 | Issue: | North America I 2016 |
| Article no.: | 6 | |
| Topic: | Securing the Internet of Things | |
| Author: | Chema Alonso | |
| Title: | CEO, Telefónica’s ElevenPaths & Telefónica’s Global Head of Security | |
| Organisation: | Telefónica | |
| PDF size: | 383KB |
About author
Chema Alonso, CEO, Telefónica’s ElevenPaths and Telefónica’s Global Head of Security.
Chema is focused on innovation in security products through proprietary developments and alliances with leading manufacturers and organisations in the industry. He previously ran Informática 64, a computer security and training company, for 14 years.
Chema Alonso holds a doctorate in Computer Security from Universidad Rey Juan Carlos in Madrid.
Article abstract
Security threats from the IoT are not so different than those in other environments. New security problems have not been created, just evolved from areas such as industrial security, distributed networks and information security. The threats from identity theft are still current today although they now extend to one’s own identification between devices.
Full Article
The Internet of Things (IoT) is undoubtedly changing the way we live and work. Ordinary objects are fundamentally changed when they are connected to the internet – altering and enhancing our every-day interactions with them. It’s not just a technological change, but also a quasi-philosophical change, since the object now has a digital footprint.
Although the IoT can be seen as a novelty, it is nothing more than a natural evolution that has finally received a catchy name – a brand that integrates the implications into a single, attractive term. Ever since the Internet first existed, devices have been connected to it. It’s just that devices are now smaller, more attractive, better connected and mobile.
There are infinite advantages on offer from the Internet of Things, but people need to move fast – that is the basis of Metcalfe’s Law. The Internet of Things is already unprecedented in terms of scope and scale, changing society and the way people interact with their surroundings, in myriad complex ways. How people implement, develop, and consume these devices is changing and it’s entirely fair to say we are nowhere near understanding the ramifications and unintended consequences of what we are doing today – let alone what will be introduced tomorrow and further into the future. Perhaps the most pressing issue is that of security.
The first mention of privacy and security needs to be raised the moment there is mass, normalised consumption. Let’s not commit the same mistakes of the past, waiting to the last possible moment to prioritise security and then crying it’s too late to modify certain “acquired habits”.
Security threats from the IoT are not so different than those in other environments. New security problems have not been created, just evolved from areas such as industrial security, distributed networks and information security. The threats from identity theft are still current today although they now extend to one’s own identification between devices.
Princeton University’s Centre for Information Technology Policy (CITP) recently highlighted why work still needed to be done in order to secure IoT smart home devices after vulnerabilities in devices such as Google’s Nest thermostat were found to be leaking data. This data can include user activity, behaviour, and the type of device being used.
With the Internet of Things, the application of existing standards, and the creation of new ones, has come up against a hectic pace of innovation. Here business needs to safeguard their intellectual property as they are making and selling things no-one else can.
The irony is that in order to reap the benefits of IoT devices and services, hardware and software needs to be open and interoperable. Security at the device, application and network layers is vital. But as the pace of adoption increases, so do levels of complexity, variety of implementation and the opportunity for malicious attack or inadvertent error.
The value of IoT networks is massive, making them significant targets for attackers motivated by greed or political cause. Yet, if IoT represents a difficult security task now, as the number of networks, operators, consumers and devices spirals, so does the risk of a successful breach.
Denial of Service (DDOS) threats for instance are activated via cloud computing; thousands of malware is being developed daily that infect all kinds of systems but the motivations of these threats remain the same – financial gain and ideology – they have only intensified and diversified. IoT merely represents a host of new opportunities to jeopardise the security of critical infrastructures through hacking, stealing or disrupting.
Part of the problem is scale; the sheer number of devices, networks, applications, platforms and actors creates a problem that will only grow in complexity as the infrastructure to support, serve and extract value from the IoT grows. The intentions of designers – who prioritise safety over security may also create a problem.
Security Issues due to design flaws were found this year in smart doorbells, connected camera’s, children’s toys, and a locator to help monitor children. A Fisher Price smart teddy bear toy that communicates over Wi-Fi was found to be poorly configured, leaving leeway for attackers to interrogate it to find out more about the bears’ owners, their family, and home network. Similarly the HereO GPS watch, designed to monitor children’s movements that emerged from a crowd-funding campaign in Indiegogo could let an attacker add themselves to a group of watches used by a family or other group.
Technology on which the IoT is being built is evolving to deal with the scale and diversity of devices (with new names on the scene like Zigbee or 6LoWPan) but we’re sure it’s just a matter of time before newly discovered vulnerabilities around these recent technologies will appear. IoT devices have limited resources by definition, but security shouldn’t be sacrificed. This is a challenge needing to be solved.
It’s therefore vital to act from the first moment, implementing devices where security is of the utmost importance. This is where the IoT will play a fundamental role. It’s not just about the privacy of our own data, or the security of our digital identities. In the next few years our lives will be surrounded by devices connected to the Internet that will digitalise every step we take, convert our daily activities into information, distribute any interaction throughout the network and interact with us according to this information. Never before has what we do in our physical lives been closer to the digital world. It is precisely the blurring of the line between the digital world and the real world that represents the changes introduced by the IoT.
Let’s understand the problem before it’s too late, and guarantee we are able to offer a complete protection plan, taking advantage of all the knowledge that has been developed for other scopes. Gartner puts the Internet of Things right at the Peak of Inflated Expectations on its Hype Cycle for Emerging Technologies1, suggesting we are some distance from stable and productive behaviours. We all have a lot to do. Because the IoT will be part of our daily lives we can’t afford to make the mistakes of the past, where an avalanche of new technology surpasses us. Let’s accept the challenge.
