The IoT security conundrum

By-Muralidhran Nadarajah, CEO, Xchanging Malaysia

India is an information technology superpower. It has grown into an ‘application economy’—one being pushed by software applications and the ubiquity of mobile. Venture capitalists too are backing some of the most disruptive technologies being built on software. Yet, in spite of being a tech hub, our approach towards cybercrime needs to be rethought. It is time we focused on implementing a security framework to protect against cyber attacks.

The SQL injection attack on the European Central Bank last year demonstrated the strength of cyber criminals. When an attack of this intensity can penetrate state-ofthe- art infrastructure, it forces Chief Technology Officers (CTOs) to relook at their strategy to secure their company’s data and IP. The CTO community realizes that a better

than average firewall is simply not enough. More than a dozen major companies were left vulnerable by cyber attacks in 2014 and there is an obvious need to develop a framework to neutralize these sophisticated criminals.

THE IoT BOOM AND THE SECURITY CONCERNS

According to the leading market research and consulting firm International Data Corporation (IDC), 32 bn objects will be connected to the Internet by 2020. It is certain that the IoT market is going to witness a massive chip outflow, with companies building on the need to automate routine tasks.

In the future, machine-to-machine communication is going to increase exponentially and data processing will reach an all-time high. Any attack on a single connected node can break an infrastructure. It is one thing to disable a system, but a whole new nightmare to manipulate the system. For example, if a hacker can control a connected car, he will have access to sensitive and private data like location, and potentially could also jam the breaking system and more.

Here’s what a White House Cybersecurity report on IoT had to say, “There exists no effective methodology that currently supports the rapid mobilization and coordination of critical commercial sector assets to respond to a large-scale incident of national security concern.” Hacking into an individual’s car is a minuscule lapse in

the system when compared to hacking into a collective nation’s assets. The Heartbleed attacks are a simple example of how vulnerable we are from a data standpoint. In India, while the government may have not identified specific policies related to the IoT market, the Digital India initiative is a step in the right direction. The government’s plan to create 100 smart cities is a great example of how the IoT can perform a critical role in the fruition of this vision. These smart cities will conserve electricity, eliminate water wastage, improve transportation services, and enhance the consumer experience in every field.

Building these cities will not happen without our focused efforts in providing a security framework that will streamline every function. Companies will have to share data, coming in from numerous devices, to facilitate informed decision-making. Personal information needs to be encrypted with security systems that ensure that in case of an attack, the hacker is unable to decode the language.

BRACING FOR THE IMPENDING IoT BOOM

“There is a small—and rapidly closing—window to ensure that the Internet of Things is adopted in a way that maximizes security and minimizes risk. If the country fails to do so, it will be coping with the consequences for generations.” These lines from the White House cybersecurity coordinator Michael Daniel’s report give us a clear picture of the importance of securing a framework for the IoT market. More importantly, it outlines the dangers of not adopting a stringent cybersecurity policy. The Indian market is still at a nascent stage, even while ranking third globally in the number of Internet users, according to internetlivestats.com. According to a KPMG report, the Internet Protocol (IP) traffic would grow sixfold from 2012 to 2017, at a CAGR of 44%. Yet, our average spend on cybersecurity is below a billion dollars and is estimated to reach about $1.5 bn by 2017.

On the sidelines, we should secure VPNs (Virtual Private Networks) by giving them a structured authentication protocol. A simple way to effectively protect this is to provide compulsory remote connection authentication protocols as an add-on to the existing near field authentication protocol.

An important business aspect of securing data is to efficiently communicate with customers on the updated software and measures taken to protect their data. The Internet of Things can be a complex market with multiple nodes, and businesses should aim to simplify this process. There’s no better way to assure a customer of the simplicity and security, than communicating regularly. It might seem like a rudimentary thing to do, but the true test of a successful business is to ensure that there’s a process in place amidst all that clutter. Remember, the IoT market is being outsourced because of its complexity.