Cloud Platforms (178)
IoT security is challenging but only few companies are taking action. Businesses are experiencing a significant rise in cyber-attacks and malwares, compromising devices and their security. In order to tackle this, Microsoft has taken considerable action and developed an end-to-end IoT solution, which is called Microsoft Azure Sphere that can safeguard the IoT devices from evolving threats.
Introduction to IoT( Internet of Things) :
Reasons to protect IoT App Solutions:
Integrate security in the code:
Proper Authentication and Identification:
Secure Payment Transactions:
Secure the App from Backend:
Implement App Transport Security - ATS:
Deal with unknown Threats:
Some of the Consequences:
“We won't stop until we see every vehicle on the road being electric,” said Elon Musk, the person who works to revolutionize transportation both on earth and in space. “China is about to ban the internal combustion engine,” said a mining financier, Robert Friedland. Tesla Model 3 needs approximately 65 kilograms of copper per vehicle. Cities are now demanding zero-emission buses. Whether it’s electric cars, buses, trucks, solar energy or wind energy generation – as we transit to a sustainable world, we need more copper, nickel, cobalt, lithium, platinum, palladium, zinc and aluminum. That’s why, mining products will be in huge demand. Nevertheless, in the present world, these minerals and other mining products are already a backbone for most industries.
However, just because mining products are vital to run industries and build a low-carbon future, it doesn’t mean that the society should turn a blind eye to the damages caused due to mining operations.
Concerns from communities and governments regarding the environmental effects of digging up the earth to extract metals and minerals is battering the sector. Also, current investors have become restless and new investors are reluctant to finance mining activities as mining operations have not altered significantly since decades. This puts pressure on mine owners to bring a change in traditional mining practices. Such a situation drives many mine owners to bring data-driven practices into their routine mining operations.
Like most industries, the technology that disrupts the traditional ways of mining will be a significant driver of change in mining. The goal is to make mining more effective, sparing, energy intensive and environmental-friendly.
From decades, the mining industry has been deploying PLC and SCADA systems for monitoring and controlling. But these monitoring and control systems are generally proprietary systems and offer limited interoperability with other systems. This is where IoT-based systems prove to be advantageous. IoT-based systems are based on open and highly connected Internet Protocol (IP) network structure. Such open network architectures enable current mining operations to move toward the next generation of smart mining.
Let's look at how IoT implementation empowers mine owners with its ability to transform traditional mining practices and:
Say NO to carelessness
Since the advent of mining, fires and explosions are serious safety issues. Specifically, in coal mines, spontaneous coal seam combustion turns into a catastrophe mainly due to carelessness. Besides, in the biggest coal producer nation like China, approximately 25.1% of their main coal mines are extremely gaseous mines, which after burning could lead to a disaster. Also, the environment surrounding mines can be vulnerable during combustion as massive quantities of toxic gases, including CO2, CO, SO2 and H2S, are emitted when a mine catches fire. Therefore, prevention and protection from fires is important for secured mining production as well as the global environment.
The mechanism of spontaneous combustion of the coal seam is like a typical spontaneous combustion, which requires oxygen. Hence, measuring the concentration of O2 is the key. In addition to O2, other gas contents, such as CO, CO2, N2, CH4, C2H4, C2H6, Rn and so forth, can be evaluated to detect spontaneous coal combustion at the surveillance spot.
As shown in the image above, an IoT-based system continuously monitors the sensed values and displays them to remote users through a web dashboard. Besides, the system can send alerts to such users in the case of detecting abnormal values and it can activate mitigation devices (e.g., forced ventilation) to decrease gas concentrations smartly.
Say NO to waste of resources
There is an increasing demand of mining products, mining equipment and resources – such as conveyors, shearers, boring machines, hydraulic pump stations, hydraulic support stations, crushers, loaders, motor vehicles, water pumps and ventilation fans – to run mining operations continuously. Moreover, to increase profitability form the existing resources, mine owners need an effective and safe resource management platform that can bring resource wastage time to zero. In such situations, an IoT network can help mine owners or managers to know the locations of these expensive resources and its usage statistics. Further, the underground staff can also be monitored via an IoT network.
Dundee Precious Metals sets the best example for this. They have deployed nearly 280 wireless access points over 50 km (31 miles) of tunnels in their flagship gold mine placed in Chelopech, Bulgaria. The firm quadrupled production from 0.5 million to 2 million tons by using an IoT-based system to track miners and vehicles locations, monitor vehicles status and automate safety and maintenance operations.
An IoT-based system is not only helpful to mine owners but original equipment manufacturers (OEMs) as well. The open connectivity of IoT architecture enables OEMs to monitor their product performance in their lifetime, even after the product is sold. Such data can be used to initiate a new revenue stream and to improve product design as well.
Say NO to casualties
In the case of a calamity, miners are taught to escape from the mine first with handy self-rescue equipment and enter a refuge alternative when escaping is cut off. Refuge alternatives are designed to provide 96 hours of breathable air, food and water for underground staff. Although refuge alternatives are only planned for use in post-accident occurrences, so their functionality should be checked periodically to ensure that they are working as intended in an emergency. In addition, a system should be in place to signal the surface instantly when a refuge alternative is triggered after a calamity. One way to monitor a refuge alternative's feasibility status from the ground is to attach sensors, such as a magnetic switch sensor, air quality and temperature sensors to the door of a refuge alternative. These sensors detect the occupancy status, air quality and temperature to ensure that a refuge alternative always stays safe.
To sum up, whether you need to cut expenses, lessen downtime, increase productivity or reduce environmental footprint – an IoT-based system is the right choice.
Having a smart home is all well and good until you become a victim of data leakage.
This is not a discouragement against IoT implementation into your home, however. The Internet of Things market has been on the rise, and thanks to that, even our homes have become smarter. We don’t have to worry about doing our laundry, or making coffee manually anymore. With just a command we can do these things without having to move away from that comfy couch.
But over the last couple of years, some incidents have shown that the matter of smart homes might not be all it’s hyped up to be. Just like everything, IoT implementation in smart homes has a bright and a dark side, but it seems the dark side is more sinister than the bright one.
The combined research conducted by Northeastern University and Imperial College of London has shown how consumer devices are not to be trusted when dealing with client data. The researchers conducted 34,586 controlled experiments on 81 different IoT devices, 46 of which are from the US and 35 are from the UK, and this is what they found out-
- 72 out of these 81 devices are connecting to services that are not the first party. Which means they are connecting domains and addresses that have no business connecting to the device.
- The research showed that 56% of the US devices and 83.8% of the UK devices were connecting to domains that were not in their region.
- The safety of the data on an online connection depends on the level of encryption, but here’s the kicker- according to the research, all the tested devices have at least one plain-text flow, which means at least one data flow from all the devices is non-encrypted. Not to mention, any cyber-evesdroppers can analyze device traffic, encrypted or not, and figure out the user and device behavior.
But in any case, this is just research. What happens when a smart home management platform leaves a server with important user data exposed on the internet without any password or protection?
Around mid-June, the security team at vpnMentor, lead by security researchers Noam Rotem and Ran Locar, spotted a completely exposed server containing the customer details of 2 million users, including their usernames, passwords, and password reset codes.
The server in question belongs to a Chinese smart home management platform Orvibo. Their smart home management Smartmate helps users control every aspect of their smart home, from security to closing the curtains.
Not only a smart-home management system, but Orvibo also deals in self-manufactured smart home products such as smart light bulbs, HVAC systems, home entertainment systems, security cameras, smart power plugs, and many more.
The open server containing user information poses a huge threat to everyone who’s data has been exposed. Since the data breach being exposed, Orvibo has taken steps to secure the server. Even then, the data breach can have serious repercussions for the users. What are these repercussions though? Let’s find out what can happen to your data if it is leaked by your smart home device.
What will happen if your data is breached?
When hearing about IoT and data breach, the user can have two kinds of reactions.
One group would panic, and probably stop using all kinds of smart devices.
Another group would ask so what if their data is being breached? And this point is to answer the question for the latter group.
There is a reason why smart home security is something to be concerned about. The personal and sensitive data, the users enter in order to run the devices, can be manipulated in various ways, and each one would only harm the users.
So what are the ways hackers can manipulate the IoT devices and data that make your home smart?
1. Manipulating The Devices
The first thing you might do after getting a smart device for your home is to configure its username and password.
However, this is not a widespread practice. Most people often end up using the same default username and password the device came with, which means that it’s going to be super easy for the hackers to get your data and gain access to your device. And from there on, it’s an open sandbox for them to play with. They can do whatever they want with your device, but there’s one guarantee- whatever they do is not going to do you any good.
2. Holding Your Data And Device For Ransom
The ransomware attack is the most familiar in the IoT industry. Through this, what the hacker usually does is that they would gain access to an IoT device, and cut off the legitimate user’s access. Then they would ask for a ransom for restoring the user’s access to that device.
While this may not seem to be as dangerous, it is a serious threat. Once the hackers have gained access to your data, they can use it for many malicious ends, things you don’t even have any idea about. And not to mention, there is no guarantee that they would give you back the access to your data once you pay them. And that’s why implementing some serious security protocols in place is needed to prevent your device and data from ransomware attacks.
3. Doing Serious Damage To Your Home
This one might seem a little petty, but here we go anyways.
Imagine having a smart thermostat, which you can control using online access. Now imagine going out on a vacation with your family, making sure that everything around the house is shut down, even the thermostat. However, when you get back, you see that the thermostat turned up to its highest setting on its own, melting every plastic thing in your house.
But did it happen on its own? How are you going to find out whether it just happened or someone purposefully hacked into your smart home system and used the thermostat to seriously damage your home? Stealing the authorization details, hackers can do this for multiple reasons, ranging from personal vendetta to trivial entertainment because they were bored. Either way, it is your home that will be damaged.
4. Actively Robbing Your Home
When details such as passwords and user IDs, along with device IDs are being sent to an unknown third-party domain without any encryption, the data can be used in many ways, and one of them can be to rob your home.
Think about how a hacker-robber group can hack into the security system of your home, disable it and then walk into your home to steal everything from you. This is a bold use of smart home data breaches, and it can be quite fatal in case someone is home when they decided to hit the house. In this case, the loss of data security can result in serious loss of physical property as well.
5. Launching A Botnet Attack
Last but not least, gaining access to your IoT smart home devices, the hackers can turn these devices into zombie devices and launch a botnet attack. A botnet is a number of internet-connected devices. Each of these devices is running one or more bots, which can be used to perform distributed denial-of-service attacks.
Through this, the hackers can also steal important data, send spam emails, getting the attacker access to the device, this is not only going to create a problem for you but others as well.
With a DDoS attack, the botnets can connect to a website, generating so much traffic that the website crashes, leaving them vulnerable for many data exploitations. Using your IoT device, the hackers can launch a similar botnet attack to that of the Mirai Botnet attack of 2016. The Mirai botnet attack brought down a french host OVH. and that’s how your smart home devices can be turned into a weapon to bring down popular websites around the world.
What Is Going To Be The Solutions?
Every problem has a solution, and so does this one.
There have been plenty of solutions suggested for the data security of IoT devices. But so far only two of these solutions stand out. One is the use of machine learning, another being Blockchain.
The Machine Learning Solution For Smart Homes
Rather than looking for a security solution for each device, AI and machine learning can create a shield of security for all the IoT devices for your home network. Deep learning and machine learning can not only monitor each and every device connected to the network, but they can also detect and prevent any unwanted and unknown device trying to connect with the home network.
The use of AI comes in handy when analyzing the network traffic. This way the AI can keep up with the general traffic flow of each of the devices and detect any anomalies in the normal flow of traffic. Which means fewer chances of any hackers getting inside your home network. You can check out these top 10 highly performing smart home apps making it big.
Along with these benefits, the use of Machine learning and deep learning can also detect botnet activity, manage device authentication and access management. This way they can manage to give your smart home network 360-degree security without worrying you.
The Blockchain Solution To All Things Smart-homes
The main problem with the smart home network is the centralization of data, which could be easily hacked into. And that’s why Blockchain can provide a decentralized solution to this problem.
Once the smart home IoT systems start utilizing the blockchain system for data communication, the security will increase tenfold, because it is close to impossible to hack into a blockchain network and change the data. To do so, the hacker would have to have control of 51% of the devices connected, and when the number of connected devices spans millions, it can be a little tough.
Not to mention, blockchain in IoT will end the trend of data monopolization. Your data won’t be a subject of daily business deals with large conglomerates. Blockchain can bring affordability and security for smart homes that people have been asking for a long time.
So does it mean you should not be using smart home technology?
The answer is no, absolutely not. It is undeniable that smart home technology has its own benefits and you should be able to take advantage of that. But only after you have made sure of your data security. Once you have made sure that all the devices you are using are secure. You can make use of IoT devices for your home as much as you want. Always remember that the security measures for your home IoT devices are not a matter of joke.
How PKI & Embedded Security Can Help Stop Aircraft Cyberattacks
by August 27, 2019 by Alan Grau, VP of IoT, Embedded Systems, Sectigo
On July 30th, the U.S. Department of Homeland Security Cybersecurity and Infrastructure Agency (CISA) issued a security alert warning small aircraft owners about vulnerabilities that can be exploited to alter airplane telemetry. At risk to cyberattack, the aircraft’s Controller Area Network (CAN bus) connects the various avionics systems–control, navigation, sensing, monitoring, communication, and entertainment systems–that enable modern-day aircraft to safely operate. This includes the aircraft’s engine telemetry readings, compass and attitude data, airspeeds, and angle of attack; all of which could be hacked to provide false readings to pilots and automated computer systems that help fly the plane.
The CISA warning isn’t hypothetical, and the consequences of inaction could prove deadly. Airplane systems have already been compromised. In September 2016, a U.S. government official revealed that he and his team of IT experts had successfully remotely hacked into a Boeing 757 passenger plane as it sat on a New Jersey runway, and were able to take control of its flight functions. The year before, a hacker reportedly used vulnerabilities with the IFE (In Flight Entertainment) system to reportedly take control of flight functions, causing the airplane engines to climb.
The Boeing 757 attack was performed using the In-Flight Entertainment Wi-Fi network.
A researcher with security analytics and automation provider Rapid7 wrote about the security of CAN Bus avionics systems in a recent blog and discussed the challenge at this year’s DEFCON security conference. He explained, "I think part of the reason [the avionics sector is lagging in network security when it comes to CAN bus] is its heavy reliance on the physical security of airplanes . . . Just as football helmets may actually raise the risk of brain injuries, the increased perceived physical security of aircraft may be paradoxically making them more vulnerable to cyberattack, not less."
A False Sense of [Physical Access] Security
The DHS CISA warning stated, "An attacker with physical access to the aircraft could attach a device to an avionics CAN bus that could be used to inject false data, resulting in incorrect readings in avionic equipment.” CISA fears that, if exploited, these vulnerabilities could provide false readings to pilots, and lead to crashes or other air incidents involving small aircraft. Attackers with CAN bus access could alter engine telemetry readings, compass and attitude data, altitude, and airspeeds. Serious stuff.
Not all of these attacks required physical access.
These risks should serve as a wake-up call to everyone in manufacturing. Any device, system, or organization that controls operation of a system is at risk, and the threats can originate from internal or external sources. It’s critical for OEMs, their supply chains, and enterprises to include security and identity management at the device level and continually fortify their security capabilities to close vulnerabilities.
Security Solutions for Avionics Devices
Today’s airplanes have dozens of connected subsystems transmitting critical telemetry and control data to each other. Currently, tier-one suppliers and OEMs in aviation have failed to broadly implement security technologies such as secure boot, secure communication and embedded firewalls on their devices, leaving them vulnerable to hacking. While OEMs have begun to address these issues, there is much more to be done.
Sectigo offers solutions so that OEMs, their supply chains, and enterprises can take full advantage of PKI and embedded security technology for connected devices. Our industry-first end-to-end IoT Platform, made possible through the acquisition of Icon Labs, a provider of security solutions for embedded OEMs and IoT device manufacturers, can be used to issue and renew certificates using a single trust model that’s interoperable with any issuance model and across all supported devices, operating systems (OS), protocols, and chipsets.
Much like the automotive industry, the aviation sector has a very complex supply chain, and implementing private PKI and embedded security introduces interoperability challenges. With leading avionics manufacturers introducing hundreds of SKUs per year, maintaining hundreds of different secure boots within a single aircraft is complex, cumbersome, and ultimately untenable. Using a single homogenous secure boot implementation greatly simplifies the model.
Purpose-built PKI for IoT, such as the Sectigo IoT Manager, enables strong authentication and secure communication between devices within the airframe. Using PKI-based authentication prevents communication from unauthorized components or devices and will eliminate a broad set of attacks.
Embedded firewall technology provides an additional, critical security layer for these systems. This is particularly relevant for attacks such as the Boeing 757 attack via the airline Infotainment Wi-Fi Network. An embedded firewall provides support for filtering rules to prevent access from the Wi-Fi network to the control network.
Icon Labs embedded firewall has been has deployed in airline and automotive systems to address attacks such as these. In both instances, our embedded firewall sits on a gateway device in the vehicle or airplane to prevent unauthorized access from external networks or devices into the control network, or from the Infotainment network to the control network. We continue to see interest in this area, indicating manufacturers are beginning to act.
From Cockpits to Control Towers
Securing connected devices in aviation is not limited to airplanes. The industry requires secure communication between everything on the tarmac, from cockpits and control towers to provisioning vehicles and safety personnel. For that reason, Sectigo provides an award-winning co-root of the AeroMACS consortium, which addresses all broadband communication at airports across the world and calls for security using PKI certificates to be deployed into airplanes, catering trucks, and everything else on the tarmac.
Future Proofing with Crypto Agility
It’s worth noting that aviation is also uniquely challenged by the tenure of its components. Unlike devices that are designed to last for months or years, airplanes are designed to last for decades. Advances in quantum computing, which many experts believe is just around the corner, threaten to make today’s cryptographic standards obsolete. Aeronautical suppliers need to be prepared for this coming “crypto-apocalypse” and to update the security on their devices in the field while the devices are in operation. Sectigo’s over-the-air update abilities provide the cryptographic agility to guard against this upcoming crypto-apocalypse (listen to the related Root Causes podcast).
The ecosystem has fast work to do. Manufacturers must secure the CAN buses in their existing, and future fleets – whether those planes idle on fenced tarmacs, or in airplane hangars. In the meantime, CISA counsels that aircraft owners restrict access to planes avionics' components "to the best of their abilities,” leaving passengers to hope security soon extends beyond their TSA experiences.
Read this blog online at https://sectigo.com/blog/how-pki-and-embedded-security-can-help-stop-aircraft-cyberattacks
When Refrigerators Attack - How Cyber Criminals Infect Appliances, and How Manufacturers Can Stop Them
Alan Grau, VP of IoT, Embedded Systems, Sectigo
Homes and businesses worldwide are vulnerable to attacks from cyber thieves and other bad actors – and not just through their computer networks. The embedded electronics inside appliances present an easy path of entry. It’s already been happening. According to Business Insider and Proofpoint, one of the first refrigerator incidents occurred in late 2013 when a refrigerator-based botnet was used to attack businesses.
Some of these attacks, such as infecting appliances with botnet malware, don’t really have much effect upon a family’s security and safety. In fact, if a “smart” refrigerator gets infected by a bot, the homeowner might not even notice anything wrong.
However, connected-appliance based cyberattacks are not limited to just refrigerators – and they are rarely one-off incidents. Almost any type of appliance can be hacked and used to host a botnet that could attack the web. According to Wired Magazine, a botnet of compromised water heaters, space heaters, air conditioners and other big power consuming home appliances, could suddenly turn on simultaneously, creating an immense power draw that could cripple the country’s power grid.
A bot, quite simply, is an infected computer. Many cyberattacks, like the Mirai Malware and the Dyn attacks, infect a network of computers, including “smart” connected devices such as home appliances, security cameras, baby monitors, air conditioning/heating controls, televisions, etc., and turn them all into compromised servers. These compromised servers then act as nodes in an attack and together create a botnet. They can participate in a variety of coordinated attacks, infecting other devices and expanding the network of bots, or participating in Denial of Service attacks.
Caption: A bad actor or cyber criminal can send infected messages to a home or business network that targets various appliances or machines. Once infected, that machine is under the control of the bad actor and can be used to send out thousands of infected messages to new targets worldwide. The botnets can also send out millions of dummy messages to a single target – overwhelming it and putting it out of service.
Without any apparent symptoms or notice, a criminally enhanced refrigerator could be generating and sending out thousands of attacks every minute. In addition to the homeowner or business manager never realizing what is going on, these attacks may be unstoppable until unless the machine itself is disconnected from its web connection.
Additionally, the infected refrigerator could spread malware from the kitchen to the home’s “smart” TVs, to the home’s computer networks, to other smart devices in the home, and even to connected smart phones. Every target could be transformed into malicious bots that distribute millions of infected spam messages and cyber-attacks.
So how do we combat this threat?
Unfortunately, end users really have no power to fix this problem. There is probably no way for a homeowner, office manager – or even an experienced refrigerator repair person – to talk to a refrigerator’s electronics. No way to get into the appliance’s software and middleware to identify and kill an infection. However, if the homeowner suspects an infection, they could disconnect the refrigerator from the its internet connection to make it “dumb” again.
Fridge caught sending spam emails in botnet attack - In the first documented attack of its kind, the Internet of Things has been used as part of an attack that sent out over 750,000 spam emails
It is up to device manufacturers to protect against these attacks.
So how do manufacturers combat this type of attack? How can they ensure that appliances in homes and offices do not get infected to cause mayhem?
Security starts in the design process for the refrigerator itself, as well as for the appliances’ various electronic components and control surfaces. Most appliance manufacturers get their control sub-assemblies from a wide network of smaller manufacturers, sometimes with a worldwide supply chain. These suppliers need to make sure that the chips and sub-assemblies they use are secure from hacks.
Two important security practices can be utilized by appliance makers:
- Embedded Firewall with blacklist and whitelist support – Protect appliances and edge devices from attacks by building firewall technology directly into the appliance. An embedded firewall can review incoming messages from the web or over the home network and, via a built in, and regularly updated blacklist, reject any that are not previously approved.
- Secure Remote Updates and Alerts – Validate that the firmware inside the device is authenticated and unmodified before permitting installation of any new firmware updates. Updates ensure the incoming software components have not been modified and are authenticated software downloads modules from the appliance manufacturer.
Most consumer and device manufacturers have heard about the potential for attacks on smart devices like door locks, baby monitors, and home thermostats, but this risk awareness needs to expand to types of connected systems – including appliances. An infected refrigerator sending out malware is not just a funny story. These systems have been attacked and used to spread malware. Ensuring the security of these devices is necessary to protect home network, slow the spread of malware and even protect credit card numbers or other personal data stored in smart home devices.
# # #
EXTRA PROOF POINT FOR COLUMN
Refer to: https://www.cnet.com/news/fridge-caught-sending-spam-emails-in-botnet-attack/
Author Bio - Alan Grau, VP of IoT, Embedded Solutions, Sectigo
Alan has 25 years of experience in telecommunications and the embedded software marketplace. He is VP of IoT, Embedded Solutions IoT at Sectigo, the world’s largest commercial Certificate Authority and provider of purpose-built, automated PKI solutions. Alan joined Sectigo in May 2019 as part of the company’s acquisition of Icon Labs, a leading provider of security software for IoT and embedded devices, where he was CTO and co-founder, as well as the architect of Icon Labs' award-winning Floodgate Firewall. He is a frequent industry speaker and blogger and holds multiple patents related to telecommunication and security.
Prior to founding Icon Labs, Alan worked for AT&T Bell Labs and Motorola. He has an MS in computer science from Northwestern University.
Sectigo provides award-winning, purpose-built and automated PKI management solutions to secure websites, connected devices, applications, and digital identities. As the largest commercial Certificate Authority, trusted by enterprises globally for more than 20 years, and more than 100 million SSL certificates issued in over 200 countries, Sectigo has the proven performance and experience to meet the growing needs of securing today’s digital landscape. For more information, visit www.sectigo.com.
The Internet of Things promises a smart, fully-connected world where physical objects and services are interlinked to benefit society. According to a Statista report, by 2020 the number of IoT-enabled devices worldwide will reach 30.73 billion. From smart home appliances to connected medical devices to self-driving cars — we are moving full steam ahead towards the Internet of Everything.
But such ubiquitous connectivity raises many concerns regarding safety, and rightfully so. In October 2016, Mirai, arguably the most infamous IoT botnet, caused major disruptions and resulted in several high-profile Internet services inaccessible.
With the continuously expanding IoT attack surface, the existing security practices often fall short. To address the new threat landscape, engineers harness the power of machine and deep learning to deliver robust, secure IoT solutions for a safer connected world.
Network traffic analysis
The sheer amount and diversity of IoT devices make it extremely difficult for network administrators to reliably monitor M2M and M2H interactions. Various network communication protocols — Bluetooth, Zigbee, WiFi, LoRaWAN, MQTT — add another layer of complexity.
To tackle the challenge at hand, researchers are leveraging machine learning to analyze IoT device traffic and establish legitimate behavioral profiles. Trained to recognize baseline behavior, ML algorithms can successfully detect any traffic anomalies and intrusions. Unsupervised learning goes further and detects even previously unseen attacks, helping to boost IoT security.
Botnet activity detection
The above mentioned Mirai botnet managed to infect over 600,000 IoT devices to pull off one of the largest DDoS attacks on record. The thing with IoT botnets is that they work silently, without compromising the infected device performance..
Traditional signature-based botnet detection methods prove ineffective as bots with slightly different signatures can go undetected. The same goes for zero-day attacks. Deep learning, in its turn, has the potential to improve botnet detection and enhance cybersecurity. As one of the options, researchers suggest using deep autoencoders — unsupervised neural networks — that can learn complex patterns and detect infected IoT devices with low false alarm rates.
IoT device authentication
Viewed as the first line of security, authentication ensures that users and devices can be trusted to be what they declare to be. In large IoT ecosystems with millions of connected devices, strong authentication becomes as important as it is challenging.
In addition to network heterogeneity and complexity, limited computational ability and power of IoT-enabled devices do not allow using traditional authentication techniques. Minimal storage capacity of embedded systems also contributes to the complexity.
Machine learning offers new capabilities in enforcing secure authentication and improving resistance to identity-based spoofing attacks. Recent researches demonstrated the success of deep learning-based RF fingerprinting for highly accurate IoT device identification based on RF emissions.
IoT access management
Another pillar in IoT security, access control helps keep unauthorized users and devices away from protected network resources. Given the complexity of IoT ecosystems and enormous amounts of IoT-generated data, static, context-unaware access control rules cannot ensure adequate levels of protection.
Keeping in mind these limitations, a reinforcement learning model can be applied to dynamically optimize access control policy. The model continues to improve over time and takes into account multiple contexts that smart devices are used in. The authors also suggest leveraging blockchain technology to provide a distributed access control architecture that can be a better fit for a decentralized IoT environment.
As the number of connected devices is growing at a breathtaking pace, IoT security remains top of mind for manufacturers, enterprises, and consumers alike. An IoT ecosystem is only as strong as its weakest link. Without proper security in place, an infected IoT device cannot only compromise thousands of others but give access to your personal information or participate in a massive DDoS attack.
New security threats and vulnerabilities require new approaches, and machine learning lends itself well to the challenge. From detecting anomalous behavior of IoT devices to accurate fingerprinting to adapting access control policy, machine and deep learning help enhance IoT security.
The smart technology of IoT or Internet of Things is really changing the technological landscape from all aspects. It is a network of connected devices that work through exchanging data between each other through a cloud network.
IoT technology has had a deep impact on the world of technology and web development is one of them. You might ask how these two things are connected, well, as it turns out, IoT devices need to work with web development because it needs both a front-end and back-end development, and that is where web development comes in. in the past few years, IoT has changed the web development in a lot of ways. Here are a few examples of that.
- Continuous Website Optimization
Internet of Things is a constantly evolving sector and there is no possibility of this stopping soon. And that is why the web developers have to constantly keep on optimizing their websites to match the evolving nature of the website. This is the only true way to stay relevant in the industry of IoT.
- Raising The Bar On The Expertise
IoT has definitely increased the bar on the expertise when it comes to the knowledge of coding and framework. IoT developers need better knowledge of web development languages and database management.
- Speed Of Data Transaction
The traditional data process is through request analysis by web servers. But this process is not useful when it comes to IoT. for IoT devices, the data transaction speed is much higher and that is why the traditional process is replaced by the cloud data transmission process. This way the devices work faster by transmitting data faster.
- Need For An Increase In Security
IoT devices are more prone to get hacked and manipulated by hackers. And that is why web developers have to up their security game. A normal security protocol for web development is not enough for IoT devices. They need stricter security design pattern for the connected device's network to keep it safe for the users. You can follow the best practices for mobile app security here as well.
- Power Management Needs
On an IoT network, the programs that run in the background drain a lot of power. This results in decreased communications and work. And that is why web developers have to design the layout in such a way that it will minimize the amount of power being used. Before you go forward with the web development plan for IoT device network, you have to design a power management plan.
- Dynamic UI
The normal UI design process by web developers has changed a lot due to the IoT industry. And that is why the developers have to rethink their UI development approach. Following the best practices to develop IoT based designs is the right way to go for web developers today.
The impact of IoT is all-encompassing and even web development is not out of its impact. The developers have to change the normal practices they used to follow to match pace with the constantly evolving process of Internet of Things. Above mentioned are only a few ways IoT is effecting web development. The impact is even deeper than you think and it is going to get even deeper with time.
Bad Cars: Anatomy of a Ransomware Attack
By Alan Grau, VP of IoT, Embedded Systems, Sectigo
TV and science fiction writers have let their imaginations run wild with theories about what could happen if your car was attacked by bad actors. There have been a few real-world cases where white-hat hackers and researchers have been able – in limited, controlled instances – to actually penetrate a car’s electronics and communications systems, take over the car’s steering and acceleration systems, and potentially do real damage.
However, there are other scenarios that might not be as obvious or as dramatic.
For example, what if your car’s computer was infected by a virus that greatly reduced the engine’s efficiency or capped the car’s maximum driving speed? What if the virus did something less dramatic, such as make the car unable to lock the controls for automatic window operation, or simply prevent the car from starting? No one would die, but the car owner would be very upset, posing a disaster for the automobile’s manufacturers.
Motor City Ransomware
Electric Vehicles require sophisticated control and safety technologies for their electrical power systems to safely manage the high voltages that store and distribute from their battery systems. If something goes wrong, the car cannot operate, people could get electrocuted, or the car could burst into flames or explode. These are real dangers that are managed by the car’s network of fuses, circuit breakers, and control systems.
What would happen if a cyber hacker got into these sensitive electronic systems and turned off the safety and control system?
Why would someone do this? Money, of course.
Suppose the bad guys successfully penetrated and infected these vehicles? Imagine now that they had the software or security keys that could fix these problems, but hold them as ransom, jeopardizing an automaker’s entire fleet of new cars.
How many millions (or tens of millions) of dollars would the automaker pay to get that solution? Holding a manufacturer hostage is a very real possibility, as evidenced by the results that today’s hackers are getting by attacking hospitals and cities and successfully extracting substantial ransoms to just return these institution’s data. In a recent WIRED article, The Biggest Cybersecurity Crisis of 2019 So Far, which discusses the risks to “things” and across supply chains, the FBI explained, "We are seeing an increase in targeted ransomware attacks. Cyber criminals are opportunistic. They will monetize any network to the fullest extent.”
Pre- and Post-Assembly Infections
It is possible that cars could be infected before they even hit the auto dealers’ lots. Bad actors have the capability to infect a small electronic part, essential to the auto manufacturing food chain, purchased from one of the hundreds of component suppliers.
How could auto manufacturers possibly test each electronic element? It is almost impossible - and requires that parts manufacturers themselves take more care in their software development process to ensure the software in these components are not infected during manufacturing process, or during the testing and shipping processes.
Of course, cyber infections could happen on the actual assembly line where the cars are put together. With many car manufacturing plants using IoT connected robots and machines, there is always a possibility of infection happening on the assembly line.
These components could even become infected after assembly, during the manufacturers’ testing and process. Infection, during installation, or with after-market parts and upgrades, could arise after the vehicles arrive at the dealers’ facilities.
Already aware of the possibility and the potential disastrous effects of infected cars reaching the market, manufacturers throughout the supply chain need to become more aware of how their devices could be attacked and infected even before they leave the warehouse. This means embedding IoT security from day one - from the smallest electronic components to final assembly of motors, transmissions and other large vehicle components.
Sectigo (formerly Comodo CA) provides award-winning, purpose-built and automated PKI management solutions to secure websites, connected devices, applications, and digital identities. As the largest commercial Certificate Authority, trusted by enterprises globally for more than 20 years, and more than 100 million SSL certificates issued in over 200 countries, Sectigo has the proven performance and experience to meet the growing needs of securing today’s digital landscape. For more information, visit www.sectigo.com.
Heavy equipment is mainly used extensively in industries such as construction, oil and gas, mining, forestry, energy, civil engineering, military engineering, transportation, and many others. Industrial heavy machines include construction equipment, wheel loaders, oilfield pieces, manufacturing equipment, earthmovers, hydraulic cranes, bulldozers, oversized trucks, forklifts, and more. Organizations rely on heavy machinery to speed up production and to avoid human errors or health risks.
With developments in IoT, it is possible to decrease equipment downtime while improving the efficiency of the output. Companies that supply industrial machinery and components are seeing strong interest in connected machinery and components which providing many IoT consulting Companies. IoT-powered asset management solutions offer a host of benefits, including predictive maintenance to prevent equipment failure, increased asset reliability, improved asset health, accident avoidance in the workplace, and downtime reduction.
Smart Asset Monitoring with IoT
Safety of personnel and assets, theft or pilferage of assets, accidents and resulting injuries, and bottlenecks in the supply chain are some of the common challenges that are prevalent in asset-intensive industries like manufacturing, utilities, construction. By improving visibility into day-to-day operations, replacing legacy systems with an integrated solution and automating manual processes, many of these challenges can be overcome.
Digitalization, combining connected devices with IoT-based solutions, can help to overcome these issues. End-to-end clarity on the status of the equipment enables improved decision-making, increases asset reliability, and also improves the people and process efficiency. With the advances in technology, mature organizations have heavy machinery that is computerized, automated and enabled with connectivity and big data analytics, which increases the efficiency of the overall product development process.
Use cases: IoT in heavy machinery management
Let’s take a look at some of the use cases where IoT is transforming the way heavy equipment and related assets are managed.
Smart heavy equipment in warehouse management
Material handling equipment like trucks, forklifts, pallet trucks, and pump trucks are very important for any warehouse to perform daily activities such as loading, unloading, transporting goods to different areas, and picking goods from risky areas. Needless to say, these machines and their operators need to be managed properly to minimize the chances of accidents. Warehouse operators need to take preventive measures for vehicle accidents and injuries that occur while from shifting material, and take proper care while handling hazardous materials.
Today, futuristic warehouses are using driverless robotic equipment to assist in picking and moving operations. Guidance systems like global positioning system (GPS), lasers, and radio-frequency identification (RFID) are used in such warehouses and equipment.
For example, advanced driverless pallet trucks and forklifts are equipped with audible warnings and lights and have built-in sensors to detect obstructions. These sensors come with lasers or camera systems, which are positioned to detect objects and activity from the floor and are able to determine the height and distance around all sides of vehicles and warehouse corners. This makes the equipment intelligent – it knows when to slow down and stop to avoid a collision.
With the recent advances in IoT for warehouse equipment, the market has a new breed of smart forklifts that come equipped with 360-degree detection forklift antenna, which is able to detect when the workers come into forklift zone. When a worker is detected within the predefined danger zone, audio and visual alarms are set off inside the forklift cab to alert the driver. This helps to reduce the risk of injuries and property damage.
Smart heavy equipment in the construction sector
According to a MarketandMarkets report, the heavy construction equipment market size is estimated to grow from USD 121.46 Billion in 2015 to USD 180.66 Billion by 2020, at a CAGR of 7.0%. Depending on the construction application, heavy machines are mainly categorized into four types:
- Earth moving equipment
- Construction vehicles
- Material handling equipment
- Construction equipment
Wireless technology has a huge impact on the construction industry to provide connectivity for heavy equipment. These machines use technology-enabled devices combined with cloud computing, allowing storage and sharing of data.
IoT is playing a key role in boosting productivity, improving preventive maintenance, minimizing downtime, and reducing repair costs. Sensors integrated with the equipment are able to detect and send automated alerts related to the status of the equipment systems and parts. They can also compile and analyze usage and maintenance data, helping with preventive and predictive maintenance.
One of the major problems in the construction industry are injuries caused due to accidents involving people and heavy equipment. As the number of heavy equipment continues to rise, the risk also increases. IoT can help to make the equipment smarter and safer.
Additionally, IoT can help to track assets as they move around the site, or to a different site, ensuring that the assets are never stolen or lost – an ongoing issue on large construction sites that causes delays and decreases productivity.
Smart heavy equipment in transport and logistics
Transportation and logistics businesses want to optimize the supply chain. Many transportation companies are already using mobile devices, such as barcode scanners, mobile computing devices, and radio frequency identification (RFID) to solve challenges related to the supply chain. With RFID, many companies are achieving a high level of shipping and receiving accuracy, inventory accuracy, and faster order processing, along with a reduction in labor costs.
However, due to drivers’ careless behavior, while driving heavy trucks or conveyors, company owners have to shell out a big amount for accident-related injuries, material loss or shipping delays. By using advanced technology that is capable of monitoring driver’s behavior and delivering alerts in case of possible collisions, the risk of these issues can be minimized.
Computer vision-based techniques and ADAS solutions, with a number of onboard sensors, can help with lane detection, traffic signal detection, driver behavior detection, GPS tracking, fuel management, report generation, notification alert, and predictive maintenance.
Using such solutions, the driver receives support to detect and avoid accidents. It is also possible to monitor a driver operating a heavy machine and automatic alerts can be generated if the driver is sleepy or inactive for a long duration.
Another effective solution for tracking of heavy machines/vehicles is based on installing GPS fleet tracking devices on the vehicles to gain real-time data updates. This is an efficient and secure solution that helps to resolve issues related to operational inefficiencies, theft, and fleet maintenance, increasing the overall productivity of the machines and vehicles.
Plenty of companies yearn to integrate cloud computing with their IT infrastructure but feel hesitant to do so due to concerns about data security. A lot of public cloud host service providers make use of the same hardware infrastructure to manage the needs of various clients which can compromise the security of data systems.
However, it is possible to hire the expertise of private cloud computing companies as they follow data security methods that can work for HIPAA and PCI-sensitive organizations. By getting private cloud computing solutions, companies can have greater control over their data security needs.
Here are 5 handy tips for implementing cloud computing concepts while maintaining the highest levels of security.
- The first thing that you need to keep in mind is the location of your data. Unless you know the location of your data, it won’t be possible for you to secure it. While it is still important for you to use technologies like firewall, data encryption, and intrusion detection methods, knowing your data’s location allow you to prevent security breaches when the cloud system stops working. You should be able to use dedicated hardware to implement stringent security parameters for your data that you share through cloud computing.
- Make sure that you keep your data perfectly backed up. When you take backups of your data, you can be sure of the fact that your data is safe against any kind of losses. This can also help you secure all important information about your business and provide you with the peace of mind that you seek.
- The data centers that you choose to work with for your company should always take data security in a serious manner. They should be able to implement the best security measures in the servers in which your data is kept. It is important that they are PCI or HIPAA certified and SSAE 16, SOC 2 and SAS 70 audited. Managed services like intrusion detection, firewalls and antivirus can really work out well for you by making your data, applications, and enterprise more resilient.
- A good way to ensure security for your data would be to check out the clients that a cloud service provider has worked with. By seeing whether the cloud provider has already worked with clients in the past requiring critical and stringent security measures, it is possible for you to make sure that your data is in good hands. Organizations operating in the financial, insurance, healthcare and government sectors are certainly good examples requiring high-end data security. By contacting these companies, you can be sure if they offer excellent data security.
- It is important that you also carry out detailed tests to ensure that the cloud systems are equipped with the best security features.
These are the top 5 and most important cloud computing security tips that many app development companies india agencies are adopting in their development and implementation processes so as to have better security for their product or services.
Your home security system. Air condition system. Your car. Why, even your coffee maker. Almost every imagine digital appliance is now connected to the Internet. The era of connected things has arrived.
IoT is no longer a science project that businesses are putting off for the future. It is a promise to a future that must be leveraged now. In fact, today, it is more difficult to find a coffee-maker or any home appliance without Wifi or Bluetooth connectivity. Not just at homes, even at corporations, connected devices has become a serious boardroom topic. According to DigiCert’s State of IoT Security survey 2018, 83% of organizations say the Internet of Things (IoT) is important to business today, and 92% say it will be in two years.
IoT can bring to businesses several benefits like improved operational efficiency, new revenue channels, business agility, and enhanced customer experience.
However, there are enterprise concerns that dwarf the possibility of gaining these benefits.
Among the top 4 enterprise concerns for IoT are security and privacy.
Source: DigiCert’s State of IoT Security survey 2018
How the Internet of Things can become the Internet of ‘Threats’
If not controlled, secured and monitored, the Internet of Things can go from smart connected things to a web of connected threats. Here are some ways how connected devices can go rogue.
#1 The connected risk of BYOD
Global corporations are losing no time in enabling their employees with BYOD (Bring Your Own Device) and WFH Work From Home working models. Although these working models amplify productivity, they also carry with them the risk of IoT.
For instance, an insecure connected device at an employee’s home can be hacked into by a hacker thereby gaining access to the office system. If the employee has failed to take adequate security measures for the office gadgetry, then it leaves the ground open for the hacker to seed an infectious malware, virus or anything malicious into the office network. That is the connected risk of BYOD which IoT creates.
#2 DDoS attacks
Source: DigiCert’s IoT Security Infographic
Do you know that insecure IoT devices can take down cities? IoT botnets combined with DDoS attacks can bring connected urban infrastructure to a grinding halt. This is not any sci-fi or fictional scenario. Hackers can track down IoT sensors, hack into their weak interfaces and run commands to shut down services or to hijack their functioning.
To cite a real-world example, cities like New York, Singapore, Barcelona, etc. are already running extensive public utilities with the help of IoT. IBM’s white paper - The Dangers of Smart City Hacking found more than 17 security vulnerabilities that make it “painfully easy” to take down large IoT-based urban networks. The security vulnerabilities included public default passwords, SQL injection, authentication bypass and so on.
#3 Premise Intrusion
Home security device shipments worldwide is expected to touch 700 Millions by 2019. According to Alarms.org, three-fourth of homeowners buy security systems that can be monitored through their mobile devices. While these systems saves time and provide convenience, they also become easy targets that hackers can infiltrate easily.
By hacking into the smartphone or a weak smart device, the hacker can take down the home security system thereby gaining access to the entire household. The same scenario applies to corporate offices as well, which makes IoT a certain Internet of Threats.
So, do these security threats mean that it is the end of the road for IoT app development? Not so. There are best practices that enterprises can embrace to insulate their IoT networks from vulnerabilities.
Best practices to establish security in IoT app development
IoT is a relatively new concept. The IT industry as a whole is yet to attain widespread knowledge and authority on its usage, maintenance and security. Here are some best practices that can help thwart the security risks involved in IoT app development.
#1 Review the risk involved
Having a brief idea of the risk landscape will help device a strategic security policy specifically for IoT devices. Penetration testing can be carried out to identify key vulnerabilities that should be addressed on high priority. For example, default public passwords is a vulnerability that can be resolved quickly without much ado.
#2 Setup device identity
Each device in the IoT network must be identified and tagged to grant secure access. Use secure over-the-air updates to keep the device security intact and in tune with the latest development.
More than the connected device, it is the data that it creates and exchanges that is of value. Every data exchange by the devices in the network should be secured with end-to-end encryption, code signing or with SSL certificates.
#4 Public Key Infrastructure
Public Key Infrastructure (PKI) can help create the basic framework required for authenticating device identities and for establishing the integrity of security patches. It also facilitates easier management of public-key encryption thus making it a perfect choice for establishing IoT security.
#5 Plan long-term
IoT is going to be here for the long-term. It is not any short-term fad that can be easily replaced. It is got a strong hardware presence which cannot be removed easily. Hence, any security measures made for IoT networks should be planned for the long-term.
With the promise of IoT comes several perils as well. IoT botnets can take down large-scale and sensitive connected networks, including urban infrastructure, home security systems, etc. McKinsey Global Institute estimates the economic impact that IoT can create to be in the range of $3.9 trillion to $11.1 trillion worldwide by 2025. But, the true economic benefit of IoT can be attained only if it is secured and insulated from security threats. To sum it up, security should be the bottom line of IoT app development. Without security, IoT can create more damage than the benefits that it can provide.
A Broad View of the Impact of Artificial Intelligence on Remanufacturing
The advancement and utilization of Artificial Intelligence (AI) is poised to make a similar impact in the 4th Industrial Revolution we are currently experiencing as Henry Ford’s assembly line did over 100 years ago. A convergence of machine learning algorithms, big data analytics, and connectivity between machines due to Internet of Things (IoT) capabilities are impacting and reshaping industry and business around the globe. Here is a broad overview of some of the contexts within remanufacturing these advances are rapidly being applied.
Design for Remanufacturing
Barriers for remanufacturing can always be traced back to the initial product design stage. If products were better designed to accomplish the goals of the remanufacturing process, massive improvements and efficiencies can be accomplished. The adoption of ubiquitous information and communication technologies (ICTs) thanks to elements of advanced AI as described above continue to blur the lines between virtual environments and the real world to create more sophisticated cyber-physical production systems (CPPSs).
Advanced Remanufacturing Processes
Artificial intelligence technologies are exponentially expanding computing power and connectivity which results in greater volumes of data that can be analyzed in a more robust manner than ever before. This will allow remanufacturers to think big and push the envelope to develop more ambitious goals and objectives for their programs. Lack of data or advanced robotics capabilities will no longer be impediments for remanufacturers to successfully process a higher percentage of product components and materials.
Robotics in Remanufacturing
Robots have already proven their capabilities in remanufacturing under certain conditions with relatively small and simple batches of components that usually involve some significant human oversight. Advances in AI are moving the needle in identifying and creating new patterns in the way humans and machines interact. This application of emerging technology shows significant promise to expand the capabilities of robotics in remanufacturing to tackle progressively more complex scenarios with less and less human interaction with greater efficiency.
Critical Failure Prediction
In industrial manufacturing settings, there is continuous pressure to improve efficiency, increase productivity, and reduce costs. IoT connectivity and other elements of AI are being brought to bear in this environment to improve predictive maintenance and avoid machine failure during critical phases of production. These same benefits of monitoring automated equipment on the front-end of the manufacturing process can also deliver the same benefits to the remanufacturing setting as well. Not only can unexpected downtime be eliminated, but the ability to plan and schedule preventive maintenance more proactively and efficiently can occur as well.
One of the most significant challenges all remanufacturers face is predicting how much demand there will be for returned products with the flow of returned items coming into the remanufacturing process. Of course, the quality of the materials being returned can make a significant difference as well. AI technologies can greatly improve upon existing forecasting models that attempt to predict product returns. Elements of Big Data and Machine Language Learning can leverage and up-date real-time data on sales, product usage, and warranty activity and more accurately predict product life expectancy and the rate and timing of returns into the remanufacturing process.
Resilient Remanufacturing Networks (ReRuN)
Sustainability is the objective of remanufacturing in a world that has shifted from a linear model where products used to end up in a landfill once they are no longer functioning for their intended use. As a society, we continue to grow more aware of the finite nature of our natural resources that has led companies to produce products according to a circular model whereas many components of an item are reused as many times as is practical.
As stated in the points above, AI and other emerging technologies are already making significant improvements in all phases of the product life-cycle that occur prior to remanufacturing. By embracing a ReRuN mindset that is calculated as early as the product concept/design phase, remanufacturing outcomes are positioned for greater outcomes due to improved forecasting in all elements of the remanufacturing process.
Closed-Loop Supply Chain Management
There can be no true resiliency for remanufacturing unless a complete closed-loop supply chain management strategy is employed. In-depth studies on remanufacturing are just now starting to take place and raise awareness of the opportunities to be leveraged during the remanufacturing process to impact economic and environmental sustainability. The advances in AI and all emerging technologies will help put remanufacturing on equal footing with all other phases of product life cycle. Because this emphasis on remanufacturing is just starting to expand and receive attention, it also holds the most potential for impacting the entire product lifecycle.
The Future is Now
In the news, every day we continue to see advancements in the development of products and processes that seem to be right out of science fiction movies and shows of the 1960’s and 1970’s. From flying cars to putting a colony of people on Mars, humankind is entering a bold new era where we now have the technology to execute just about anything we can imagine. This coupled with an increased global awareness of our finite resources and need to be good stewards of our planet, will continue to bring greater emphasis and attention to remanufacturing in all phases of the product cycle. AI and other emerging technologies are finally catching up and giving industry the tools to create this new reality.
Joseph Zulick is a writer and manager at MRO Electric and Supply. MRO Electric and Supply maintains a comprehensive stock of FANUC CNC and FANUC Robotics parts which are used in several industries including but not limited to engineering, manufacturing, packaging, and plant automation.
In 2016, the Industrial Internet Consortium gained agreement upon an understanding of the term “trustworthiness” and its effect on design and operation of an industrial system. At the core of that understanding was a definition of trustworthiness and the designation of five characteristics that define trustworthiness.
As defined by the IIC in its recently released Industrial Internet of Things Vocabulary v2.1 document: “Trustworthiness is the degree of confidence one has that the system performs as expected. Characteristics include safety, security, privacy, reliability and resilience in the face of environmental disturbances, human errors, system faults and attacks.”
Let’s take a deeper look at the 5 foundational characteristics at the core of trustworthiness:
- Safety ensures that a system operates without causing unacceptable risk of physical injury or damage to the health of people. This protection of humans is focused either directly or indirectly, as the result of damage to property or to the environment.
- Security protects a system from unintended or unauthorized access, change or destruction while Information Technology (IT) security ensures availability, integrity and confidentiality (AIC model) of data at rest, in motion or in use.
- Reliability describes the ability of a system or component to perform its required functions under stated conditions for a specified period of time.
- Resilience describes the ability of a system or component to prevent or at least reduce any serious impact of a disruption while maintaining an acceptable level of service.
- Privacy protects the right of individuals to control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed.
Achieving trustworthiness in industrial IoT systems requires recognition that a complex IoT system is comprised of subsystems and the integral components of the subsystems. The trustworthiness of the overall system depends upon the trustworthiness of each of the subsystems and each of the components, how they are integrated, and how they interact with each other. Trustworthiness must be pervasive in IoT systems, which means there must be trustworthiness by design and a means to achieve assurance that the trustworthiness aspects have been addressed properly. Permeation of trust is the flow of trust within a system from its overall usage down to its smallest components and requires trustworthiness of all aspects of the system. Trustworthiness requires ongoing effort over time as systems and circumstances change.
As such, the IIC Trustworthiness Task Group, in close cooperation with the IIC Security Working Group, is tasked to frequently enhance and redefine the definition and role of trustworthiness in industrial systems as the IIoT continues to evolve. Ultimately, their goal is to moves system designers from traditional safety thought processes into a new paradigm for system design that takes into consideration all 5 of the trustworthiness characteristics and their interactions within the system.
You can read more about trustworthiness and its relationship with industrial systems and the convergence of IT/OT in the Fall 2018 issue of ICC’s Journal of Innovation.
By Marcellus Buchheit, Co-founder of Wibu-Systems AG and President and CEO of Wibu-Systems USA
This blog originally appeared as a Wibu-Systems Blog
Note: this page contains paid content.
Please, subscribe to get an access.
Note: this page contains paid content.
Please, subscribe to get an access.