internet is becoming accessible at one's fingertips and over diverse devices. The ABI Research data states that there are more than 10 billion wirelessly connected devices in the market today; with over 30 billion devices expected by 2020. In fact, with millions of devices enabling internet connectivity, this network is not just expanding to reach more individuals, but it is likely to bring about a 360 degree change in the way we communicate and operate. As per Internet and Mobile Association of India (IAMAI) statistics, there are more than 205 million people connected to the internet in India.
Internet is visibly making every object or machine around us smarter, right from connected toothbrush, sports gear with embedded sensors and smart refrigerators. We will soon live in an ecosystem where these 'dumb devices' would acquire intelligence through an inbuilt OS enabling the devices to get connected with other paired/authorised devices. For example, consider a power controller at home enabled to communicate with the GPS device of a user's car. In the world of 'Internet of Things,' the GPS device triggers the power controller at home, to switch on lights and other important appliances whenever the car reaches a stipulated geological radius. Again, the power controller triggers devices at home which are connected to the internet, to schedule tasks as per triggers received. While the ecosystem is being enhanced for all the good reasons, the security aspect is getting immensely threatened because if the object is connected to the internet, hackers will find it, and if it has an OS they can hack it.
The dynamism of the IoT is one of its most challenging features as most of us in our day-to-day lives might come across many of these smart devices, yet be unaware of the consequences that might pop-up if they are not secured appropriately. More the connected devices, greater is the range of 'significant' security challenges across data privacy and physical security that have the potential to disrupt functionality of consumers and businesses in new ways.
How secure is it?
The benefits as well as associated risks around Internet of Things will affect organisations and governments to a great extent. For example, in today's BYOD enabled enterprises, while the device-to-device communication has become easier, the apps and services that the devices possess, have a potent security risk. More challenging perhaps is the potential for data aggregation across smart devices, internet-based services and existing data pools.
According to a recent whitepaper by Symantec, targeted attacks against the energy companies are increasing every year, with the intent of stealing intellectual property of new technologies created for this space. It was observed that modern energy systems are becoming more complex as the supervisory control and data acquisition or industrial control systems sit outside of traditional security walls. And as smart grid technology continues to gain momentum, more new energy systems will be connected to the Internet of Things, which opens up new security vulnerabilities related to having countless connected devices.
How will organisations be impacted?
In this era of 'Internet of Things,' what's changing is the range and scale of 'dumb devices' that are starting to get connected, especially in an organisational set up. Beyond intrusion and direct hacking, organisations are likely to encounter potential risks such as:
n IoT scenarios are dependent on networks of physical objects - from supply chain to building management applications, from smart parking to intelligent waste disposal. DDoS attacks could target all the end points of a particular use case, making the things inaccessible and breaking the use case they support
n With the advanced ability of getting connected with other paired devices, these smart devices could increasingly be turned to unplanned usage. Imagine if the processor in every plug socket became able to send spam, to generate costly SMS messages, or indeed participate in a DDoS attack
n Physical objects were generally not designed to be internet-connected, and therefore network security was not considered by design. So empowering these dumb devices to be able to connect to the internet might lead to weakening of perimeters.
n New devices entering into an organisation's ecosystem through employees might also bring inadvertent breaches into the system by acting as accidental gateways
Lessening the risks
Security risks in the world of connected devices have already been demonstrated against smart televisions, medical equipment, security cameras, routers, trash-cans, baby monitors and traffic systems. Yet most of us sitting in our living rooms, roaming in a market place, enjoying vacation might not realise the bane.
Essentially there needs to be a two- step approach to mitigate the security risks posed through connected devices. First, an embedded security software for in-device security can enable devices to filter and prevent proliferation of threats. Second, from a manufacturer's perspective, major software vendors should figure out how to notify customers and provide patches for vulnerabilities.
Without a doubt IoT will have a snowballing effect in the way technology is used in day-to-day business - enabling digital lifestyle and, at the same time, expanding fertile grounds for cyber-attacks. Therefore, the discussion is also drifting towards attention to security to lessen possible exploitation.
The need of the hour is to create a strong framework of policies and regulations to secure the internet-enabled infrastructure of government, organisation, household and even individuals.
Shantanu Ghosh
VP & MD, India Product Operations, Symantec Corporation
VP & MD, India Product Operations, Symantec Corporation