In the 1996 sci-fi blockbuster movie “Independence Day”, there is a comical seen near the end where actor Jeff Goldblum, playing computer expert David Levinson, writes a virus on his Macintosh PowerBook that disables an entire fleet of technologically advanced alien spaceships. The PowerBook 5300 used in the movie had 8 MB of RAM. How could this be?
Putting aside Apple paying for product placement, we’re not going to stop advanced alien life who are apparently Mac-compatible.
I cite the ridiculous Independence Day ending because I was recently reading through a number of IoT security stories and began thinking about the implications of connecting all these things to the network. How much computing power does one actually need to hack something of significance? Could a 1997 IBM Thinkpad running Windows 95 take down the power grid in the eastern United States? Far fetching, yes, but not ridiculous.
Car hacks seem to be in the news recently. Recall last month’s Jeep hack and hijack. Yesterday, stories came out about hackers using small black dongles connected to a Corvette’s diagnostic ports to control many parts of the car through, wait for it, text messages!
Beyond cars and numerous other consumer devices, IoT security has to reach hospitals, intelligent buildings, power grids, airlines, oil and gas exploration as well as every industry listed in the IRS tax code.
IBM’s X-Force Threat Intelligence Quarterly, 4Q 2014 notes that IoT will drag in its wake a host of unknown security threats. Even IBM, a powerful force in driving IoT forward, says that their model for IoT security is still a work in progress since IoT, as a whole, is still evolving. They do suggest however five security building blocks: secure operating systems, unique identifiers for each device, data privacy protection, strong application security, strong authentication and access control.
In the end, it will be up to manufacturers to build security from the ground up and continual work with the industry to make everything more secure. As we coalesce around an ever evolving threat landscape, it will be the responsibility of smaller manufacturers, giants like IBM and industry organizations like the Industrial Internet Consortium and Online Trust Alliance’s IoT Trust Framework to help prevent the ridiculous from happening.