Imagine a world where you walk up to the front door of your house or apartment, speak into your watch and the door unlocks. You walk inside, put your coat on the rack and walk into the kitchen and say “Ok Google, it’s a little cold in here, raise the temperature to 72 please, and put the kettle on and set the oven to 375.” At that same moment your wearable device uses your heartbeat along with skin-sensing technology to determine that you are tired and a little irritated, so it starts playing your favorite relaxing piano concerto on your wireless speakers, which play from any room in the house. A New Realty at Our Doorstep This isn’t an exercise in picturing some far-fetched sci-fi fantasy world, because all of that isn’t really that unbelievable. However, the Internet of Things (IoT) is pretty neat, and literally right around the corner. Vendors like UBI, Revlov, SmartThings and BioBeets are already developing all the necessary technology to make this fantasy a reality. Furthermore, Gartner estimates that by 2020, 26 billion units will be merrily chirping away at their pre-designed tasks, all the while collecting all sorts of interesting data about our lives. Physical and Virtual Worlds Merge So, what does this mean for the future of our privacy, not to mention physical security? Since Stuxnet, we have all become aware that the gap between the virtual and physical worlds has been bridged. Now, with the potential advent of the IoT, a whole list of security hypotheticals comes to the forefront of our imagination. Are the Consequences Fact or Fiction? The truth is we have already witnessed the negative consequences of the IoT revolution, specifically when devices such as refrigerators are encompassed into “Thingbot-nets” and utilized by hackers in order to send malicious email. A scene from “Homeland” comes to mind, where the Vice President’s pace maker’s de-activation code is procured by a tech savvy adversary, ultimately proving fatal. It is easy to imagine that once we connect all of our devices to the internet, they become more exposed to outside threats. The real question then becomes, how to secure them? Proactive Solution The SANS Institute hosted an Inaugural Securing the Internet of Things Summit back in October of last year and is currently offering a number of courses designed to prepare security professionals for what is being referred to as “the third wave of connectivity.” According to SANS, the security challenge can be broken up into two broad areas: 1.) Critical Infrastructure- power production/generation/distribution, manufacturing, transportation. 2.) Personal Infrastructure- personal medical devices, automobiles, home entertainment and device control. The primary objective of SANS research is to encourage security and risk professionals not to repeat the mistakes of the past, but instead outline a definitive call to action:
“The Internet of Things is still in its infancy and the security community has a chance to build in new approaches to security if we get started now. More secure embedded operating systems and application, more scalable approaches to continuous monitoring and threat mitigation and new ways of detecting and blocking active threats are evolving and can be tremendously effective.”One thing is for certain, privacy professionals as well as security & risk pros will have their work cut out for them. Not only do we need to worry about preventing unauthorized access/control over the soon to be billions of connected devices, but also over the sensitive data they collect. For more information on necessary technical shifts that will be required in the coming years, see Gartner’s recent analysis. Don’t forget to subscribe to nCrypted Cloud’s Newsletter!