18.04.17
IoT and cyber security: tomorrow’s threats today
Source: PSE Apr/May 17
Kamal Bechkoum, professor of computing and head of the Business and Computing School at the University of Gloucestershire, discusses the benefits and challenges of the Internet of Things (IoT) for businesses.
The IoT is a phenomenon regarded by many analysts as one of the principal emerging industries of the new millennium. A growing number of devices and appliances are connected to a network, and to each other, to provide additional, enhanced features. Examples of such devices include smart appliances, smart energy meters, wearable devices, connected cars and smart healthcare devices. Kevin Ashton first coined the phrase in his paper that appeared in the RFID Journal, 22 July 1999, in which he said:
“If we had computers that knew everything there was to know about things — using data they gathered without any help from us — we would be able to track and count everything, and greatly reduce waste, loss and cost. We would know when things needed replacing, repairing or recalling, and whether they were fresh or past their best. The IoT has the potential to change the world, just as the internet did. Maybe even more so.”
We are beginning to see some of this potential being realised and the number of connected devices is growing fast. Cisco predicts that 50 billion new devices will be connected to the internet by 2020. IoT connected cars are able to monitor and adapt to both internal performance quality and external environment, allowing modern cars to provide a new level of safety that was before unattainable. IoT connected factories, homes, and cities allow users to have control over their environment with voice control hubs, smart energy control, intelligent transportation systems and smart factories, to mention but a few.
It is therefore no surprise that the 2016 market value of IoT companies and technologies was estimated at $17.86bn and predicted to rise to $30.73bn by 2020. In fact, Gartner predicts that the economic added value of the IoT will reach $1.9tn by the same year.
The IoT is set to make the internet more immersive and pervasive, as well as allowing certain applications to have access to the potentially enormous amounts of data these IoT devices will be using. IDC puts the amount of data that these devices will be producing, manipulating and storing to something in the region of 44 Zettabytes. To put this amount into perspective, the total digital storage of all human speech ever spoken is estimated at 42 Zettabytes.
This new way of living offers great benefits to organisations and individuals, but comes with a few challenges. First, traditional techniques and technologies for data processing and analysis will not cope. A great deal of research is being carried out on using advanced techniques, such as Machine Learning, to make sense of all the data generated by IoT devices.
Security and privacy challenge
The major challenge of the IoT, however, is security and privacy. As the market size increases, hackers have an expanded surface area that includes CCTV cameras, printers, domestic boilers, smart TVs and kettles, amongst other things. The varied nature of devices that are connected to the network poses a real security threat if not addressed properly.
A 2015 report by Juniper estimated that cybercrime would cost businesses $2tn a year by 2019. Part of the problem stems from the fact that users of devices aimed at the general public, as in the case of Smart Homes, are unlikely to have the technical skills or knowledge to enforce their own security. Instead they tend to rely on the security features provided with the device, which are often insufficient.
Many connected devices arrived quickly to market to meet a rising demand and are lacking even basic security features such as encryption of personal data or unique passwords. This lack of in-built security, coupled with the growing number of connected devices, provides a wide attack surface for cyber criminals to operate within. Because these devices are connected, it only takes one weak link (e.g. a CCTV camera) to provide access to the network of an entire home or business. On 22 October 2016, a DDOS (Distributed Denial Of Service) attack was launched in the US with the help of hacked IoT devices, such as CCTV.
To a degree, new techniques using artificial intelligence can help. An example of how such techniques are being used is MIT’s AI2 System. AI2 can detect 85% of attacks, which is roughly three times better than previous benchmarks. Reduction in the number of false positives is also improved by a factor of five. However, for businesses and individuals to enjoy all that the IoT offers, security is not something that we can delegate to the “other”. Security is the responsibility of everyone, the government, the whole of the business community, and the citizen is the first line of defence.