Security Issues on the Rise for Internet of Things
The influence of Internet of Things (IoT) in our day to day activities is set to increase with a projected 25 billion connected devices by 2020, according to Gartner. While Cisco believes that by 2020, 50 billion devices will be network-connected. Gartner also predicts that the automotive industry will show the highest growth rate in connected things as car-to-car communication and self-driving car technology begin to become commonplace. Smart devices and sensors will be found in our homes, our cars, our workplaces, in remote health sensing, and in self-driving cars. IoT has the potential to truly revolutionize how we interact with the world today. (O’Neill, Maire, 48) As the increase of IoT device is inevitable, the growing presence of cyber attacks will increase exponential as hackers exploit the new terrain, creating security and privacy issues. In 2014, BBC news talked about how security experts demonstrated how easy it was to hack a network connected light bulb and obtain the Wi-Fi username and password of the household. Attacks have also shown that an automobile with network connected entertainment system can be taken control of the steering wheel, accelerate on the gas, and press on the brakes. Imagine if the city of San Francisco was running on multiple network connected devices with minimum security, this would create severe consequences for terror attacks. These facts are evidences that all network connected devices in the future will cause serious issues if they are not secured properly with standard regulations and procedures by the National Institute of Standards and Technology. (NIST)
The IoT is an intriguing digital phenomenon in technology that creates many legal challenges as the world becomes more interconnected through the Internet. By creating a connected system, the IoT links a network of physical objects, like consumer devices, and enables these devices to communicate and exchange data. In the very near future, almost every consumer device, from cars to a coffee mug, may connect through the Internet. The IoT has incredible potential to better society by providing immense amounts of rich sensory data for analytics and other uses. Nevertheless, there are also many latent dangers that could manifest as the IoT proliferates, including privacy violations and security risks. (Tran, Ah, 263) As technology progress in the future, both cloud computing and IoT devices can help increase the efficiency of our everyday tasks. They both complement each other very well, where IoT generates massive amount of data and cloud computing is there to provide a way for the data to travel through different channels. IoT relies on cloud computing in order to monitor, communicate, and respond efficiently. This brings on the challenges in the security encryption, access control, firmware updates and provisioning in the field.
Another problem that arises is the the nature of IoT devices. The embedded devices themselves are often low cost, low power devices that are restricted in both memory and computing power, and adversaries will have physical access to the devices. (O’Neill, Maire, 48) Quantum-safe algorithms that provides public-key cryptography is an essential element in security application. However, in many cases quantum-safe algorithms are complex making them impractical and not optimal for low memory computing IoT devices.
As the technology of IoT advances, everyone needs to be educated and well informed on the issues of privacy and security. New IoT devices such as drones, and tracking devices are created with the intent of getting into the market the fastest to earn a profit. As an outcome, IoT devices were simply not engineered with data security in mind. (Peppet,Scott, 133) Although attention to such issues is on the rise, computer-security experts have known for years that small, sensor-based IoT devices are prone to security problems. (Peppet, Scott, 134) This creates a problem where IoT devices may not be patchable or easy to update. As a result, it can cause issues such as someone writing a malware and taking total control over the device.
While doing research on the security and privacy of IoT, I started to question if we will even care about data privacy in the future such as social security numbers and maiden name? Will we be comfortable showing data privacy in the open? Will there be another way to show proof that it’s really you? Maybe voice, gesture, biometric, signature? Will having multiple identity theft protection systems be impactful or more costly in the end?
While doing research using scholarly articles and journals, I also attended a talk on Tuesday called, “What is the Future of Cybersecurity,” at PARC, a Xerox company in Palo Alto.
“Security is part of the user experience, it is the key differentiator.”
Alissa Johnson, Xerox chief information security officer, stated that there are multiple entry point threats that will arise from all aspects of IT infrastructure and those that interact with it, both internally and externally. Such challenges Johnson mentioned were: cloud computing, external hacking, data leakage, cyber attacks, printer breaches, employee mistakes, employee owned devices, and disgruntled employees. There is no single magic security bullet that can easily fix all IoT securities. Instead we must be armed with multiple tools and protections to fight back. In most cases such as the recent Equifax cyber attack, they did not update their security to the latest patch as recommended. There are no excuses for simple basic cybersecurity etiquettes. Especially if the company is one of the largest consumer credit reporting agency.
“Security is a community effort.”
External partnerships are extremely crucial in the future where companies can come together and share internal security information. A partnership can creates an open source environment for the good guys. Hackers are already using this open source method to gain access to information on the dark web. Johnson also brought a good point that when people think of security, they think of it as an outer layer of protection. People should think of cyber security more like a house with many layers and foundations such as infrastructure security, application security, data security, and security process. The more layers there are, the harder it will be for the hackers to gain access.
Johnson also brought up the issue of usability and security. Say for an example, if the security password is too difficult for someone to use, they will tend to forget the password and get frustrated. If it’s too easy, it is prone to getting hacked. There needs to be a middle ground where it’s usable, but at the same time secure.
The increase amount IoT devices will grow within the years to come. It will not only revolutionize the way we interact, but also create efficiency and convenience for everyone. Advancement in technology will continue to grow and we must keep up the security with regulation and standards. The growing number of IoT is here to stay and in order to keep up, we must find smarter and more efficient ways to secure the IoT.
Bibliography
- O’Neill, Maire. “Insecurity by Design: Today’s IoT Device Security Problem.” Engineering, vol. 2, no. 1, 2016, pp. 48–49.
- Gubbi, Jayavardhana. “Internet of Things (IoT): A Vision, Architectural Elements, and Future Directions.” Http://Www.sciencedirect.com/, Elsevier B.V., 2013, www.sciencedirect.com/science/article/pii/S0167739X13000241.
- Tran, Alexander H.1. “The Internet of Things and Potential Remedies in Privacy Tort Law.” Columbia Journal of Law & Social Problems, vol. 50, no. 2, Winter2017, pp. 263–298. EBSCOhost, proxy.cca.edu/login?url=https://search-ebscohost-com.proxy.cca.edu/login.aspx?direct=true&db=ofs&AN=121512989&site=ehost-live.
- Peppet, Scott R. “Regulating the Internet of Things: First Steps Toward Managing Discrimination, Privacy, Security, and Consent.” Texas Law Review, vol. 93, no. 1, 2014, pp. 85.
- Wakefield, Jane. “Smart LED Light Bulbs Leak Wi-Fi Passwords.” BBC News, BBC, 2017, www.bbc.com/news/technology-28208905.
