Cisco Systems officials have said that by 2020, there will be 50 billion devices connected to the Internet—from notebooks, tablets and smartphones to appliances, manufacturing systems and automobiles.
Having all these connected systems and devices—which will make up the Internet of things (IoT)—will change the way people communicate and live, but they also will offer new avenues for cyber-attackers looking to steal data or threaten businesses. The IoT space is expected to grow rapidly as tech vendors introduce new systems and devices—such as wearable offerings like smartwatches—while component makers like Intel and ARM continue to build increasingly smaller systems-on-a-chip (SoCs) to power those devices.
Meanwhile, companies like Cisco are helping to build the infrastructure that the IoT will run on. Some vendors, like Cisco and Intel, have created business units dedicated to the IoT.
Now Cisco officials are looking to encourage the information security community to turn its attention to the IoT. During the RSA security conference late last month, the networking giant kicked off a competition that will offer up to $300,000 in prize money to people who come up with the best IoT-related security solutions and approaches.
In a post on the company blog, Chris Young, senior vice president of Cisco’s Security Group, said the IoT will bring along its share of promises and challenges as its grows. It’s important that those systems and devices are kept safe.
“In the health care sector, it’s easy to imagine how Internet-connected devices and systems are revolutionizing patient care,” Young wrote in his Feb. 27 blog post. “In the transportation sector, technologists are already connecting vehicles and their subsystems to the Internet. It is also, unfortunately, too easy to imagine how these world-changing developments could go terribly wrong when attacked or corrupted by bad actors.”
Cisco’s Internet of Things Security Grand Challenge is designed to spur innovation around security solutions to guard against such bad actors, he wrote. A team of security experts will evaluate proposals sent in based on a range of criteria, such as feasibility, performance, ease of use, the ability to address multiple IoT segments—from manufacturing to transportation to smart grids—and the technical viability of the solution.
The panel of experts will select up to six winners, with each getting between $50,000 and $75,000. Interested parties have until June 17 to submit their proposal, and the winners will be announced in the fall at the Internet of Things Forum 2014.
IDC analysts expect the IoT market to hit $3.7 trillion by 2017, and Gartner analysts said the number of connected IoT devices—not including PCs, tablets and smartphones—will grow from 900 million in 2009 to 26 billion by 2020.
Security of such smart devices was a subject discussed during the RSA Conference late last month. During a panel discussion, security experts said that these devices were beginning to draw the attention of cyber-criminals, and that the devices were vulnerable because many of the consumer electronics vendors making them don’t have strong security development programs in place.
“I think there will be a lot more research and disclosures coming out that target these devices in the future,” Trail of Bits CEO Dan Guido said during the show. “Unfortunately, it is exactly those types of disclosures that will get abused, so definitely pay attention to the kinds of issues that become public.”
Cisco Sponsors $300,000 Internet of Things Security Challenge
The lack of security also is garnering greater scrutiny from the Federal Trade Commission (FTC). The agency in September 2013 settled a case with TrendNet over software flaws in its SecurView cameras, which consumers can use to keep tabs on their homes while they are somewhere else. According to the FTC, the SecurView devices included a software flaw that enables people to take video from cameras via the Internet.
Consumers have to become more aware of the security threats to their connected devices, which can include everything from a refrigerator to a thermostat to a light bulb, according to Dick O’Brien, senior information developer at security software vendor Symantec. In a post on the company’s blog, O’Brien outlined some of the growing threats, such as the Linux.Darlloz and Linux.Aidra worms, noting that the promise of the Internet of things also means security threats.
“Exciting new developments are in the offing,” he wrote. “A connected home could allow you to log on to your home network before you leave work in the evening to turn on your central heating and your oven. … Unfortunately, every new technological development usually comes with a new set of security threats. Most consumers are now very aware that their computer could be targeted with malware. There is also growing awareness that the new generation of smartphones are also vulnerable to attack. However, few people are aware of the threat to other devices.”