SECURITY INSIGHTS

IoT opens a Pandora’s box of cyber-attacks

IoT Opens a Pandora’s Box of Cyber-Attacks - Banner Image

This article contains excerpts from Kishore Jethanandani’s article for The Mobility Hub.

M2M devices had an isolated existence in industrial plants, utilities, hospitals, transportation, and smart buildings. Security from cyber-attacks was not a concern. As M2M devices are increasingly exposed to the larger world of the internet with application programming interfaces, their ubiquity is haunting the IT world with the prospect of pervasive and catastrophic cyber-attacks that will affect sensitive industrial controls and medical devices. A security breach could cause physical harm as large facilities are subverted.

The protection of the Internet of Things is fraught with unique challenges, especially because the software is embedded in the hardware device and is wrapped up with the core of the intellectual property. It’s often not possible to patch and update embedded software remotely and continuously to keep it safe without disassembling the hardware — at the risk of downtime and damage to the interconnected software. Some protocols, such as Modbus, are not designed to secure against intrusions. Hardware manufacturers are wary of revealing the vulnerabilities of the software, lest the information leak to malware developers or the source code find its way to competitors.

The paradigm that guided the security management of the Internet of devices using downloadable software is riven with holes that are hard to repair with known methods. Authentication plays a key role when humans use devices. By contrast, M2M devices are controlled by another device. Similarly, the monitoring of log files and events is an important source of information for detecting anomalies that point to intrusion, but it is not known to work well with the Internet of Things.

“M2M is a booming industry, and hardware manufacturers are focused on selling devices, while users are only beginning to realize the importance of third-party security specialists to remotely monitor security,” Spencer Cramer, President and CEO of ei3 Corp. in New York told us. “Access to the source code of the embedded device controllers is needed to integrate with security software.”

His company has been in the business of securing M2M devices for the last fifteen years. It specializes in the few verticals that are already governed by standards. “We have developed a hundred custom drivers to integrate with the embedded software where standards are not used,” he said.

“Economic disincentives dissuade hardware manufacturers from taking preventive measures before security risks snowball into disasters,” Andrew Jaquith, chief technology officer and senior vice president of Cloud Strategy at Silversky, said in an interview. “Liability against damages, the absence of compulsion to disclose security breaches, and the lack of standards are some of the ways the social costs are not internalized by manufacturers. Bugs are much cheaper to fix in the early stages, and companies like Codenomicon have the technology to test for their presence,” he said.

The Internet of Things has opened a Pandora’s box of new challenges in Internet security. A new, system-wide strategy is needed to cope. The widespread ramifications of this new world of security threats need to be grasped quickly before a likely tsunami of cyber-attacks have cataclysmic effects.

 

Share this

Related stories

ei3 champions community service in Jaguar Land Rover’s Defender Service Awards

EU-CRA Compliance Regulations

OMAC and ei3 release report on EU cybersecurity compliance

New York, NY – Mar 28, 2024 – OMAC, the leading industry association for machine ...
ei3's unique approach to predictive maintenance

Our novel approach to predictive maintenance gains global recognition at the Flower Summit 2024

ei3’s groundbreaking approach to predictive maintenance based on “Inverse-PID” analysis (part of ei3’s ConnectedAI toolbox) stands out for ..