By: Davide Ricci, Director Product Management, Open Source Platforms, Wind River
IoT is transforming the face of manufacturing, energy, transportation, medical and other industrial sectors globally. The global IoT business is expected to touch $300 billion by 2020, and according to Nasscom, India is set to capture 20 percent of the market share in the next five years.
This means devices can now communicate with each other directly or through the cloud and generate enormous volumes of data, spread across communication networks. Data collected by these devices can then be analysed to cull out critical information about consumer behavioural patterns, from just about any industry vertical.
The factory floor is getting a makeover with intelligent connected devices. The server room is no longer a stuffy place. A majority of enterprises are strategically on the Internet of Things (IoT) path, and the developer ecosystem is rapidly changing as well. It seems we’re well on the way to reach industry forecast of 200 billion connected devices by 2020.
Devices will continue to grow in volume and variety, but the reality is that many organizations haven’t finished assessing how the IoT adoption will impact their business from strategy to execution. Many of their product and development teams have created pretty impressive ideas about sensors, connectivity and data, and tapping to a rich application ecosystem. That will improve productivity, reduce cost, and carry the organization into new opportunities. But what happens to these awesome devices once deployed and what sort of upkeep is needed?
1. Enter the update cadence: regular updates and device maintenance ensures that devices and apps are always up to date. What if maintenance updates are not the only thing that they encounter while online? After all, all devices are connected to a network.
2. Enter man-in-the-middle attack concept: one example is the possibility to decrypt and modify traffic from a device to a server. Many of other examples are captured in current vulnerabilities that get reported each day. Statistics show they continue to be more widespread than ever before. Even monitoring them is overwhelming.
The growth of the IoT is adding the dangerous dimension in which all connected devices can now be hacked, have their information stolen, and even be remotely controlled.
So, will IoT devices get a happily ever after ending?
Happily ever after is possible, but an additional consideration is needed – a mechanism to keep devices defended. New built-in security designs are not enough. They should be complemented by ongoing and automatic defense measures for the devices that are deployed in the field.
Government agencies have been specifically positioned to help fight and prevent cybercrime using strict methodologies and metrics. This goes beyond built-in security and addresses new exploits showing new breaches in the code, that a previous build-in design could not have anticipated. Manufacturers must re-think their security strategy and concentrate not only on system level reinforcing, but also on agile integration of new vulnerability patches. This is a more flexible approach for ongoing security and patching. If manufacturers don’t adopt an always-updated system, they have no guarantee that their original built-in security will hold up against the latest exploits that are being created and uncovered every day.
And there are a lot of them.
An effective defence is to update the software on the device once the industry identifies a security flaw. Open source software can be an advantage for security teams because one can have all kinds of researchers such as those in Government agencies and dedicated mailing lists with the purpose of finding holes in code. This requires systems to be monitored, assessed, and patched more effectively and efficiently. Monitoring increases the odds of being well prepared against the next attack. Often vulnerabilities are uncovered in select circles, announced on mailing lists and embargoed. This gives vendors the time they need to protect themselves.
Challenges implementing a continuous monitoring strategy
While it is very important to monitor vulnerabilities, it’s not always glamorous. Current research shows that developers are always excited to work on the next emerging technology, but not necessarily updating the base platform. However, it’s important that someone does this monitoring. A specialized team can do it more efficiently – someone who proactively monitors and identifies weaknesses before they become problems. Someone who is plugged into all relevant mailing lists, public and private, and aware of all the cool and up-to-date things happening in open source.
A digital world needs a strong and secure foundation to build up on. As with real life structures, the components that make up this foundation have to be of the highest calibre. Develop, Deploy and Defend remain the 3 mantras for CIOs’ to follow.