Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cloud
    • Cloud
    • Cybersecurity
    • Mobile

    Internet of Things Presents Host of Security Challenges

    Written by

    Jeff Burt
    Published May 8, 2014
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      CAMBRIDGE, Mass.—Emil Sturniolo doesn’t want to see the burgeoning Internet of things go the same way the Internet did almost 30 years ago, at least not when it comes to security.

      It was the late 1980s when concerns were being raised about security around the then-nascent Internet, but most people involved with its development were more enamored with the potential the Internet offered to enable people to collaborate and conduct business. The issue of security was pushed to the side, said Sturniolo, managing partner with the InStep Group, a product development consulting firm.

      “What we did was [say], ‘Damn the torpedoes, full steam ahead,'” he said. “There was implicit trust that [people] would do the right thing. Now there are billions of devices connected [to the Internet], and now we’re trying to go back and fix the problems.”

      Many people who are looking at the Internet of things (IoT) are in the same way awed by the promises of efficiencies, business capabilities and data capture that having billions more connected devices will bring, and there doesn’t seem to be the necessary urgency about the security threat scenarios that can arise when so many systems are connected via the Web, Sturniolo said. If those concerns aren’t addressed early enough in the evolution of the IoT, it may be difficult to catch up later in the game, he said.

      Sturniolo was one of several speakers at the Security of Things Forum here May 7, an event sponsored by the IT security blog Security Ledger aimed at addressing the issue of security in the IoT age. The event featured several speakers and panel discussions that gave shape to the myriad issues surrounding the thought of having to secure all the connected devices expected to come online in the coming years.

      The forum laid bare the multitude of challenges facing security professionals, from the technological barriers to the reluctance of many businesses to spend money on security to the complacency many people have around protecting their data. There was little consensus on the best ways to solve the problems, or what the key problems are. However, there was agreement that steps need to be taken now, before the industry gets overwhelmed by the sheer number of devices and systems that become connected over the Internet.

      “The IoT … should raise the hackles on every neck, given our current” security situation, said Dan Geer, chief information security officer for venture capital firm In-Q-Tel.

      The Internet of things refers to the growing number of systems and devices—from automobiles and manufacturing systems to wearable devices, appliances, surveillance cameras, medical systems and televisions—that are being infused with intelligence and connected to the Internet. These systems will increasingly generate enormous amounts of data that organizations will be able to leverage for their business efforts, hospital staffs will be able to use in patient care and consumers will be able to see as they go through their fitness regimens.

      The growth in these connected devices will spike over the next several years, according to numbers accumulated by Cisco Systems. The number of connected systems will grow from 10 billion this year to 50 billion by 2020. What Cisco officials call the Internet of everything will generate $19 trillion in new revenues for businesses worldwide by 2020, and IDC analysts expect the IoT technology and services market to hit $8.9 trillion by the end of the decade.

      However, while it may prove a financial boon for businesses and meet consumers’ insatiable desire for more devices, the IoT also will increase the potential attack surface for hackers and other cyber-criminals. More devices online means more devices that need protecting, and IoT systems are not usually designed for cyber-security, said Marc Blackmer, product marketing manager for industry solutions at Cisco. The sophistication of cyber-criminals is increasing, and the data breaches that are becoming increasingly familiar will only continue.

      “This is not going to change,” Blackmer said. “It’s not going to go away. … As long as there’s money to be made, it’s going to happen.”

      Internet of Things Present Host of Security Challenges

      There is a litany of challenges in making the IoT secure, and each idea seems to lead to a new set of concerns, dilemmas and choices to be made, the speakers said.

      On the technical side, how can so many connected devices by protected? The idea of issuing standards and requirements on systems and their components was raised, but what may be acceptable in the United States may not be acceptable in Europe or Asia, Sturniolo said. It could be costly for businesses to develop a range of SKUs for various regions.

      Greer said that he believes a key problem are the billions of embedded systems that are deployed and run for years with little, if any, human intervention. As these systems become more intelligent and connected, the industry and businesses need to decide whether they should come with management interfaces that enable IT professionals to communicate with them—but which also would increase their exposure to attacks—or whether there should be no connected management capabilities, making it impossible to detect an issue with them until something goes wrong. Maybe such embedded systems should be designed with self-destruct capabilities after a certain amount of time, he said.

      To Mark Stanislav, security evangelist at Duo Security, the question of IoT security is really about traditional IT security.

      “Unless we can solve embedded software and network security, we solve IoT security,” Stanislav said. “These [parts] of IoT are what make IoT a thing.”

      Businesses also have choices to make. They tend to operate on cost-benefit models, where spending decisions often are made based on how much of a financial return can be made. Stacy Cannady of Cisco and the Trusted Computing Group said security professionals need to be able to make their cases in similar fashion if they’re going to influence business decisions.

      “If we want a seat at the table, we need to speak the same language everyone else is speaking,” Cannady said.

      Businesses are going to have to decide whether they will spend the money to make their infrastructures more secure or risk being attacked, the speakers said. Cisco’s Blackmer said too many businesses are being complacent about the dangers, figuring that since they haven’t been compromised, they’re safe.

      Consumers also have decisions to make, according to some of the speakers. Sturniolo said that the industry will not be able to secure every device all the time, so consumers and businesses need to decide what needs to be secured, and how much are they will to pay to have that security.

      “We need a paradigm shift in how we think about this,” he said. “It’s not, ‘What is secure?’ It’s, ‘How secure does it need to be?'”

      Cannady said consumers and enterprise buyers need to be more active in pushing system vendors about security. He likened it to buying a car. If a buyer tells the car dealer what make, size and color he wants the car to be, the dealer will talk to him in those terms.

      “If they don’t ask about cyber-security, they won’t get cyber-security,” he said.

      Cannady also said a problem is that devices now don’t have much security, so the industry is in a difficult position when talking about trying to secure the billions of new devices that will come in the next few years.

      “We have a very basic set of problems to solve on a very large scale,” he said.

      Jeff Burt
      Jeff Burt
      Jeffrey Burt has been with eWEEK since 2000, covering an array of areas that includes servers, networking, PCs, processors, converged infrastructure, unified communications and the Internet of things.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×