Subscribe to our Newsletter | To Post On IoT Central, Click here


Security (78)

Infographic: Securing Connected Cars

In my recent interview with Sam Shawki, the founder and chief executive officer of MagicCube, I wrote about getting a new Ram Truck and noted that it was a beast not just in size and towing power, but a beast of electronics and connectivity. According to Intertrust Technologies, the percentage of new cars shipped with Internet connectivity will rise from 13% in 2015 to 75% in 2020, and that in 2020, connected cars will account for 22% of all vehicles on the road. That number is sure to grow. More stats in the infographic below. 


Connected Cars

Read more…
An accurate and well-structured security analysis is the key for a holistic security concept and therefore for a secure product. But planing and performing a security analysis can be a hard nut to crack. After collecting experience in more than 6 big IoT projects over the last 2 years I decided to share some key facts that can make your life easier if you have to go the same way.
Read more…
Since many embedded devices are deployed outside of the standard enterprise security perimeter, it is critical that security be included in the device itself. Ultimately, some combination of hardware and software may be required. Building protection into the device itself provides a critical security layer whatever options are used. Security must be considered early in the design of a new device or system.
Read more…

Not far from San Francisco International Airport, San Bruno is a quaint middle-class residential suburb, yet underground in San Bruno was a gas pipeline controlled by SCADA software that used the Internet as its communications backbone. On Sept. 9, 2010, a short circuit caused the operations room to read a valve as open when it had actually closed, spiking the readings coming from pipeline pressure sensors in different parts of the system. Unbeknownst to the families returning home from ballet and soccer practice, technicians were frantically trying to isolate and fix the problem. At 6:11 pm, a corroded segment of pipe ruptured in a gas-fueled fireball.

The resulting explosion ripped apart the neighborhood. Eight people died. Seventeen homes burned down. The utility, PG&E, was hit with a $1.6 billion fine.

The accident investigation report blamed the disaster on a sub-standard segment of pipe and technical errors; there was no suggestion that the software error was intentional, no indication that malicious actors were involved. “But that’s just the point,” Joe Weiss argues. “The Internet of Things introduces new vulnerabilities even without malicious actors.”

Joe Weiss is a short, bespectacled engineer in his sixties. He has been involved in engineering and automation for four decades, including fifteen years at the respected Electric Power Research Institute. He has enough initials after his name to be a member of the House of Lords—PE, CISM, CRISC, IEEE Senior Fellow, ISA Fellow, etc., all of which speak to his expertise and qualifications as an engineer. For instance, he wrote the safety standards for the automated systems at nuclear power plants.

The problem, Weiss claims, is using the internet to control devices that it was never intended to control. Among these are industrial systems in power plants or factories, devices that manage the flow of electricity through the energy grid, medical devices in hospitals, smart-home systems, and many more.

Continue reading this article on Quartz.

Read more…

What is Blockchain ?

Blockchain is a form of technology that had over $1 billion invested in it in 2016 alone. While this technology is far from new, it is one that grew in popularity thanks to Bitcoin. With it, a digital ledger is created that allows online records to record transactions, and ensure that all information is verified by another source to confirm accuracy. The network created by blockchain scans a number of computers within the same network. With each transaction, the size of the database grows and the number of users that access and manage the transactions increases.

Unique software is required for a blockchain to be run. When it is created, it is near instantaneous, and that means there isn’t the ability to alter transactions before they become recorded. This cuts down on the risk of fraud in most sectors which makes it appealing. It is also encoded and hashed in batches, so that the blocks of several bits of data create a chain. This allows for validation to occur at the same time, and protects the security of the system running it. Each time a transaction takes place, a unique transaction number is encrypted that show everything that took place in the transaction. Since several computers make up the different portions of the blockchain, it is nearly impossible for fraudulent activity to occur.

While Bitcoin and virtual currency is still where the bulk of blockchain is used, many companies are searching for ways to add it to their own applications beyond currency. This would help to reduce conflicts that are the results of disputes and even things like land rights, or legal items could be verified and the accuracy and lack of fraud would ensure that sensitive items such as these would constantly have more authenticity and reduce many legal woes.

However, not everyone is on board yet. Some companies are still concerned that since this technology is still in a relatively infancy, there is a need for proven transparency and someone to remain accountable for the data that is obtained. Since the process is also labor intensive, there would need to be dedicated users who solely work on the blockchain that is being handled. This would need to be people who have a basic understanding of IT and the way that it would be used for blockchains.

Another concern is the amount of resources it would take. There would need to be high end machines that handled the resource intensive nature of the software. Additionally, companies would need frequent access online to continue update and building the information. With more countries blacking out sections of the internet, this could prove to be a problem.

Blockchains are destined to become a more significant part of our industry. It is important that the technology is continued to be advanced, so more companies have a chance to benefit from it. After all, it is the technology that will help to boost security and ensure that there is something in place we can depend on. With Bitcoin showing it is already possible to succeed with this technology, there is little doubt that success will be had. 

About Bill McCabe/ Internet of Things Recruiting - Executive Search/ Retained Search for the Internet of Things/ Machine 2 Machine/ Big Data Markets

IBM IOT Futurist - see you at #IBMInterconnect - March 19-23 Las Vegas

Top 50 IOT Authority on Twitter - per IoT Central

Need Help finding your next Big Data or IOT Employee or If you require the top 5% of IOT talent let’s talk. Drop me a line or use this link to schedule an IOT Search Assessment Call Click Here to Schedule

OR Contact me at 303-337-7871

 

Read more…

Wearable devices have become hugely popular in recent years, to the point where it’s no longer novel to see people wearing smartwatches and fitness trackers out in public, or even in the workplace. As much as these devices have allowed for new experiences and added convenience in business and professional settings, they also come with a certain level of risk.

In business cases, a number of companies are now considering wearables as devices to use in their health and wellbeing strategies, or even for staff tracking and other operational functions. Is this a good thing for the employment relationship, and should employees have concerns regarding their privacy and the use of mandated wearable technology?

Full Disclosure Will Be Key to the Acceptance of Workplace Wearables

In an age when the majority of electronic devices are becoming increasingly connected, it is reasonable that the average person should have some concerns regarding their privacy. In personal life, a user can take their own steps to protect their personal data; so what happens when it’s an employer that controls the collection, storage, and use of personal data?

For any organization to be able to make use of wearables for any kind of employee tracking or data collection, it is important that full disclosure is made. Employees need to know what data will be collected, how they are expected to provide it (through wearables or other biometric devices), and how that data will be used. Employers have an obligation to provide all of this information upfront, and an element of transparency will help to facilitate the acceptance of any new workplace policies regarding mandatory wearable devices.

Data Protection is a Non-Negotiable Obligation

Being transparent is the first step, but it’s not enough on its own. Employers need to have an appropriate security solution that will prevent data loss, unauthorized access, or even data theft by third parties. The intent to protect data should be outlined in contractual employment agreements, and should comply with any local or federal laws regarding information collection and storage. While organizations do have some rights to collect data with employee agreement, they should also be aware that employees have the right to decline participation in any new wearable device data initiatives, which could lead employment disputes and loss of valuable staff.

With such a fine balance between making use of new technology and data, privacy, and the employment relationship, organizations will need to be careful when developing strategies regarding wearable devices. It needs to be clear how such devices and data collection will benefit an organization, and appropriate messaging should be in place to achieve employee buy-in for any new initiative.

With the right approach, wearables could allow companies to better track staff attendance, manage workplace incidents, and even ensure the health and wellbeing of employees. However, without the right management, the push for wearables could easily damage the relationship between employees and employers, making strategic planning and communication an essential aspect of implementing any new technology in the workplace.

About Bill McCabe/ Internet of Things Recruiting - Executive Search/ Retained Search for the Internet of Things/ Machine 2 Machine/ Big Data Markets

IBM IOT Futurist - see you at #IBMInterconnect - March 19-23 Las Vegas

Top 50 IOT Authority on Twitter - per IoT Central

Need Help finding your next Big Data or IOT Employee or If you require the top 5% of IOT talent let’s talk. Drop me a line or use this link to schedule an IOT Search Assessment Call Click Here to Schedule

Read more…

By 2021, it is estimated that big data could reach $66.8 billion in net worth. But as the volumes of data that becomes accessible increases, so do concerns with privacy as the data out there might not be exactly what people want to have released.

In fact, more customers have become vocal about their concerns with the data that is being collected by them. With potential security challenges and high profile breaches taking place all the time, people are demanding better protection. With data breaches giving sensitive personal information to thieves that results in millions of people becoming victims to cybercrimes, it’s getting tougher for people to trust the online businesses they are working with.

Perhaps this is why more people are demanding more action being done. With the monetization of big data, there becomes valuable databases that are targeted for attack. Many of which use a single level of protection now to protect the data they contain. This is why automated data transfers with beefed up security might be a better result. This will require new data to be validated, to reduce the risk of anything that isn’t trustworthy or accurate creating problems. Since the data would be monitored and tracked on a regular basis, the likelihood of a breach decreases. After all, the more data contained in a single resource, the more that can be obtained by cyber criminals, and thus there becomes more mistrust with the public, as they see new concerns being brought out against them.

Companies must now accept greater responsibility for the personal information they maintain. While risk can vary, companies must accept that their responsibility is there. If a breach does happen, the public is more likely to be unforgiving, especially if there isn’t transparency with what happened and how the company will ensure that this never happens again. This includes those who attempt to pass the blame by using third party providers to help them store their data in clouds and other areas. As the responsibility for the data isn’t moved when you move the information, despite some misconceptions out there.

Customers are also increasing in curiosity with how their data is being used. When you monetize big data, you are also releasing information to companies that some may be concerned as private. Fortunately, the government is actively reviewing this information and ensuring that better privacy focused measures are taken, so that companies can still benefit from the monetization of big data, without there being as much risk to the individuals that they are collecting the data on.

While unauthorized use and service failures can still occur with the big data, it does seem like more companies are committed to protecting the data that they are handling. This means that even when monetization expands, customers will be provided with their privacy rights through digital databases, while having new avenues of encrypted protection released so there is never any concern with their information getting in the wrong hands. 

About Bill McCabe/ Internet of Things Recruiting - Executive Search/ Retained Search for the Internet of Things/ Machine 2 Machine/ Big Data Markets

IBM IOT Futurist - see you at #IBMInterconnect - March 19-23 Las Vegas

Top 50 IOT Authority on Twitter - per IoT Central

Need Help finding your next Big Data or IOT Employee or If you require the top 5% of IOT talent let’s talk. Drop me a line or use this link to schedule an IOT Search Assessment Call Click Here to Schedule

OR Contact me at 303-337-7871

Read more…

The Pitfalls and Limitations of Blockchain

The idea of a blockchain, or distributed database as it is technically known, has only come about in recent years. While originally developed to facilitate the bitcoin cryptocurrency, the technology is now seeing interest from organizations in traditional lines of business.

Blockchains can provide a number of advantages, including being secure by design and highly resistant to the modification of the data that they contain. Records, or blocks, can be identified and verified with a high level of integrity, and this is one of the biggest reasons why this approach to recording information is garnering interest from financial institutions, organizations that handle large transaction records, and even the medical industry where accurate and verifiable records are critical.

With so many advantages to using blockchain, it’s surprising that only a handful of high profile companies have moved towards this type of database… or is it?

When you take a look at some of the downsides of the technology, it becomes easier to understand why some of the largest accounting and financial firms are still in the early stages of their feasibility studies. Let’s take a look at what these pitfalls are, and how much impact they could have on the future growth of blockchain utilization.

Blockchain is Environmentally Flawed

The biggest ‘sell’ for blockchain is that when implemented correctly, it can potentially eliminate the possibility of any type of fraud within a closed database. However, to achieve such integrity, blockchain (by design) uses an almost unfathomable amount of computing resources and energy.

On extremely large cryptocurrency blockchains, a single transaction uses the equivalent energy that 1.5 average households do in a single day. If blockchains were the defacto form of database for the majority of businesses, you could safely assume that the world’s available energy and computing resources wouldn’t be able to keep up. Of course, blockchains aren’t supposed to take over every kind of conceivable database, but it’s still interesting to note that superior fraud protection comes with the caveat of huge energy demands.

Larger Blockchains Mean Longer Verification Times

In 2016, it took an average of 43 minutes to verify a single bitcoin transaction record. By comparison, standard ATM transactions are processed almost instantaneously on archaic network connections, and will reflect immediately on a financial ledger. Even interbank money transfers can be completed in seconds.

As a blockchain grows, verification times become longer, and as mentioned, that means that more computing resources are required to process even the smallest transaction. Younger networks or inherently small blockchains wouldn’t suffer the same problems, but there’s no denying that this is a significant limitation of the technology.

With these two points, it becomes evident what the pitfall of blockchain is.

By design, the technology is made to deter fraud by making it economically and sometimes practically unviable. There’s no denying that as a chain grows, fraud becomes virtually impossible. Unfortunately, this also means that the entire chain becomes computationally intensive and inherently slow to verify records; which is one of the biggest limitations preventing blockchain from being widely implemented today. Banks and other large institutions would also need to develop their own implementation of the technology to suit their needs, and as yet, no major player has made a significant investment.

Blockchain may well play a significant role in the future of banking, finance, and other forms of critical record keeping, however, the risk and pitfalls appear too great for the technology to impact the mainstream at this time.

About Bill McCabe/ Internet of Things Recruiting - Executive Search/ Retained Search for the Internet of Things/ Machine 2 Machine/ Big Data Markets

IBM IOT Futurist - see you at #IBMInterconnect - March 19-23 Las Vegas

Top 50 IOT Authority on Twitter - per IoT Central

Need Help finding your next Big Data or IOT Employee or If you require the top 5% of IOT talent let’s talk. Drop me a line or use this link to schedule an IOT Search Assessment Call Click Here to Schedule

OR Contact me at 303-337-7871

Read more…

Tripwire, Inc., a security company, recently announced the results of a study conducted in partnership with Dimensional Research.  The study looked at the rise of Industrial Internet of Things (IIoT) deployment in organizations, and to what extent it is expected to cause security problems in 2017.  

The big not so surprise: 96 Percent of IT Security Professionals Expect an Increase in Cybersecurity Attacks on Industrial Internet of Things.

Yes, you should expect to get hacked.  

Robert Westervelt, security research manager at IDC said in a statement: “As Industrial companies pursue IIoT, it’s important to understand the new threats that can impact critical operations. Greater connectivity with operational technology (OT) exposes operational teams to the types of attacks that IT teams are used to seeing, but with even higher stakes. The concern for a cyber attack is no longer focused on loss of data, but safety and availability. Consider an energy utility as an example - cyber attacks could disrupt power supply for communities and potentially have impact to life and safety.”

Key findings include:

  • 96 percent of those surveyed expect to see an increase in security attacks on IIoT in 2017 
  • 51 percent said they do NOT feel prepared for security attacks that abuse, exploit, or maliciously leverage insecure IIoT devices
  • 64 percent said they already recognize the need to protect against attacks against IIoT, as they gain popularity with hackers
  • 90 percent expect IIoT deployment to increase 
  • 94 percent expect IIoT to increase risk and vulnerability in their organization

The study was commissioned by Tripwire and carried out by Dimensional Research in January 2017. A total of 403 qualified participants completed the survey. All participants had responsibility for IT security as a significant part of their job and worked at companies with more than 1,000 employees. Survey respondents were based in the United States (278), the United Kingdom (44), Canada (28) and Europe (53). 

Read more about IoT and security on IoT Central. To receive these articles, sign up on IoT Central

Read more…

IoT 2020: Smart and secure IoT platform

The IEC (International Electrotechnical Commission), an organization that prepares and publishes International Standards for all electric and electronic devices and systems, came out with a new white paper that provides an outlook on what the next big step in IoT could involve – the development of smart and secure IoT platforms.

How data is collected and implemented will determine how transformational IoT can become. Security grows exponentially in importance as devices that were once isolated become interconnected and more and more information is collected. As with most disruptive technologies, solutions are developed by a wide range of providers promoting their proprietary approaches, which can also impact interconnectivity. Bringing the ambitious visions expressed by IoT to reality will require significant efforts in standardization.

The white paper provides an overview of where IoT currently stands, with a particular focus on IoT system design as well as architecture patterns, the limitations and deficiencies of the current IoT framework, and its security, interoperability and scalability. Several use cases from the industry, public and customer domains are investigated.  

The White Paper can be downloaded from: http://www.iec.ch/whitepaper/pdf/iecWP-loT2020-LR.pdf

Funding was from SAP and Fraunhofer ASEC.

Read more…

The Internet of Things is slated to be one of the most disruptive technologies we’ve ever seen. It’s going to change a great deal - including how we look at and use the cloud.

Software-defined cars. Internet-connected ‘smart’ fridges, coffee machines, and televisions. Wearable technology like smartwatches and smartglasses. The Internet of Things is going to change everything from how we work to how we drive to how we live our lives. And as it does so, it’s also going to change the cloud.

It already is, actually.

Enter fog computing. It’s an extension of the cloud, born out of the fact that there are more Internet-connected devices in the world than ever before (by 2020, Gartner predicts that there will be 6.4 billion.)  Given this influx, the traditional, centralized model of the cloud is no longer viable.

“Today, there might be hundreds of connected devices in an office or data center,” writes Ahmed Banafa of Thoughts On Cloud. “In just a few years, that number could explode to thousands or tens of thousands, all connected and communicating. Most of the buzz around fog has a direct correlation with IoT. The fact that everything from cars to thermostats are gaining web intelligence means that direct user-end computing and communication may soon be more important than ever.”

It makes a lot more sense to move the real computing and processing closer to client devices. To carry out analysis at the network’s edge. See, the thing about the Internet of Things is that it depends on managing data over very short timeframes. Even a slight delay introduced as a result of bandwidth is unacceptable.

Consider the following examples:

  • A self-driving car is communicating with the vehicles and traffic infrastructure around it, and analyzing traffic and weather conditions. While it may communicate with a central server, it needs to be able to analyze and aggregate data immediately, lest it cause an accident.

  • Autonomous tunneling and boring machines at a mining site ensure workers don’t have to subject themselves to hazardous underground conditions. These machines must be capable of analyzing and storing terabytes of data, as network connectivity hundreds of feet underground is near-impossible. They also must be able to communicate with other mining infrastructure, as well as a central server, uploading processed data to the cloud when mining is finished.

  • Sensors at an oil well must connect to a cloud server to provide headquarters with a real-time vision of the facility. These sensors, however, must be capable of analyzing data on-site before it is uploaded.

In each of the examples above, distributed computing works together with a more traditional cloud model to better-enable connected equipment and sensors. And that’s where the cloud slots in with IoT. It’s still the cloud - but it’s changed in order to adapt to new workflows, business processes, and an entirely new world.

“With the increase in data and cloud services utilization, fog computing will play a key role in helping reduce latency and improve the user experience” writes Data Center Knowledge’s Bill Kleyman. “We are now truly distributing the data plane and pushing advanced services to the edge. By doing so, administrators are able to bring rich content to the user faster, more efficiently, and - very importantly - more economically.”

Photo credit: Mr. & Mrs. Gray

About the Author:

Tim Mullahy is the General Manager at Liberty Center One. Liberty Center One is a new breed of data center located in Royal Oak, MI. Liberty can host any customer solution regardless of space, power, or networking/bandwidth requirements.

Read more…

Mobile World Congress and the Pain in Spain

As Mobile World Congress kicks off in Barcelona this week, Avast, a security company, has a warning for the citizens of Spain: There are over 5 million vulnerable IoT devices across the country.

Now this of course is meant to grab attention at a very noisy show, and any connected country has parity with Spain I'm sure, but nonetheless, the experiment conducted by Avast is worth a look. The findings identified more than 493,000 smart devices in Barcelona and 5.3 million in Spain overall – including smart kettles, coffee machines, garage doors, fridges, thermostats and other IP-connected devices – that are connected to the internet and vulnerable to attacks.

The experiment found:  

  • Over 5.3 million vulnerable smart devices – including webcams and baby monitors – in Spain, and more than 493,000 in Barcelona alone
  • More than 150,000 hackable webcams in Spain and more than 22,000 in Barcelona
  • More than 79,000 vulnerable smart kettles and coffee machines in Spain
  • More than 444,000 devices in Spain using the Telnet network protocol, which is a type of protocol that has been abused to create the Mirai botnet which attacked Dyn in 2016, leading to the crash of Internet sites like Twitter, Amazon, Reddit, etc.

Conducted in partnership with IoT search engine specialists Shodan.io, the experiment proves just how easy it is for anyone - including cybercriminals - to scan IP addresses and ports over the Internet and classify what device is on each IP address. And, with a little extra effort and know-how, hackers can also find out the type of device (webcam, printer, smart kettle, fridge and so on), brand, model and the version of software it is running.

"With databases of commonly known device vulnerabilities publicly available, it doesn’t take a vast amount of effort and knowledge for cybercriminals to connect the dots and find out which devices are vulnerable,” said Vince Steckler, CEO at Avast. “And even if the devices are password protected, hackers often gain access by trying out the most common usernames and passwords until they crack it.”

The company says users need to contribute to making the online world a safer place by keeping software updated and choosing strong, complex passwords. Unfortunately, that is not going to happen, by either the consumer or the manufacturer.  As we've reported before, the real answer is this.

Read more…

It's 2017 and IoT continues to be a buzz. Appearing more frequently in almost every news articles regarding technology trends, digital transformation and the next "industrial revolution". However, behind the seemingly robust industry boom, rates of IoT adoption across Southeast Asia seems to be at a more conservative level.

Enterprises and organisations are cautious of adopting IoT for various reasons, and it is important for solution providers to understand these gaps in order to address enterprises' challenges and bring IoT to a wider reach.

1. Security

Arguably the second-most popular buzzword, security issues have been the top concerns of any digital, connected projects out there. 2016 was a "year of hack" around the world, from the (alleged) hacking of the US electionsUS $81 million stolen from Bangladesh Bank, and hacking of airports and banks in Vietnam. All these issues raise the concern of the security of enterprises putting up sensitive information about their business in the cloud, where IoT devices without basic security functions can be hacked within minutes.

Ensuring cyber security is crucial for businesses when they decide whether or not to migrate into the cloud and rely on technologies for operations and sensitive information.

2. Co$t

Cost is another big concern for enterprise IoT adoption, especially in the Small and Medium Enterprises (SMEs) in Southeast Asia. Many of the IoT product offerings currently pose a challenge for SMEs to adopt, especially when the benefits are usually seen in the long run rather than short-term. This is especially apparent in emerging economies like Myanmar, where despite the high potential for enterprise ICT/IoT adoption, the high cost of digital products still poses a challenge to the local companies, prompting them to either seek foreign investments, collaborate, or find localised products that are more affordable - prompting local system integrators and distributors to be active in helping to grow the local markets.

This also prompts another important issue of having a strategic planning when it comes to digitisation and using IoT, in order to cut upfront costs while still benefiting from the new technologies.

3. Sustainable investments & developments

As the IoT buzz continues to ride the waves of publicity, especially from big names like Hewlett Packard Enterprise, IBM, Oracle, Microsoft and Google, enterprises should avoid jumping on the bandwagon without understanding the actual benefits and what IoT can bring to the table. A Bain & Company survey found that 59% of global companies believe they lack the capabilities to generate meaningful business insights from data, while another survey had 85% of respondents saying that they will require substantial investments to update their existing data platform - which can be costly and time-consuming.

Understanding the challenges that the businesses and enterprises face will be crucial for solution providers to offer not only products for the sake of having products, but also be able to offer their clients advice on strategies and plans of how to apply IoT successfully and strategically - depending on each company's needs and requirements.

Businesses in Southeast Asia comprise of many young, robust and innovative enterprises hoping to use technologies to differentiate, expand and produce with high efficiency and productivity. Addressing the pain points and challenges of technologies will allow solution providers and businesses to have better understandings of each other, and help the Southeast Asian IoT market reach new heights.

What is the top challenge that your company is facing with regards to technologies/IoT adoption? Let me know in the comments section.

If you are interested in learning more about Southeast Asia's enterprise IoT markets and connect with businesses across the region about your solutions, drop me a note at [email protected] Looking forward to speaking with you!

Read more…
Comments: 0

The Paradox of the Industrial Internet

Guest post by Evan Birkhead.

5 Take-Aways from EMA’s new Industrial IoT Research

As reported by Reuters last year, Marty Edwards, who runs the Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (known as ICS-CERT), warned that his organization observed a significant year-over-year increase in attacks targeting industrial control systems. Edwards said ICS systems are vulnerable because they are exposed to the Internet.

“We see more and more that are gaining access to the control system layer,” he explained. “I am very dismayed at the accessibility of some of these networks… they are just hanging right off the tubes.”

 Director Edwards’ comments underscore the paradox of the Industrial Internet: The convergence of IT and Operational Technology (OT) enables the analytics of massive amounts of industrial data. On one hand, IT/OT convergence yields streamlined operations, improved safety, predictive maintenance and optimized processes. On the other hand, it is creating easily penetrable apertures that present enormous risks with potentially catastrophic outcomes. 

EMA, the IT and data management research organization, has published a new study entitled “The Promise and Risk of the Industrial Internet” that tackles this paradox head-on.  Convergence is occurring in an environment that wasn’t designed to be accessible from the outside world. Unfortunately, the problem is compounded by what EMA describes as a “tangled web of both cultural nuances and differing security standards and focus” between IT and OT. 

So what can we do about it?

Fortunately, EMA purports that successful Industrial IoT strategies will balance the needs of IT to provide protection from hackers, while simultaneously ensuring OT operators’ equipment will be reliable and safe.

Here are 5 take-aways from this seminal report that can help us get over the roadblocks:

  1. You can’t shoehorn IT security policies into OT.

    The security strategy for OT was developed decades ago, under the assumption that restricting physical access to industrial control systems and networks was enough to protect them. Even the protocols used to operate and secure OT systems were developed long before TCP/IP existed. IT/OT convergence opens ICS systems to threats they were never designed to be exposed to, let alone prevent or otherwise defend against. 

    IT cannot manage OT with traditional security technologies, and the inconvenient truth is that IT organizations need to make the effort to learn how they are different. OT requires a completely different and distinctly separate approach to cybersecurity. As the report explains, “IT needs to understand that administration standards and SLAs that work for enterprise software do not necessarily work for OT.”
  1. Hacks into OT are potentially more catastrophic than those in IT.

    While IT attacks typically focus on personal data (such as finances), hacks into OT can be life-threatening and can result in incalculable damage to critical infrastructure or bread-and-butter revenue-generating processes. The well-known German steel mill attack caused massive damage. A successful hack into an electrical grid can place millions of people without power for an extended period of time. Access to a city’s water supply can impact access to many crucial resources. 

    Further, according to the report, “While an hour of downtime may be acceptable to patch a CRM system, it is simply not possible for OT systems that manage critical infrastructure or transportation to be down for even a few minutes.” These are important considerations to make when weighing OT cybersecurity challenges.
  1. Attacks on OT are no longer “if” but “when.”

    EMA cites the accelerated pace of recent attacks, such as the state-sponsored attacks on the Ukrainian power grid. It describes a new world where it’s not hard to imagine how quickly attacks on critical assets can escalate to serious and even catastrophic consequences for millions of people. 

    With the convergence of networked applications, controls, and sensors for ICS, ensuring the security of physical assets and the safety of people who operate and rely on them is crucial for our very quality of life. Today’s technologists need to seriously consider the urgency of architecting a workable OT cybersecurity plan. 
  1. The right technology can bridge the gap.

    As described in the report, common IT firewalls are designed for IT perimeter security. They interrogate standard IP protocols and applications, blocking attacks based on standard Internet parameters. On the flip side, industrial cyberattacks are based on granular machine instructions that alter systems controls and sensor parameters, and cannot be caught by traditional firewall technology. Fortunately, the report concludes that the cybersecurity industry is making strides. Bayshore Networks IT/OT Gateway technology, for example, was designed from the ground up to address converged IT/OT security environments. 

    Specifically, the report recognizes the work of the Industrial Internet Consortium, which recently issued a landmark document called the Industrial Internet Security Framework, which establishes best practices for Industrial IOT cyber security. The framework emphasizes the importance of five Industrial IOT characteristics of safety, reliability, resilience, security, and privacy. 
  1. The right partner can clear cultural roadblocks.

    While the convergence of IT and OT has seemingly compounded the complexity of technology management overnight, the report encourages IT organizations to seek out partners with specific expertise in the area. 

    EMA concludes that successful Industrial IoT strategies will balance the needs of IT to provide protection from hackers while simultaneously ensuring OT operators’ equipment will be reliable and safe: “With the right technology partner and a champion that can help clear cultural roadblocks, organizations can ensure robust security with IT/OT convergence efforts, lending a foundation for greater cost and process efficiencies, as well as the competitive advantages that will come from harnessing the power of the industrial Internet of Things.”

This article originally appeared hereDownload the new EMA research here.

Read more…

Regulating the Internet of Things

Last week I attended the RSA Security conference in San Francisco. It's the premier conference for security professionals, and more than ever, vendors. Lots and lots of vendors.  

In any case, I was there to learn more about security and IoT. One of the speeches I wanted to catch is now available and I encourage you to take time to watch it. It's from Bruce Schneier who we wrote about here and here.

Bruce used the platform to continue his call to the industry to get involved with policy when it comes to security and IoT, arguing that the real world consequences of doing nothing should not be ignored. He stated, "The more we connect things to each other, the more the vulnerabilities affect each other." The Dyn attack, the Mirai botnet and video cameras are a great example of this. Bruce describes this as a cascade of failures, where no one system is at fault, leading to a connected world of residual insecurity.

He believes that a lot of people in the industry are working on it and they are doing good work on IoT security, but as he argued in the past, when it comes to low-cost Internet connected devices (cameras, consumer electronics and other far-flung sensors) neither the buyer or the seller are interested in getting the latest security patch. In short, the cost of failure and the cost to fix does not favor security updates or investment. 

Free market idealists hate regulation, but they are becoming necessary, Schneier says. “Governments are going to get involved, regardless. The stakes are too high.”

Full video here

Read more…

Using Blockchain to Secure IoT

By Ahmed Banafa

IoT is creating new opportunities and providing a competitive advantage for businesses in current and new markets. It touches everything—not just the data, but how, when, where and why you collect it. The technologies that have created the Internet of Things aren’t changing the internet only, but rather change the things connected to the internet—the devices and gateways on the edge of the network that are now able to request a service or start an action without human intervention at many levels.

Because the generation and analysis of data are so essential to the IoT, consideration must be given to protecting data throughout its life cycle. Managing information at all levels is complex because data will flow across many administrative boundaries with different policies and intents.

Given the various technological and physical components that truly make up an IoT ecosystem, it is good to consider the IoT as a system-of-systems. The architecting of these systems that provide business value to organizations will often be a complex undertaking, as enterprise architects work to design integrated solutions that include edge devices, applications, transports, protocols, and analytics capabilities that make up a fully functioning IoT system. This complexity introduces challenges to keeping the IoT secure, and ensuring that a particular instance of the IoT cannot be used as a jumping off point to attack other enterprise information technology (IT) systems.

International Data Corporation (IDC) estimates that 90% of organizations that implement the IoT will suffer an IoT-based breach of back-end IT systems by the year 2017.

Challenges to Secure IoT Deployments

Regardless of the role, your business has within the Internet of Things ecosystem— device manufacturer, solution provider, cloud provider, systems integrator, or service provider—you need to know how to get the greatest benefit from this new technology that offers such highly diverse and rapidly changing opportunities.

Handling the enormous volume of existing and projected data is daunting. Managing the inevitable complexities of connecting to a seemingly unlimited list of devices is complicated. And the goal of turning the deluge of data into valuable actions seems impossible because of the many challenges. The existing security technologies will play a role in mitigating IoT risks but they are not enough. The goal is to get data securely to the right place, at the right time, in the right format; it’s easier said than done for many reasons.

Dealing with the challenges and threats

Gartner predicted that more than 20% of businesses will deploy security solutions for protecting their IoT devices and services by 2017, IoT devices and services will expand the surface area for cyber-attacks on businesses, by turning physical objects that used to be offline into online assets communicating with enterprise networks. Businesses will have to respond by broadening the scope of their security strategy to include these new online devices.

Businesses will have to tailor security to each IoT deployment according to the unique capabilities of the devices involved and the risks associated with the networks connected to those devices. BI Intelligence expects spending on solutions to secure IoT devices and systems to increase five fold over the next four years.

The optimum platform

Developing solutions for the Internet of Things requires unprecedented collaboration, coordination, and connectivity for each piece in the system, and throughout the system as a whole. All devices must work together and be integrated with all other devices, and all devices must communicate and interact seamlessly with connected systems and infrastructures in a secure way. It’s possible, but it can be expensive, time-consuming, and difficult unless the new line of thinking and a new approach to IoT security emerged away from the current centralized model.

The problem with the current centralized model

The current IoT ecosystems rely on centralized, brokered communication models, otherwise known as the server/client paradigm. All devices are identified, authenticated and connected through cloud servers that sport huge processing and storage capacities. The connection between devices will have to exclusively go through the internet, even if they happen to be a few feet apart.

While this model has connected generic computing devices for decades and will continue to support small-scale IoT networks as we see them today, it will not be able to respond to the growing needs of the huge IoT ecosystems of tomorrow.

Existing IoT solutions are expensive because of the high infrastructure and maintenance cost associated with centralized clouds, large server farms, and networking equipment. The sheer amount of communications that will have to be handled when IoT devices grow to the tens of billions will increase those costs substantially.

Even if the unprecedented economical and engineering challenges are overcome, cloud servers will remain a bottleneck and point of failure that can disrupt the entire network. This is especially important as more critical tasks

Moreover, the diversity of ownership of devices and their supporting cloud infrastructure makes machine-to-machine (M2M) communications difficult. There’s no single platform that connects all devices and no guarantee that cloud services offered by different manufacturers are interoperable and compatible.

Decentralizing IoT networks

A decentralized approach to IoT networking would solve many of the questions above. Adopting a standardized peer-to-peer communication model to process the hundreds of billions of transactions between devices will significantly reduce the costs associated with installing and maintaining large centralized data centers and will distribute computation and storage needs across the billions of devices that form IoT networks. This will prevent failure in any single node in a network from bringing the entire network to a halting collapse.

However, establishing peer-to-peer communications will present its own set of challenges, chief among them the issue of security. And as we all know, IoT security is much more than just about protecting sensitive data. The proposed solution will have to maintain privacy and security in huge IoT networks and offer some form of validation and consensus for transactions to prevent spoofing and theft.

To perform the functions of traditional IoT solutions without a centralized control, any decentralized approach must support three fundamental functions:

  • Peer-to-peer messaging
  • Distributed file sharing
  • Autonomous device coordination

 

The Blockchain approach

Blockchain, the “distributed ledger” technology that underpins bitcoin, has emerged as an object of intense interest in the tech industry and beyond. #Blockchain technology offers a way of recording transactions or any digital interaction in a way that is designed to be secure, transparent, highly resistant to outages, audit-able, and efficient; as such, it carries the possibility of disrupting industries and enabling new business models. The technology is young and changing very rapidly; widespread commercialization is still a few years off. Nonetheless, to avoid disruptive surprises or missed opportunities, strategists, planners, and decision makers across industries and business functions should pay heed now and begin to investigate applications of the technology.

What is Blockchain?

Blockchain is a database that maintains a continuously growing set of data records. It is distributed in nature, meaning that there is no master computer holding the entire chain. Rather, the participating nodes have a copy of the chain. It’s also ever-growing — data records are only added to the chain.

A blockchain consists of two types of elements:

  • Transactions are the actions created by the participants in the system.
  • Blocks record these transactions and make sure they are in the correct sequence and have not been tampered with. Blocks also record a time stamp when the transactions were added.

What are some advantages of Blockchain?

The big advantage of blockchain is that it’s public. Everyone participating can see the blocks and the transactions stored in them. This doesn’t mean everyone can see the actual content of your transaction, however; that’s protected by your private key.

A blockchain is decentralized, so there is no single authority that can approve the transactions or set specific rules to have transactions accepted. That means there’s a huge amount of trust involved since all the participants in the network have to reach a consensus to accept transactions.

Most importantly, it’s secure. The database can only be extended and previous records cannot be changed (at least, there’s a very high cost if someone wants to alter previous records).

 How does it work?

When someone wants to add a transaction to the chain, all the participants in the network will validate it. They do this by applying an algorithm to the transaction to verify its validity. What exactly is understood by “valid” is defined by the blockchain system and can differ between systems. Then it is up to a majority of the participants to agree that the transaction is valid.

A set of approved transactions is then bundled in a block, which gets sent to all the nodes in the network. They, in turn, validate the new block. Each successive block contains a hash, which is a unique fingerprint, of the previous block.

There are two main types of Blockchain:

  • In a public blockchain, everyone can read or write data. Some public blockchains limit the access to just reading or writing. Bitcoin, for example, uses an approach where anyone can write.
  • In a private blockchain, all the participants are known and trusted. This is useful when the blockchain is used between companies that belong to the same legal mother entity.

The Blockchain and IoT

Blockchain technology is the missing link to settle scalability, privacy, and reliability concerns in the Internet of Things. Blockchain technologies could perhaps be the silver bullet needed by the IoT industry. Blockchain technology can be used in tracking billions of connected devices, enable the processing of transactions and coordination between devices; allow for significant savings to IoT industry manufacturers. This decentralized approach would eliminate single points of failure, creating a more resilient ecosystem for devices to run on. The cryptographic algorithms used by blockchains would make consumer data more private.

The ledger is tamper-proof and cannot be manipulated by malicious actors because it doesn’t exist in any single location, and man-in-the-middle attacks cannot be staged because there is no single thread of communication that can be intercepted. Blockchain makes trustless, peer-to-peer messaging possible and has already proven its worth in the world of financial services through cryptocurrencies such as Bitcoin, providing guaranteed peer-to-peer payment services without the need for third-party brokers.

The decentralized, autonomous, and trustless capabilities of the blockchain make it an ideal component to become a fundamental element of IoT solutions. It is not a surprise that enterprise IoT technologies have quickly become one of the early adopters of blockchain technologies.

In an IoT network, the blockchain can keep an immutable record of the history of smart devices. This feature enables the autonomous functioning of smart devices without the need for centralized authority. As a result, the blockchain opens the door to a series of IoT scenarios that were remarkably difficult, or even impossible to implement without it.

By leveraging the blockchain, IoT solutions can enable secure, trustless messaging between devices in an IoT network. In this model, the blockchain will treat message exchanges between devices similar to financial transactions in a bitcoin network. To enable message exchanges, devices will leverage smart contracts which then model the agreement between the two parties.

In this scenario, we can sensor from afar, communicating directly with the irrigation system in order to control the flow of water based on conditions detected on the crops. Similarly, smart devices in an oil platform can exchange data to adjust functioning based on weather conditions.

Using the blockchain will enable true autonomous smart devices that can exchange data, or even execute financial transactions, without the need of a centralized broker. This type of autonomy is possible because the nodes in the blockchain network will verify the validity of the transaction without relying on a centralized authority.

In this scenario, we can envision smart devices in a manufacturing plant that can place orders for repairing some of its parts without the need of human or centralized intervention. Similarly, smart vehicles in a truck fleet will be able to provide a complete report of the most important parts needing replacement after arriving at a workshop.

One of the most exciting capabilities of the blockchain is the ability to maintain a duly decentralized, trusted ledger of all transactions occurring in a network. This capability is essential to enable the many compliances and regulatory requirements of industrial IoT applications without the need to rely on a centralized model.

 This article originally appeared here. Header photo has been modified, credit here.

References

http://www.cio.com/article/3027522/internet-of-things/beyond-bitcoin-can-the-blockchain-power-industrial-iot.html

http://dupress.com/articles/trends-blockchain-bitcoin-security-transparency/

https://techcrunch.com/2016/06/28/decentralizing-iot-networks-through-blockchain/

http://www.blockchaintechnologies.com/blockchain-internet-of-things-iot

https://postscapes.com/blockchains-and-the-internet-of-things/

http://www-935.ibm.com/services/multimedia/GBE03662USEN.pdf

Read more…
RSS
Email me when there are new items in this category –

Upcoming IoT Events

More IoT News

IoT Career Opportunities