Beyond the convenience of the Internet of Things
We need vigilance to determine whether our systems are secure or have been compromised
LAST WEEK I illustrated the many advantages brought about by the Internet of Things (IoT).
Without the IoT, I would have been much more reluctant to travel by air. Just imagine a world without the hundreds of sensors in aeroplanes and their engines that are constantly being monitored to ensure our safety.
How unsafe would our world be if the operation of national critical infrastructure like dams, bridges, the nuclear power station, and elements of the electricity grid were not constantly monitored via thousands of sensors?
Not to talk about the advantages of modern smart cities like Songdo in South Korea and Santander in Spain, which are largely automated with little human intervention. Thousands of sensors and smartphone apps enable services like parking search, traffic flow, and context sensitive notifications to make life easier for citizens.
And then there are the smart grid, buildings, homes, lighting, watches, intelligent transport systems, connected cars, and ubiquitous healthcare, to name but a few. The growth of the IoT is transforming the way people live by changing everyday internet-enabled objects into an interconnected ecosystem of digital information accessible anytime and anywhere.
However, as objects become increasingly connected to the internet, the security and privacy of the information created, analysed and stored by IoT devices become complicated and demanding to manage.
A single exposed device could leave the entire ecosystem susceptible to attack, with potential disruptions ranging from individual privacy infringements to massive breakdowns of public systems. Smart, connected objects offer huge opportunities for value creation, but can also create significant risk.
From a security and privacy perspective, the pervasive introduction of sensors and devices especially into private spaces – such as the home, car, wearables and even implantations – creates intricate security challenges.
With the IoT, objects are not only smart – equipped with sensors and processing power – but are also connected and thus able to communicate the information they create.
What separates the IoT from the traditional internet is the removal of people. Owing to the use of Artificial Intelligence (AI), machines become autonomous, communicate with other machines and make decisions impacting the physical world without any human intervention.
Automatic trading software – where humans have been removed – has in the past gone in a loop, causing a significant decline in the market.
IoT bridges the gap between the physical and the digital world with the result that hacking into IoT devices could have disastrous real-world consequences. Hacking into the temperature sensors of the nuclear power station could trick the operators into making a catastrophic decision. If a power grid is hacked – as has happened in the US and Western Ukraine – and a whole region experiences a blackout, it affects the economy.
A few years ago a steel mill in Germany became the target of a cyber attack that disrupted the internal networked control systems. Due to the incapacitated control systems a blast furnace did not shut down properly and caused huge physical damage to the plant.
Hacking into the operating system of a driverless car could also end in disaster. Researchers were able to hack into two cars and wirelessly disabled the brakes and turned the lights off, while the driver could not regain control.
A luxury yacht was forced off course by researchers hacking the GPS signal that it was using for navigation. Several cases of hacked smart TV sets, closed circuit video cameras and child monitors have been documented.
Furthermore, since data is transmitted the risk of data breaches and eavesdropping presents considerable dangers to individuals and enterprises. Hackers could use a connected device to virtually invade a business or a person’s home.
German researchers successfully intercepted unencrypted data from a smart meter device to determine which television programmes the inhabitants were watching.
With numerous devices collecting personal information, privacy becomes a headache. Take, for instance, the smart home: It knows when you wake up (due to the smart bedside clock), how thoroughly you brush your teeth (due to your smart toothbrush), what radio station you listen to (due to your smart speaker), what type of food you eat (due to your smart oven and fridge), what your children prefer (due to their many smart toys), who visits you and passes by your house (due to your smart surveillance system).
A researcher recently found that by analysing a smart home’s data he could determine what the inhabitants were having for dinner.
Vulnerable home security cameras, connected to the internet, are favourite targets among hackers. It is therefore important that the security cameras have encryption, which will protect the privacy of the user and keep the video recordings from prying eyes.
Threats related to new technology will always exist. However, it is possible to bolster the security of IoT environments by using security tools such as data encryption, strong user authentication, resilient coding and standardised and tested Application Programming Interfaces that react in a predictable manner.
IoT devices often do not have the capability to defend themselves and might have to rely on separate firewalls and intrusion detection and prevention systems.
Data should always be encrypted in the network layer to prevent interception.
Likewise, stored data should be seamlessly encrypted. To avoid fibre tapping and data capture, IoT communication should be secured with transport layer security.
The advantages of the IoT by far outweigh the threats, but we will have to be vigilant to determine whether our systems are secure or have been compromised.
Professor Louis Fourie is the deputy vicechancellor: knowledge & information technology – Cape Peninsula University of Technology.