Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

The Internet of Things brings far-reaching security threats

Kenneth Corbin | Aug. 11, 2014
Bringing new devices online at home and in the enterprise raises a host of security concerns that will require a more hands-on CIO and an organisational rethinking.

internet of things

Security pros routinely cite poor cyber hygiene as one of their top concerns. But if they're lying awake at night worried about lazy passwords and software updates going ignored, just think of the headaches that will come once thermostats, pacemakers and just about everything else comes online.

When Randy Garrett contemplates the Internet of Things, he sees a colossal security challenge.

Garrett, a program manager at the Defense Advanced Research Projects Agency (DARPA), worries that, in the exuberance to embed sensors in a galaxy of devices and bring them onto the network, backers of the Internet of Things will unwittingly create a virtually limitless set of new threat vectors.

"This is where I think, frankly, we're already in trouble," Garrett said Wednesday at a conference on the Internet of Things. "You might not want to expose those to the big Internet."

He points to an array of security concerns that could arise in a thoroughly networked world. Chief among them is that as uneven or just plain bad as the habits of PC users may be  many people are at least aware that the threats are out there and will often exercise some restraint in not clicking on spam links or avoid setting their password to "password."

Will Ability to Gather Data Trump Security Concerns?
Put another way, people recognize that there are malicious actors out there working to infiltrate their computers and swipe their personal information. But who thinks about their toaster in those terms?

It's not an idle concern. Recall the massive data breach Target sustained last year, exposing millions of the retailer's customers' information, forcing the Target CIO to step down and causing untold damage to the company brand.

The reported culprit? An entry point to the company's most sensitive data assets gained from a contractor who worked on Target's heating and air conditioning systems. "Who thought it was a good idea to connect that to the Internet?" Garrett asks.

Garrett's security concerns notwithstanding, there are strong arguments in favor of networking objects so they can be deployed more efficiently and monitored remotely.

Boosters of the Internet of Things can make a long list of areas where operations and safety could be improved by a networked set of smart devices. Household appliances could modulate their power consumption to avoid peak load times. Sensors placed along railroad lines could relay temperature data that could help preempt track failures. The same could be done for bridges, tunnels and other pieces of the nation's fraying infrastructure.

A pilot project in Rockville, Md., for example, placed 14 sensors into an apartment building that monitor for smoke, heat, carbon monoxide and other potential danger signs, relaying them to a cloud service that dispatches emergency responders if a problem is observed.


1  2  Next Page 

Sign up for Computerworld eNewsletters.