How to Fix the Many IoT Security Gaps That Nobody Is Thinking About

NEWS ANALYSIS: Nobody knows for sure how many things are connected to the Internet in various ways, but we do know there are a lot of them and most are unsecured.

IoT Security 2

It's impossible to state accurately just how many devices are connected to the Internet. For one thing, the number changes by the minute as connections grow. For another, many if not most of those devices work quietly in the shadows simply doing their jobs and not attracting attention.

On my three-hour drive from my office near Washington to another office quietly nestled near the James River in central Virginia, I tried to keep track of just how many of those connected things I found along US Route 29, the primary highway in that area.

I was able to spot a few of them, but I know I missed thousands of connected things, either because they're not readily visible or more likely because I was dodging crazed drivers. But I was able to see some of them, even if I gave up counting.

What were those things? Everything from sensors along the Norfolk Southern railway line that parallels the highway to traffic sensors embedded in the pavement.

There were water-level sensors near the stream beds next to bridges I passed over, monitoring devices on pipelines and agricultural equipment, and sensors in Virginia's wineries that lie quietly in those mountain valleys a distance from the highway. And, of course, they were in gas stations and stores, on tractor trailers and in shipping containers.

As my colleague Todd Weiss pointed out in his story, many such devices communicate via satellite, while others use everything from wireless networks to Bluetooth and WiFi. In a vast percentage of these devices, there is no security.

In fact, many of the sensors—such as those that measure water levels or count rail cars—have been in place for decades, their only communication being an occasional burst of radio communications to an unseen server.

Nobody really knows for sure how many such Internet of things (IoT) devices are connected and communicating at any given time. Estimates by Cisco suggest that the total in 2015 may reach over 10 billion. By 2016, some estimates suggest that there may be more connected devices than there are people on Earth. Only a few high-profile devices have any security at all.

Those high-profile devices, including some Chrysler Jeeps that have been famously taken over by hackers, are getting attention because the results are so dramatic. Others, because the potential for harm is obvious, such as with point-of-sale devices, are starting to see some attention. But for most of the other devices, it's business as usual.

In many cases, security is probably not necessary. After all, there's not much point in hacking a connected rain gauge, since rain isn't a big secret. But what about other devices such as pipeline sensors? Those are devices that monitor the flow of whatever is being carried in the pipeline.

Wayne Rash

Wayne Rash

Wayne Rash is a freelance writer and editor with a 35 year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He covers Washington and...