Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Subscribe
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Subscribe
    Home Applications
    • Applications
    • Cloud
    • Cybersecurity
    • Innovation

    CyberFest Conference Looks at Road Ahead for IoT Security

    Written by

    Chris Preimesberger
    Published October 3, 2014
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      SAN DIEGO—If you think cyber-security is a problem now, wait until the Internet of things becomes routine in our daily lives.

      Cyber-crooks are now hacking into the Targets, Home Depots and UPSes of the world almost with impunity, stealing customers’ credit card numbers, PINs, corporate sales information and anything else of value they can get their hands on. But service providers aren’t waiting for the day when a hacker decides to turn off someone’s heart pacemaker, cut off the power or heating in someone’s home in the dead of winter, or render a car unstartable.

      It is true that all the technology is available to do these things today. So what is the government, the enterprise and the IT community going to do to circumvent these types of events before bad guys gain inordinate control over everything connected?

      Mix of Government, Enterprise and IT Pros at Event

      These were just some of the topics at a new community/industry/government partnership event called CyberFest 2014, held at what used to be the Point Loma Naval Base here. The event, co-sponsored by San Diego’s Securing Our eCity Foundation and security software startup CyberUnited, attracted about 300 invited participants from government, enterprise, IT, retail, utilities and other sectors.

      Topic areas included “Is the IoT All Hype?,” “The War on Personal Privacy,” “Hacking the Human,” “Infrastructure of IoT: Beyond Availability and Scalability,” “Preparing the IoT Workforce” and “The Future of the Internet.”

      I moderated a panel discussion on “NextGen of Innovation: Riding the Pipeline of IoT.” Participants were Tom Caldwell, president of CyberFlow Analytics; Bob Quinn, CIO of Palo Alto Networks: Lamont Orange, chief information security officer at Websense; and Kris Virtue, director of Information Security Architecture and Risk Management at Qualcomm.

      We tackled several questions, the first of which involved identity management—the initial step in keeping track of all things connected so that they can be accounted for and secured. This can involve any connected object as large as a major corporation or government database all the way down to something as minuscule as a connected soap dish.

      Interesting Use Case: Connected Soap Dish

      True use case: Cloud service-connected soap dishes are now being used in some hospitals to record how often they are being used by health care workers—who is using them, how often and at what times of day—to satisfy increasingly strict regulations.

      The service identifies workers as they come through the door into the scrub room or bathroom and connects them with use of the soap dish. An audit trail detailing how many times the worker used the soap is then connected to the worker’s employee record. Recent reports of increased spread of germs in hospitals have necessitated this use of the IoT.

      “We need to track the behavior of things,” Caldwell of CyberFlow said. “For instance, let’s take fraud. We get tracked with our credit cards. When you change your behavior of where you charge things, they catch it and keep your credit card from being charged. So in the Internet of things, everything needs a digital ID. It can’t be an IP address because that will get reassigned from location to location.

      “What keeps me up at nights is the lack of consistent IDs of things that really don’t have identities.”

      CyberFest Conference Looks at Road Ahead for IoT Security

      In the IoT future, every sensor, every videocam, every connected soap dish will have an IoT name, and it might not be a number.

      One of the misconceptions a lot of enterprises have is that innovation inside an enterprise can often be dangerous for security reasons, that innovations should stay behind walled systems and that security professionals only should be charged with handling the security of systems. This clashes with the common conception that “innovation happens elsewhere,” and that enterprises and service providers need to be constantly aware of new ideas coming to the fore in the open-source community, for one example.

      “It’s been said that as innovation comes across a number of different industries, security professionals need to step in front of it and quash it. That’s hopeless. Innovation is going to happen. It’s just too compelling, too alluring to people,” Quinn of Palo Alto Networks said. “In reality, what the industry and the providers need to do is not going to keep up with innovation and the technology. It’s always a catch-up game.”

      Major Data Breaches Will Continue to Bring Attention

      We are going to continue to see events that will bring widespread attention to this, Quinn said.

      “I would hope these events involve only a connected soap dish. But often it’s the very organized, sophisticated, well-funded nation-state groups who are after the infrastructure and disrupting the economy of the United States,” Quinn said. “That’s what keeps me up at night.

      “They are very innovative in what they are doing. They don’t just target specific things, but they target something laterally. We call it a kill chain; attackers do recon [reconnaissance] to find something that is weak, weaponize or install something there, become invisible there, and then start to move laterally to other places on the network. In this paradigm, the network is the cloud. Ultimately, they get to where they want; they get into the data center, they get credit cards or whatever,” Quinn said.

      Achilles’ Heel for Enterprises: Red Security Tape

      An Achilles’ heel that security companies and IT administrators have that attackers do not is that attackers are not subject to the rules, regulations and paperwork that slow down security professionals in getting updates to systems in place, Orange of Websense said.

      “Also, in running a global information security program, the other component is ‘context-aware.’ We’re so focused on the user-centric context that we are forgetting about applications that can invoke other things,” Orange said. “Or systems that invoke applications that invoke other modules that will allow us to become vulnerable. And we don’t see it at this particular point in time.

      “A lot of our systems are geared toward this anomaly, this 20 percent noise factor that goes up, and then you pay attention. With the onslaught of the Internet of things, we’re going to get increased data, no increased resources, no increased budget, but we still are going to have to answer that question, ‘Are we secure?'” Orange said.

      Virtue of Qualcomm pointed out that in a machine or human invoking any service on the Internet, or for a machine to invoke another type of connection with a human or other machine, “the system isn’t just one provider. It’s going to be 10, 12, however many different pieces in a chain that forms whatever service I’m consuming.”

      Back-End APIs Need Strengthening

      “Those all need to interact with some kind of trust model, otherwise there are points of exposure.” Virtue said. “There are protocols that exist for back-end APIs [application programming interfaces]. That stuff still needs some work; we need to build standards and protocols around how to share that [data] in a secure and trustworthy manner. This is going to be crucial to fostering innovation, so people can build things, trust it, and they won’t have to all go off and build it themselves.

      “Some people will get it right; a lot of them will probably get it wrong—like generating your own cryptographic algorithms. If you’re doing that, you’re probably doing something wrong. You need to use something that’s tried and true, otherwise there’s too much risk.”

      eWEEK will revisit the content from this panel discussion and follow up with subsequent articles.

      Chris Preimesberger
      Chris Preimesberger
      https://www.eweek.com/author/cpreimesberger/
      Chris J. Preimesberger is Editor Emeritus of eWEEK. In his 16 years and more than 5,000 articles at eWEEK, he distinguished himself in reporting and analysis of the business use of new-gen IT in a variety of sectors, including cloud computing, data center systems, storage, edge systems, security and others. In February 2017 and September 2018, Chris was named among the 250 most influential business journalists in the world (https://richtopia.com/inspirational-people/top-250-business-journalists/) by Richtopia, a UK research firm that used analytics to compile the ranking. He has won several national and regional awards for his work, including a 2011 Folio Award for a profile (https://www.eweek.com/cloud/marc-benioff-trend-seer-and-business-socialist/) of Salesforce founder/CEO Marc Benioff--the only time he has entered the competition. Previously, Chris was a founding editor of both IT Manager's Journal and DevX.com and was managing editor of Software Development magazine. He has been a stringer for the Associated Press since 1983 and resides in Silicon Valley.
      Linkedin Twitter

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.