What can the government, the enterprise and the IT community do together to circumvent data breaches before bad guys gain inordinate control over the Internet of things?
SAN DIEGO—If you think cyber-security is a problem now, wait until the Internet of things becomes routine in our daily lives.
Cyber-crooks are now hacking into the Targets, Home Depots and UPSes of the world almost with impunity, stealing customers' credit card numbers, PINs, corporate sales information and anything else of value they can get their hands on. But service providers aren't waiting for the day when a hacker decides to turn off someone's heart pacemaker, cut off the power or heating in someone's home in the dead of winter, or render a car unstartable.
It is true that all the technology is available to do these things today. So what is the government, the enterprise and the IT community going to do to circumvent these types of events before bad guys gain inordinate control over everything connected?
Mix of Government, Enterprise and IT Pros at Event
These were just some of the topics at a new community/industry/government partnership event called CyberFest 2014, held at what used to be the Point Loma Naval Base here. The event, co-sponsored by San Diego's Securing Our eCity Foundation
and security software startup CyberUnited
, attracted about 300 invited participants from government, enterprise, IT, retail, utilities and other sectors.
Topic areas included "Is the IoT All Hype?," "The War on Personal Privacy," "Hacking the Human," "Infrastructure of IoT: Beyond Availability and Scalability," "Preparing the IoT Workforce" and "The Future of the Internet."
I moderated a panel discussion on "NextGen of Innovation: Riding the Pipeline of IoT." Participants were Tom Caldwell, president of CyberFlow Analytics
; Bob Quinn, CIO of Palo Alto Networks
: Lamont Orange, chief information security officer at Websense
; and Kris Virtue, director of Information Security Architecture and Risk Management at Qualcomm
We tackled several questions, the first of which involved identity management—the initial step in keeping track of all things connected so that they can be accounted for and secured. This can involve any connected object as large as a major corporation or government database all the way down to something as minuscule as a connected soap dish.
Interesting Use Case: Connected Soap Dish
True use case: Cloud service-connected soap dishes are now being used in some hospitals to record how often they are being used by health care workers—who is using them, how often and at what times of day—to satisfy increasingly strict regulations.
The service identifies workers as they come through the door into the scrub room or bathroom and connects them with use of the soap dish. An audit trail detailing how many times the worker used the soap is then connected to the worker's employee record. Recent reports of increased spread of germs in hospitals have necessitated this use of the IoT.
"We need to track the behavior of things," Caldwell of CyberFlow said. "For instance, let's take fraud. We get tracked with our credit cards. When you change your behavior of where you charge things, they catch it and keep your credit card from being charged. So in the Internet of things, everything needs a digital ID. It can't be an IP address because that will get reassigned from location to location.
"What keeps me up at nights is the lack of consistent IDs of things that really don't have identities."