Subscribe to our Newsletter | To Post On IoT Central, Click here


Security (124)

Your home security system. Air condition system. Your car. Why, even your coffee maker. Almost every imagine digital appliance is now connected to the Internet. The era of connected things has arrived.

IoT is no longer a science project that businesses are putting off for the future. It is a promise to a future that must be leveraged now. In fact, today, it is more difficult to find a coffee-maker or any home appliance without Wifi or Bluetooth connectivity. Not just at homes, even at corporations, connected devices has become a serious boardroom topic. According to DigiCert’s State of IoT Security survey 2018, 83% of organizations say the Internet of Things (IoT) is important to business today, and 92% say it will be in two years.

IoT can bring to businesses several benefits like improved operational efficiency, new revenue channels, business agility, and enhanced customer experience.

However, there are enterprise concerns that dwarf the possibility of gaining these benefits.

Among the top 4 enterprise concerns for IoT are security and privacy.

Source: DigiCert’s State of IoT Security survey 2018

How the Internet of Things can become the Internet of ‘Threats’

If not controlled, secured and monitored, the Internet of Things can go from smart connected things to a web of connected threats. Here are some ways how connected devices can go rogue.

#1 The connected risk of BYOD

Global corporations are losing no time in enabling their employees with BYOD (Bring Your Own Device) and WFH Work From Home working models. Although these working models amplify productivity, they also carry with them the risk of IoT.

For instance, an insecure connected device at an employee’s home can be hacked into by a hacker thereby gaining access to the office system. If the employee has failed to take adequate security measures for the office gadgetry, then it leaves the ground open for the hacker to seed an infectious malware, virus or anything malicious into the office network. That is the connected risk of BYOD which IoT creates.

#2 DDoS attacks

Source: DigiCert’s IoT Security Infographic

Do you know that insecure IoT devices can take down cities? IoT botnets combined with DDoS attacks can bring connected urban infrastructure to a grinding halt. This is not any sci-fi or fictional scenario. Hackers can track down IoT sensors, hack into their weak interfaces and run commands to shut down services or to hijack their functioning.

To cite a real-world example, cities like New York, Singapore, Barcelona, etc. are already running extensive public utilities with the help of IoT. IBM’s white paper - The Dangers of Smart City Hacking found more than 17 security vulnerabilities that make it “painfully easy” to take down large IoT-based urban networks. The security vulnerabilities included public default passwords, SQL injection, authentication bypass and so on.

#3 Premise Intrusion

Home security device shipments worldwide is expected to touch 700 Millions by 2019. According to Alarms.org, three-fourth of homeowners buy security systems that can be monitored through their mobile devices. While these systems saves time and provide convenience, they also become easy targets that hackers can infiltrate easily.

By hacking into the smartphone or a weak smart device, the hacker can take down the home security system thereby gaining access to the entire household. The same scenario applies to corporate offices as well, which makes IoT a certain Internet of Threats.

So, do these security threats mean that it is the end of the road for IoT app development? Not so. There are best practices that enterprises can embrace to insulate their IoT networks from vulnerabilities.

Best practices to establish security in IoT app development

IoT is a relatively new concept. The IT industry as a whole is yet to attain widespread knowledge and authority on its usage, maintenance and security. Here are some best practices that can help thwart the security risks involved in IoT app development.

#1 Review the risk involved

Having a brief idea of the risk landscape will help device a strategic security policy specifically for IoT devices. Penetration testing can be carried out to identify key vulnerabilities that should be addressed on high priority. For example, default public passwords is a vulnerability that can be resolved quickly without much ado.

#2 Setup device identity

Each device in the IoT network must be identified and tagged to grant secure access. Use secure over-the-air updates to keep the device security intact and in tune with the latest development.

#3 Encryption

More than the connected device, it is the data that it creates and exchanges that is of value. Every data exchange by the devices in the network should be secured with end-to-end encryption, code signing or with SSL certificates.

#4 Public Key Infrastructure

Public Key Infrastructure (PKI) can help create the basic framework required for authenticating device identities and for establishing the integrity of security patches. It also facilitates easier management of public-key encryption thus making it a perfect choice for establishing IoT security.

#5 Plan long-term

IoT is going to be here for the long-term. It is not any short-term fad that can be easily replaced. It is got a strong hardware presence which cannot be removed easily. Hence, any security measures made for IoT networks should be planned for the long-term.

What’s next?

With the promise of IoT comes several perils as well. IoT botnets can take down large-scale and sensitive connected networks, including urban infrastructure, home security systems, etc. McKinsey Global Institute estimates the economic impact that IoT can create to be in the range of $3.9 trillion to $11.1 trillion worldwide by 2025. But, the true economic benefit of IoT can be attained only if it is secured and insulated from security threats. To sum it up, security should be the bottom line of IoT app development. Without security, IoT can create more damage than the benefits that it can provide.

Read more…

A Broad View of the Impact of Artificial Intelligence on Remanufacturing 

The advancement and utilization of Artificial Intelligence (AI) is poised to make a similar impact in the 4th Industrial Revolution we are currently experiencing as Henry Ford’s assembly line did over 100 years ago.  A convergence of machine learning algorithms, big data analytics, and connectivity between machines due to Internet of Things (IoT) capabilities are impacting and reshaping industry and business around the globe.  Here is a broad overview of some of the contexts within remanufacturing these advances are rapidly being applied.

 

Design for Remanufacturing

Barriers for remanufacturing can always be traced back to the initial product design stage.  If products were better designed to accomplish the goals of the remanufacturing process, massive improvements and efficiencies can be accomplished.  The adoption of ubiquitous information and communication technologies (ICTs) thanks to elements of advanced AI as described above continue to blur the lines between virtual environments and the real world to create more sophisticated cyber-physical production systems (CPPSs).

 

Advanced Remanufacturing Processes

Artificial intelligence technologies are exponentially expanding computing power and connectivity which results in greater volumes of data that can be analyzed in a more robust manner than ever before.  This will allow remanufacturers to think big and push the envelope to develop more ambitious goals and objectives for their programs.  Lack of data or advanced robotics capabilities will no longer be impediments for remanufacturers to successfully process a higher percentage of product components and materials.

 

Robotics in Remanufacturing

Robots have already proven their capabilities in remanufacturing under certain conditions with relatively small and simple batches of components that usually involve some significant human oversight.  Advances in AI are moving the needle in identifying and creating new patterns in the way humans and machines interact.  This application of emerging technology shows significant promise to expand the capabilities of robotics in remanufacturing to tackle progressively more complex scenarios with less and less human interaction with greater efficiency.

 

Critical Failure Prediction

In industrial manufacturing settings, there is continuous pressure to improve efficiency, increase productivity, and reduce costs.  IoT connectivity and other elements of AI are being brought to bear in this environment to improve predictive maintenance and avoid machine failure during critical phases of production.  These same benefits of monitoring automated equipment on the front-end of the manufacturing process can also deliver the same benefits to the remanufacturing setting as well.  Not only can unexpected downtime be eliminated, but the ability to plan and schedule preventive maintenance more proactively and efficiently can occur as well.

 

Inventory Forecasting

One of the most significant challenges all remanufacturers face is predicting how much demand there will be for returned products with the flow of returned items coming into the remanufacturing process.  Of course, the quality of the materials being returned can make a significant difference as well.  AI technologies can greatly improve upon existing forecasting models that attempt to predict product returns.  Elements of Big Data and Machine Language Learning can leverage and up-date real-time data on sales, product usage, and warranty activity and more accurately predict product life expectancy and the rate and timing of returns into the remanufacturing process.  

 

Resilient Remanufacturing Networks (ReRuN)

Sustainability is the objective of remanufacturing in a world that has shifted from a linear model where products used to end up in a landfill once they are no longer functioning for their intended use.  As a society, we continue to grow more aware of the finite nature of our natural resources that has led companies to produce products according to a circular model whereas many components of an item are reused as many times as is practical.  

 

As stated in the points above, AI and other emerging technologies are already making significant improvements in all phases of the product life-cycle that occur prior to remanufacturing.  By embracing a ReRuN mindset that is calculated as early as the product concept/design phase, remanufacturing outcomes are positioned for greater outcomes due to improved forecasting in all elements of the remanufacturing process.

 

Closed-Loop Supply Chain Management

There can be no true resiliency for remanufacturing unless a complete closed-loop supply chain management strategy is employed.  In-depth studies on remanufacturing are just now starting to take place and raise awareness of the opportunities to be leveraged during the remanufacturing process to impact economic and environmental sustainability.  The advances in AI and all emerging technologies will help put remanufacturing on equal footing with all other phases of product life cycle.  Because this emphasis on remanufacturing is just starting to expand and receive attention, it also holds the most potential for impacting the entire product lifecycle.

 

The Future is Now

In the news, every day we continue to see advancements in the development of products and processes that seem to be right out of science fiction movies and shows of the 1960’s and 1970’s.  From flying cars to putting a colony of people on Mars, humankind is entering a bold new era where we now have the technology to execute just about anything we can imagine.  This coupled with an increased global awareness of our finite resources and need to be good stewards of our planet, will continue to bring greater emphasis and attention to remanufacturing in all phases of the product cycle.  AI and other emerging technologies are finally catching up and giving industry the tools to create this new reality.

 

Joseph Zulick is a writer and manager at MRO Electric and Supply. MRO Electric and Supply maintains a comprehensive stock of FANUC CNC and FANUC Robotics parts which are used in several industries including but not limited to engineering, manufacturing, packaging, and plant automation.

Read more…

In 2016, the Industrial Internet Consortium gained agreement upon an understanding of the term “trustworthiness” and its effect on design and operation of an industrial system. At the core of that understanding was a definition of trustworthiness and the designation of five characteristics that define trustworthiness.

As defined by the IIC in its recently released Industrial Internet of Things Vocabulary v2.1 document: “Trustworthiness is the degree of confidence one has that the system performs as expected. Characteristics include safety, security, privacy, reliability and resilience in the face of environmental disturbances, human errors, system faults and attacks.”

Let’s take a deeper look at the 5 foundational characteristics at the core of trustworthiness:

  • Safety ensures that a system operates without causing unacceptable risk of physical injury or damage to the health of people. This protection of humans is focused either directly or indirectly, as the result of damage to property or to the environment.
  • Security protects a system from unintended or unauthorized access, change or destruction while Information Technology (IT) security ensures availability, integrity and confidentiality (AIC model) of data at rest, in motion or in use.
  • Reliability describes the ability of a system or component to perform its required functions under stated conditions for a specified period of time.
  • Resilience describes the ability of a system or component to prevent or at least reduce any serious impact of a disruption while maintaining an acceptable level of service.
  • Privacy protects the right of individuals to control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed.

Achieving trustworthiness in industrial IoT systems requires recognition that a complex IoT system is comprised of subsystems and the integral components of the subsystems. The trustworthiness of the overall system depends upon the trustworthiness of each of the subsystems and each of the components, how they are integrated, and how they interact with each other. Trustworthiness must be pervasive in IoT systems, which means there must be trustworthiness by design and a means to achieve assurance that the trustworthiness aspects have been addressed properly. Permeation of trust is the flow of trust within a system from its overall usage down to its smallest components and requires trustworthiness of all aspects of the system. Trustworthiness requires ongoing effort over time as systems and circumstances change.

As such, the IIC Trustworthiness Task Group, in close cooperation with the IIC Security Working Group, is tasked to frequently enhance and redefine the definition and role of trustworthiness in industrial systems as the IIoT continues to evolve. Ultimately, their goal is to moves system designers from traditional safety thought processes into a new paradigm for system design that takes into consideration all 5 of the trustworthiness characteristics and their interactions within the system.  

You can read more about trustworthiness and its relationship with industrial systems and the convergence of IT/OT in the Fall 2018 issue of ICC’s Journal of Innovation.

By Marcellus Buchheit, Co-founder of Wibu-Systems AG and President and CEO of Wibu-Systems USA

This blog originally appeared as a Wibu-Systems Blog

Read more…

Today, retail stores are continually concentrating on utilizing the developing advances like cloud, portable, RFID, beacons, etc., to give associated retail administrations and better shopping knowledge to clients. For instance, store proprietors are incorporating sensors in the key zones of retail locations and associating them to cloud through a gateway that empowers constant information examination identified with items, deals, and clients from these sensors.

Interestingly, IoT and associated advances are overwhelming the retail business.


 

IoT in retail can help retailers improve store operations, enhance customer experience and drive more conversions. Moreover, IoT can help retailers solve day-to-day problems such as tracking energy utilization, managing in-floor navigation, detecting crowded areas, reducing check out timings, managing product shelves, preventing theft, monitoring goods, etc. Let us how IoT helps in few of these scenarios.

In-Store Navigation with IoT-enabled Devices

Identifying in-store navigation is one of the common problems in retail stores. Here, IoT devices with integrated technologies like Bluetooth, Wi-Fi, magnetic positions and augmented reality, etc., can facilitate in-store navigation to help customers navigate through the store and find the desired product.

It gives customers a multichannel shopping experience through digitization of physical assets. In-store navigation also helps increase the path to purchase rate before a product stock outs.

Energy Management with Smart Devices

Energy consumption is a major cost consuming factor for the retail businesses, be it in refrigeration, lighting, heating, air conditioning, etc. Using these energy sources efficiently can bring cost saving of up to 20 percent per year. IoT-enabled smart devices can help resolve problems of energy management and saving.

There are several IoT-based platforms that can log, monitor and beep alarms or alert the in-store personnel about temperature, energy usage, heating, gas leakage, electricity breakdowns, etc., with the help of integrated sensors. Using these smart energy management devices, store owners can directly interact with the controllers of refrigerators and retrieve prioritized information with the help of sensors.

Theft Prevention with Geo-Fencing

The crime of shoplifting in the retail industry is increasing day-by-day, because retailers fail to provide sufficient attention to shoplifters. According to National Association for Shoplifting Prevention (NASP), more than $25 million worth of merchandise gets stolen from retail shops each day. Adding more to retailers’ loss is retail shrinkage, which includes shoplifting, employe theft, paperwork error, vendor fraud and many more.

To overcome the problem of shoplifting and retail shrinkage, retailers can use Geo-fencing technique.
Geo-fencing relies on the global positioning system or a radio frequency identification (RFID) tag that allows a store operator to create a virtual barrier or zone around specific locations in retail shops. When a customer tries to move product from the specific location, an alert is triggered and a message is sent to the store in-charge. Geo-fencing enabled in IoT devices or beacons can help retailers in a number of ways; from keeping goods safe, tracking customers and employee movements, managing company-owned resources to minimizing incidents of theft and loss.

Customer Engagement with Sensor-Enabled Shopping Carts

The sensor-enabled shopping cart is a technique adopted by most of the retail merchandisers. These shopping carts help retailers grow their business in every aspect by helping them visualize shopper’s flows by category/subcategory, understand the shopping pattern, analyze the dwell path, and enable faster checkout.

This smart cart design involves sensors with connectivity protocols around the cart, which have the ability to track the movement of the wheels and match up with the distance the cart has traveled. It helps retailers with an accurate data of shopping carts with the inside-store journey. The data from this cart can be sent to the server or to cloud for further analysis.

 

Read more…

Despite the great promise of IoT to improve business and society, many think it’s being held back due to complexity and the associated lack of required skills to make it a success. Is it possible that the antidote to this complexity and skill shortage problem lies in the existing open standards and technologies that comprise the World Wide Web? In this podcast, Rob Tiffany makes the case for using existing W3C standards to power the Internet of Things.

Check it out at https://theinternetofthings.io/iot-podcast-can-the-web-save-the-internet-of-things/ 

-Rob

Read more…

 

Security systems installed in a typical facility consists of cameras, access control, intrusion sensors and fire alarms. Typically, these devices are places behind a firewall on a dedicated network. Building control systems are installed on a secondary network can contains lighting, HVAC, fire protection, elevators/lifts, chillers and air/moisture sensors. These systems serve their purpose and will continue to be adapted and make facility systems design more complicated. This complexity can be controlled using common development tools and platforms. Not only will this approach make the process of creating smarter, safer, more energy efficient systems but will also reduce the number accidental deaths and injuries that occur every year.

 

The redundant network design approach is not a very efficient nor cost effective way of operating a facility. This is starting to change as savvy building managers are making the decision to integrate security and building control systems and map them onto a single network. This can entail integrating multiple disparate systems, sensors, NVR devices and video management software. The concept of integrating a camera or access control system to an HVAC system, or a visitor/facility management system or edge recording device to a lighting or fire protection system may seem unusual to some. Yet, this is where many security systems integrators and manufactures are missing out on untapped applications and services opportunities. Modern integrated security and building systems can give facility managers and security directors the tools to improve, simplify operations and reduce the efforts of the operations staff and points of control teams.

 

In the past, the security industry has relied on it’s own approach to integrated systems know as physical security information management (PSIM). PSIM attempts to provide an open architecture to integrate multiple security system products into a single operating platform. This approach has been very hit-or-miss and has left a bad taste in the mouths of systems integrators and end-users. On the flip side of the coin, facility managers have their own integration platform known as a building automation system (BAS). As it relates to physical security, BAS systems are intended to integrate with PSIMs and control individual security systems. However, BAS systems come in many different flavors; many of them are not viewed in a glowing light by building operation end users. Past integrations are not all filled with doom-and-gloom. There are some successful integrations attempted by the collaborative efforts of building controls and physical security organizations. The question is why is this design practice not more common where the benefits and economics make sense?

 

In order to facilitate the adoption and implementation of an integrated system the use of open standard protocols is an absolute must. The building automation industry created BACnet and LONworks which allow for real-time remote connectivity between sensors, actuators, controller devices and software. In the case of LONworks, hardware manufactures have the ability to include a chipset with built-in building control system support. It took some time, but finally the security industry created the protocols ONVIF and PSIA. These open architectures allows the end-user to choose vendors selecting either security or BAS equipment based on features and price. The end-user can also decide to install partial system upgrades without the risk of making costly investments in obsolete legacy systems. With that said, The security industry is curious about implementing the building controls protocols but needs an easier way to integrate them into their hardware and software products in an ad-hoc applications based manner.

 

There are security directors that are not completely sold on the idea of integrating with building control systems. On the other hand, facility managers may question the benefits of sharing a network with security systems especially when functions do not overlap with life-safety systems. However, system integration between building controls, physical and now cybersecurity offers more than just staffing convenience and operational efficiency. Here are a few results from a truly integrated security system.

Faster Response to Incidents – With the use of a robust mobile software solution and integration approaches such camera-to-access control-to-lighting or HVAC staff members can be freed from a console which makes them readily available to respond to incidents or equipment failure.

Provide more accurate compliance reports – Data provided by building controls and security edge devices can be paired with artificial intelligence technologies such as neural networks and genetic algorithms. This helps facilities to comply with government regulations with regards to security.

Reduce accidents and save money – Integrated systems provide better control of building and security systems. For example, if some accidentally stumbles into a restricted area or manages to make it to overly heated or chilled area the access control system, Variable air volume (VAV), or other HVAC system components can send alerts and create historical trend reports. Also a single network architecture can make managing system components easier.

 

Integrated building control and security systems are gaining some traction. However, it is still not a mainstream approach among many manufactures and systems integrators. One proposed solution is to utilize a common platform that is utilizes the industry protocol standards as application and system component building blocks.

Read more…

The dream of making money with IoT, AI and Blockchain

Have you ever think about how could you make money with the Internet of Things (IoT) or Artificial Intelligence (AI) and of course with Blockchain?  What would happen if you could use the three of them in a new business model?.  Apparently, Success, Success and Success.

In the next sections I provide information of some business models implemented with these three technologies.

IoT Business Models

As IoT moves past its infancy, certain trends and economic realities are becoming clear. Perhaps the most significant of those is the realisation that traditional hardware business models just don’t work in IoT. Take a look at “The top 5 most successful IoT business models” that have emerged as particularly effective applications for IoT.

If any of you is building an IoT product, this article ” IoT Business Models For Monetizing Your IoT Product”  show how to make money with IoT.

Zack Supalla, the founder and CEO of Particle, an Internet of Things (IoT) startup, suggest “6 ways to make money in IoT”.

Finally, in “How IoT is Spawning Better Business Models” we can read three ways companies like Rolls Royce, Peloton, MTailor or STYR Lab  was rethinking their business model and have created revolution in the marketplace. 

Blockchain Business Models 

It sounds repetitive, but yes "Blockchain technology may disrupt the existing business models”. The authors´ s findings concerning the implications of blockchain technology for business models are summarised in the following picture.

 

Do you think that blockchain will likely to cut into big-players’ revenues? Then, this article: “New Blockchain-Based Business Models Set to Disrupt Facebook and Others”, is for you.

If you are ambitious and you are planning to build a viable business on blockchain, then read “Building an International Business Model on Blockchain”.

I am also an advocate of the coming era of decentralization (at least in my most optimistic version) and Blockchain is a step more to create value when the End of All Corporate Business Models will arrive.

AI Business Models 

Companies from all industries, of all shapes and sizes are thus faced with an important set of questions: Which AI business models and applications can I use ? And what technologies and infrastructures are required?.

It seems that we all are convinced that artificial intelligence is now the most important general-purpose technology in the world that can drive changes at existing business models. Not surprised then, that  AI is Revolutionizing Business Models.  The “data trap” strategy, that in venture capitalist Matt Turck’s words consists of offering (often for free) products that can initialize a data network effect. In addition, the user experience and the design are becoming tangibly relevant for AI, and this creates friction in early stage companies with limited resources to be allocated between engineers, business, and design.

This article introduces  some good examples of AI business models :

New Business models with the intersection of IoT, AI and Blockchain

With IoT we are connecting the Digital to the Physical world. Connected objects offers a host of new opportunities for companies, especially in terms of creating new services. The amount of data generated by the billions of connected objects will be the perfect complementary feed to many AI applications. Finally, blockchain technology could be used to secure the ‘internet of things’ and create smart contracts in a decentralized infrastructure that boost the democratization of technology and creation of sustainable communities.

You must remember that new business models that include IoT, AI and blockchain need among other characteristics: Volume and Scalability. Volume of devices, Volume of data, Volume of customers, volume of developers and powerful ecosystems to escalate. 

Good luck in your search and implementation of your new business model.

Thanks for your Likes, Comments and Shares

Read more…

With any security system involving a human component, there’s a careful balance between requisite security measures and the user experience. The reason most of us have one or two locks on our front door – instead of twenty – isn’t because we don’t want more security, it’s that the experience would be far too much of a daily hassle.

When it comes to IoT security, the balance is askew in the other direction: the marketplace is glutted with lower end IoT devices that privilege a simplified user experiences over robust security. While this strategy allows consumers relative ease and a frictionless process in activating smart home and other internet-connected products, this devaluing of security leaves a virtual unlocked front door for malicious hackers who have little difficulty in accessing these devices. A largely unsecure IoT industry is proving time and time again to have significant and harmful repercussions, in the form of the mayhem that hackers can inflict on vulnerable users, and for the internet at-large as devices are corrupted for use in devastating IoT botnet-based DDoS attacks that continue to make headlines.

The need for security is, of course, a major issue that the IoT industry must overcome. Even as Gartner foresees the IoT rapidly expanding to 20.4 billion devices by 2020, a recent market survey finds that 90% of consumers do not have confidence in the security of IoT devices. In the same way, IoT security – and customer confidence in it – is just as important to the enterprise, as commercial IoT applications may provide personalized services that utilize sensitive data, involve monetary transactions, or offer other features requiring authentication that is unquestionably safe and frictionless for customers. Altogether, this makes IoT security a key concern that absolutely must be resolved for the IoT industry to have longer term staying power and to reach its full potential.

Passwords are (rightfully) going extinct

Passwords continue to be the default option for account security across all industries. While common, they’re also an overly complex user authentication method that are becoming less effective in securing access, while also becoming more frustrating and challenging from a UX perspective.

Forgetting your password requires ones to waste time with reset emails and security questions – if we can remember them -  a cumbersome process equivalent to fumbling with twenty door looks.  And beyond delivering a subpar UX, most IoT devices are manufactured without a traditional security interface (no screen, no keypad), leaving passwords a poor candidate for IoT security and leading enterprises across industries seek alternative and more secure ways for authenticating users.

Biometrics are the answer to the IoT’s present – and long term – security needs

Biometric security measures are growing in popularity and in widespread use.  Smart phone users are deploying fingerprint identification or facial recognition to unlock screens. Alexa, Siri, and other voice-activated tools have made talking to your technology commonplace, increasing demand for voice-based authentication as a common security solution.

The biometric approach to security is particularly well-suited to the IoT, though, and offers a compelling synergy with the desires of today’s businesses to establish more personalized interactions and relationships with customers. As demonstrated by the rise of chatbots, brands are evolving to include personalities that go beyond mascots and logos. Businesses want the customer’s brand experience to feel familiar – acquaintances and friends don’t require identification when they see you.  Biometric authentication enables a more natural and passive experience, whether that’s opening the smart home lock on your front door, activating IoT devices inside, or interacting with brands and their products by other means.

In addition to the stylistic advantages, several technical advances have enhanced the current viability of biometric security for the IoT. The memory footprint of biometric security algorithms are getting smaller while also getting more efficient.  Algorithms as small as 2MB now have the capability to fully secure IoT devices. And these algorithms are also becoming smarter and can thwart spy movie-esque attempts at trickery; for example, biometrics can now distinguish between your voice and a recording of it. Backed by AI and machine learning that studies individual user behavior, biometrics can also now authenticate users by their gait, how they type, how they apply pressure to a touchscreen, and plenty more of the things that make you, you.

Secure authentication is the only way to commercialize IoT in the enterprise. When this happens, there will be proper verification of monetary transactions and sensitive personal data can be shared. The challenge for the industry is to provide a secure, frictionless (passive) authentication that fully takes advantage of the IoT without compromising the UX.

With the death of passwords accelerating and the stakes of security for IoT industry health so high, the arrival and incorporation of highly capable biometric security measures within IoT devices is certainly a welcome one.

 

Read more…

Although it took some time to manifest, nation-states have realized the potential for cyber espionage and sabotage on IoT devices.

The latest news

On April 16, 2018, the US authorities issued a warning that government-backed Russian hackers are using compromised routers and other network infrastructure to conduct espionage and potentially lay the groundwork for future offensive cyber operations.

In a joint statement, the US Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI), along with the UK's National Cyber Security Centre (NCSC) - the cyber arm of Government Communications Headquarters (GCHQ) - said that Kremlin-backed hackers are using exploits to carry out malicious attacks. The hackers are using compromised routers to conduct man-in-the-middle attacks to support cyber espionage, steal intellectual property, and maintain persistent access in victim networks for use in additional campaigns.

U.S. CERT noted that cyber actors are exploiting large numbers of enterprise-class and residential routers and switches worldwide to enable espionage and intellectual property theft.

 

A growing concern

This is just the most recent of several incidents wherein nation-states have used connected devices for their goals.

A spying campaign called “Slingshot” targeted at least 100 victims in the Middle East and Africa from at least 2012 until February 2018, hacking MikroTik routers and placing a malicious dynamic link library inside to infect target computers with spyware components.

In another incident, nation-state actors left political messages on 168,000 unpatched IoT devices. The attackers used a bot to search the Shodan search engine for vulnerable Cisco switches and were easily able to exploit a vulnerability in Cisco Smart Install Client software to infect and “deface” thousands of connected devices with propaganda massages.

 

The west is also toying with IoT devices

Russia and China are not alone in investigating the potential of exploiting IoT devices. In 2016, US intelligence chief James Clapper acknowledged that the US would consider using the Internet of Things to spy on adversaries. More recently, the Dutch Joint Cyber SIGINT Unit hacked a CCTV camera to spy on a Russian cyber group called ‘Cozy Bear.’ As a result, they were able to identify many of the members as employees of the Russian Foreign Intelligence Service.

As western countries become more aware of espionage efforts by foreign governments, it is not surprising that they are fighting back by trying to reduce the attack surface. Several Chinese CCTV manufacturers were recently flagged for having built-in backdoors that could allow intelligence services to syphon information. Dahua, a maker of CCTV cameras, DVRs and other devices was forced to issue an emergency patch to its connected devices. Camera models from Shenzhen Neo Electronics were also exposed to have a severe security flaw. Finally, the largest maker of surveillance equipment in the world, HIKvision, was accused of having a backdoor and banned by certain US bodies.

 

What’s next?

While the potential for information collection through IoT devices is enormous, we shouldn’t forget that these are physical devices deployed in the real world, so hacking them can have real consequences.

 

Doomsday scenarios

Here are just four of many potential “doomsday scenarios” that could result from IoT device hacking:

Grid manipulation attacks

Power grid security has received the appropriate attention in recent years, due in part to large scale cyber-attacks on power grids around the world. But what if, instead of hacking secured power plants, a nation-state was to hack millions of smart devices connected to the power supply, so that it could turn them on and off at will? That would create spikes in local and national power consumption, which could damage power transformers and carrying infrastructure, or at the very least, have substantial economic impact.

Power companies try to balance consumption loads by forecasting peak consumption times. For example, in the UK, demand spikes are as predictable as half-time breaks in football matches or the conclusion of an Eastenders episode, both of which require an additional three gigawatts of power for the roughly 3-5 minutes it takes each kettle to boil. The surge is so large that backup power stations must go on standby across the country, and there is even additional power made available in France just in case the UK grid can’t cope. 

But since no one could anticipate an IoT “on-off” attack, nobody could prepare standby power, and outages would be unavoidable. In addition, power production, transportation and storage costs would be enormous.

Smart utilities

By attacking Internet-facing utility devices such as sewage and water flow sensors and actuators, attackers could create significant damage without having to penetrate robust IT or OT networks.

 

Smart city mayhem

Having a connected urban infrastructure is a terrific thing. The problem is that once you rely on it, there is no turning back. If the connected traffic lights, traffic monitoring cameras and parking sensors are taken offline or manipulated, cities could suffer with large scale interferences to their inhabitants’ daily lives. For example, shutting down connected street lighting could impact millions.

Simple terror

Since we are all aware of the potential impact of a devastating cyber-attack, it would not take much to invoke large-scale hysteria. Just imagine someone hacking a street sign and altering it to display messages from the country’s enemies.

 

Summary

Nation-states have long targeted IT infrastructure to gather intelligence and intellectual property, but their focus has shifted to OT/industrial networks with the aim of facilitating disturbances and physical sabotage. IoT seems to be the new domain in which proficient bad actors can collect information, create disturbances, cause large-scale damage, and inflict terror and panic. The IoT is both insecure and increasingly ubiquitous, and these characteristics make it attractive for hackers and guarantee continued exploitation.

Read more…

We often don’t compare technology to fable stories, but when it comes to the internet of things (IoT), the story of Pandora’s Box comes to mind. It’s a technology that has great potential, but where the weakness and possibilities lie are in it’s lack of basic security measures. We might even go as far as to say, what security? These are the concerns we’re thinking about at IT Security Central.

As a completely remote company, we’re taking measures to understand how the internet of things can impact our company data security. Hackers look to exploit technology vulnerabilities to access valuable information. Hacking an IoT connected fish tank, smart fridge - these aren’t far-fetched stories. These are stories that are happening now. 

The lack of secured IoT devices starts in the development phase. These devices are developed on a basic linux operating system with default codes that buyers rarely change. When these devices are developed, security isn’t on the agenda; rather, developers are looking at human behaviors and outside threats. When they should be looking inwards.

An unsecured IoT device is the weak link in the connection. As one of the fundamental purposes of the technology is to provide connection and accessibility, this one weak link can bring down the entire network. And if your remote worker’s BYOD devices are in someway connected to that network, your company just became vulnerable.

Remote workers or ‘the gig economy’ is expected to increase in frequency. According to the Global Mobile Workforce Forecast Update, employees working remotely is suppose to increase to 42.5% of the working population by 2022. At that time, the world is projected to see half of its population working outside the office either full-time, or part-time. 

Security vulnerabilities, remote workers and IoT - where is the connection? The scary thing, remote workers are likely to already have IoT devices in their work environment, and most likely, they are not protected. These devices can mostly be smart home devices that workers have acquired to make their daily lives easier. Common devices include Amazon Echo, Neo and GeniCan.

The first step in active prevention is to make your employees aware of the importance of data security and then aid them with the tools for success.

Best Practices for Protecting Your Network (from Remote Workers)

With the wealth of internet-based security technologies, the idea of protecting your network with in-house servers and the traditional firewall is (well) old school. With cloud-based companies, you can now access and protect data in easy step-by-step processes, and the best news, most of these companies do the data management for you.

One of the most progressive approaches to remote worker security would be to adopt a monitoring service to collect data and actively look for anomalies in the network. Through data collection and analysis, a monitoring software creates a user profile of normal, everyday behavior. The administrator can set ‘alerts’ for when certain data repositories and files are accessed, or when sensitive data is moved. The longer a data breach goes undetected, the larger financial implication for the company. Requiring remote workers to download and use a remote monitoring software is one of the highest levels of protect against data loss.

But if monitoring isn’t on your agenda, these are a few basic tactics that employers can encourage remote workers to undertake.

Permissions Management

Though the workers are remote, administration can set limits to data access. This process starts by undergoing a through analysis and understanding of each position. It’s important to understand who needs access to what information, and who doesn’t need access to information. Once this is understood, administrators can restrict information, and they can also set ‘alerts’ when information is accessed without prior approval.

Home Network Policy

Once employees leave the brick & mortar walls, the manager has little access where and on what internet network they’re accessing information. But don’t fret, this freedom and flexibility is part of what make remote work appealing. Where privacy might be a factor, we don’t suggest to go as far as asking remote workers to eliminate IoT devices on their network. Rather, we encourage to create a policy that specifically states the security requirements that the IoT must have in order for the work network to be accessed. By educating your employees, you can save them and data loss heartbreak.

Encryption

Encryption, encryption, encryption. You’ve heard the importance of encryption. For remote workers, the company can never be too safe, so they should go the extra mile and set remote workers up on an encrypted network. A VPN ensures all connections and communications are encrypted when the network is accessed. Don’t worry about IoT connectivity in their home, or when remote employees connect to an unsecured public wi-fi connection. A VPN provides the next level of security through encryption, and a hacker won’t be able to access communication or data without alerting administrators to a potential breach. 

IoT devices are already integrating into our at-home lives, and when remote workers access their at-home networks, suddenly the topics collide. As more workers go remote, it’s important to look inwards towards security to see how everyday IoT devices impact company data. Take the time to ensure that remote workers are protecting the network effectively.

Guest post by Isaac Kohen. Isaac Kohen is the founder and CEO of Teramind (https://www.teramind.co/), an employee monitoring and insider threat prevention platform that detects, records, and prevents, malicious user behavior in addition to helping teams to drive productivity and efficiency. Isaac can be reached at [email protected]. Connect with Isaac on social media: LinkedIn, IT Security Central and Twitter @TeramindCo.

 

 

Read more…

Quantifying IoT Insecurity Costs

Ever wonder what is the real cost of IOT insecurity?

Well reseachers at the University of California, Berkeley, School of Information recently published a report that attempts to lay out the costs to consumers in the context of DDoS attacks. The report focuses on exploiting vulnerable devices for their computing power and ability to use their network’s bandwidth for cyberattacks—specifically DDoS attacks on Internet domains and servers.

Researchers infected several consumer IoT devices with the Mirai malware and measured how the devices used electricity and bandwidth resources in non-infected and infected state. Their hypothesis: compromised IoT devices participating in a DDoS attack will use more resources (energy and bandwidth) and degrade the performance of a user’s network more than uninfected devices in normal daily operation.

Based on energy and bandwidth consumption they developed calculator to estimate the costs incurred by consumers when their devices are used in DDoS attacks. Two recent and well publicized attacks, and one hypothetical, were calculated:

  • Krebs On Security Attack: According to their cost calculator, the total electricity and bandwidth consumption costs borne by consumers in this attack was $323,973.75.

  • Dyn, Inc. Attack: They calculate the total cost borne by consumers as $115,307.91.

  • "Worst-Case" Attack: This hypothetical “Worst-Case” scenario approximates the costs that could result if the Mirai botnet operated at its peak power using a UDP DDoS attack. The projected cost to consumers of this attack is $68,146,558.13.

Commenting on the study, Bob Noel, Director of Strategic Relationships and Marketing for Plixer said, “Organizations with enslaved IoT devices on their network do not experience a high enough direct cost ($13.50 per device) to force them to worry about this problem. Where awareness and concern may gain traction is through class action lawsuits filed by DDoS victims. DDoS victims can suffer financial losses running into the millions of dollars, and legal action taken against corporations that took part in the distributed attack could be mechanism to recuperate losses. Companies can reduce their risk of participating in DDoS attacks in a number of ways. They must stop deploying IoT as trusted devices, with unfettered access. IoT devices are purposed-built with a very narrow set of communication patterns. Organizations should take advantage of this and operate under a least privilege approach. Network traffic analytics should be used to baseline normal IoT device behavior and alarm on a single packet of data that deviates. In this manner it is easy to identify when an IoT device is participating as a botnet zombie, and organizations can remediate the problem and eliminate their risk of being sued.”

Or as we've argued before, regulation is key. And now that we have an economic cost on IoT insecurity, we have better information for regulators to pursue strategies and legislation for enforcing workable security standards to reduce the negative impacts of IoT devices on society.

 

 

 

Read more…

The world is flooded with digital innovation and technologies like IoT, 5G wireless network & embedded AI continues to increase the pace of change. At present millions of apps are coming online to monitor, measure, process, analyze, react to seemingly storm of endless data making the growth of IoT explosive as well as impressive. Now we all are aware regarding the fact that the internet of Things heavily relies on cloud technology not only to store large amounts of data collected from sensors but also process it.

What is Fog computing?

In simple words, Fog computing is a system-level horizontal architecture that distributes resources and services of computing, storage, control and networking anywhere along the continuum from Cloud to Things. It can be summarized as:

Horizontal architecture- Support multiple industry verticals and application domains, delivering intelligence and services to users and business

Cloud-to-thing continuum of services- Enable services and applications to be distributed closer to Things, and anywhere along the continuum between Cloud and Things

System-level- Extend from the Things, over the network edges, through the Cloud, and across multiple protocol layers – not just radio systems, not just a specific protocol layer, not just at one part of an end-to-end system, but a system spanning between the Things and the Cloud

Its key benefits include:

  • Ultra-low latency
  • Business agility
  • Added security
  • Real-time analytics
  • Reduced costs
  • Less bandwidth and network load

Have you ever wondered how fog architecture leverages and extends edge capabilities? Here’s the answer

Compute Distribution and Load Balancing- Many edge architecture employs a strategy of placing servers, apps or small clouds at the edge. Fog simply provides a broader system-level architecture that also incorporates tools for distributing, orchestrating, managing and securing resources and services across networks. This provides a great balance of sophisticated computation, networking and storage capabilities and support for heterogeneous environments on any node (e.g., CPUs, GPUs, FPGAs, and DSPs for computing).

Hierarchical networking- Edge is often optimized for a single type of network resource at the network edges, such as edge gateways, routers, switches, or licensed spectrum wireless networks. Fog supports a physical and logical network hierarchy of multiple levels of cooperating nodes, supporting distributed applications. Fog nodes extend the edge with support for north-south, east-west and diagonal connectivity, including interfaces between edge and cloud. This could include, for example, analytics algorithms distributed up and down a hierarchy of nodes, or massively parallel applications that concurrently run on large peer groups of processors or highly distributed storage systems.

Universal Orchestration & Management- Edge orchestration and management are sometimes derived from specific legacy vertical practices, such as mobile network orchestration managed by the carrier. In these situations, the edge may deliver cloud capabilities but without orchestration for connecting edge nodes. Fog orchestration and management is intended to be more universal, modern, and automated. Fog orchestration enables resource pooling and permits interactions and collaborations between fog nodes at the same layer and at different layers in the hierarchy, which helps performance, fault tolerance, load distribution and load balancing. Fog network management considers a life-cycle management through a distributed service orchestration layer in each fog node. The fog architecture essentially validates IT (information technology), OT (operational technology) and CT (communications technology) approach.

Modular Architecture with Multiple Access Modes- Edge deployments are typically based on gateways with fixed functionality. Edge architectures favor one specific access network, such as either wireless or wireline. Fog has a highly modular hardware and software architecture, permitting every fog node to be equipped with exactly the resources its applications need, that can be dynamically configured. Fog embraces both the licensed and unlicensed wireless spectrum, as well as copper and fiber wireline modes.

Reliability and resiliency- Fog architectures are inherently reliable, supporting many fault tolerance, network resiliency, and fully autonomous emergency operation scenarios. If an edge device goes down, the services it supports will often fail.

Security and privacy- Vertical application-specific and multi-vendor nature edge may offer uneven security protection. Whereas fog, on the other hand, requires every fog node to include a high-assurance implementation of its Trusted Computing Base using secure hardware or hardware-supported security mechanisms and a mandatory mission-critical class protection of communication and computation security mechanisms and a mandatory mission-critical class protection of communication and computation security.

Virtualization Support- Fog supports virtualization and uses enterprise and web-scale models. This provides hardware virtualization at each node level and allows loads to be moved from one node to an adjacent node if the node is down or overloaded. Edge computing looks at virtualization mainly from the perspective of distributing computing resources in a local manner per server.

 

Read more…
RSS
Email me when there are new items in this category –