Managing IoT Security
On October 21, 2016, a cyber attack was unleashed on the Internet that nearly brought the web to its knees. The attack sought to disable the Internet’s DNS system, which translates domain names, such as babson.edu, into network addresses, such as 188.8.131.52. Without a way of doing this translation, a browser is all but useless. An attack on the DNS system is unusual in itself, but what was truly unusual about this cyberattack, known as the Dyn attack, is that it employed a large botnet of Internet-connected (IoT) devices that had been infected by a virus. At the time of the attack, many people were unaware that some of the products they used, such as printers, baby monitors, televisions, and cars, had embedded computers that could be infected with a virus and directed by commands issued over the Internet. The Dyn attack was a wake-up call to anyone designing or using IoT devices that they needed to be concerned about IoT security.
The Risks of Poor IoT Security
Security vulnerabilities in IoT devices had been identified at Black Hat conferences as early as 2011. At the 2015 conference, hackers demonstrated they could control a Jeep Cherokee’s transmission system, brakes, air conditioning, radio, and wipers remotely, and that the driver of the vehicle was powerless to override their control. This vulnerability was also present in hundreds of thousands of Fiat Chrysler (FCA) cars having the feature called UConnect. It took almost a year for FCA to issue a patch that owners could download or have their dealership download to fix the vulnerability. Unfortunately, FCA was unable to push the patch to their cars, increasing the possibility that some owners would miss or ignore the announcement and continue to drive an insecure vehicle.
The possibility of hackers attacking the power grid, dam control systems, traffic control systems, and other elements of the national infrastructure have been demonstrated and are quite real. Their likelihood increases as companies and government agencies add Internet capabilities to their devices to make them more easily manageable. For example, in 2013, Iranian hackers obtained access to the control system for the Bowman Avenue Dam in Rye Brook, NY, a suburb of New York City. Had they used that access to open the dam’s sluice gates, it would have caused a major flood in the area. Medical systems, such as pacemakers and insulin pumps are also subject to hacking with disastrous results.
Loss of control is not the only security issue with IoT devices. Hackers can use compromised devices to steal data and violate the privacy of users without their knowledge. For example, a Genesis Toys doll called My Friend Cayla uses the web for speech recognition and can send conversations that children have with it to Genesis or, of course, to anyone who hacks into it. Wearable devices can divulge a great deal of personal information, such as location and health. Home energy monitoring devices can leave clues about when a house is unoccupied and what electrical devices a family uses.
Implications for Designers, Managers, and Users
Designers of IoT devices and their managers must understand and be able to quantify the risks of security weaknesses in their products. Adding a layer of security is not cost-free, so managers will need to make a business case for doing it. Awareness training is critical; otherwise, managers might skip this step in their analysis.
Product designers should not be developing security solutions from scratch because ad hoc security measures are easily thwarted by expert hackers. Fortunately, off-the-shelf security components are readily available for incorporation into end products. Designers should consider using hardened operating systems that have been developed specifically for use in IoT devices.
“Product designers should not be developing security solutions from scratch because ad hoc security measures are easily thwarted by expert hackers.”
Because IoT devices capture a large amount of data, data encryption is necessary, both in storage and in transit. To the extent possible, computing should be pushed to the edge to reduce the amount of data in transit. Digital certificates are required to ensure that IoT devices do not receive instructions from or send data to unauthorized devices or users. Standard protocols, such as HTTPS or AOSSL, can ensure secure communication among devices and between devices and servers.
Designers should assume that IoT software will need to be updated periodically to respond to security vulnerabilities that are discovered after the devices are put into service. Protocols that allow updates to be pushed to devices should be included in their initial rollout.
Ideally, companies should employ a third party to test and attempt to break their device’s security. If possible, they should also employ internal monitoring software to identify hacking attempts and report them to the user or vendor.
End users should be wary of purchasing devices that do not meet the design criteria mentioned above. But device security is only part of the implementation end users need to be concerned about. They also need to address the security of the network that connects the devices and the server or servers that manage them. In particular, they should remove any unused or factory-default accounts, close any ports and services that are not required for the operation of their device network, and implement security policies, procedures, and software similar to those implemented for non-IoT networks.
IoT can dramatically improve the experience of users with a company’s products, but Internet connectivity brings security risks. Companies that understand these risks and respond appropriately can ensure that their users’ outstanding experience with their digital products will not be marred by an unfortunate breach of security.