By: Jitender Sandhu, Country Director – M2M, Gemalto
Internet of Things (IoT) is one of the most talked about and anticipated technology shifts expected to transform the way we live. The number of connected and smart devices is growing at a rapid pace globally as well as in India. According to Gartner, IoT will grow globally to 26 billion units installed in 2020, fundamentally changing everything we do with real time data and actionable intelligence. From predictive automotive maintenance and innovative logistics to real-time customer insights for the next-generation retail, IoT will significantly change the game for businesses and society as a whole. India too plans to create a USD 20 billion IoT industry in education, healthcare and services over the next five years. Paving the way for this will be the government’s ambitious and on-going initiative to build a hundred smart cities under the broader ‘Digital India’ umbrella. This will clearly set the stage for increased uptake of IoT applications and slowly marking a shift towards being an intelligent, connected and smart economy.
IoT is not just about the home automation system that turns lights on and off remotely and the plants notifying the sprinklers when it’s time to water them. IoT will mark a tectonic shift far beyond the domestic machines to industrial and machine applications. Big data and intelligence will drive the implementation of IoT as new information will get generated pretty much on a real time basis through constant and seamless data flow across devices, servers and geographic borders.
With increased connectivity comes increased risk that sensitive data may be breached or compromised. Networks, systems and people will become increasingly vulnerable necessitating the need for protection from malware, hacking, spyware, and related crippling risks.
Earlier in July this year, a car was hacked into by two researchers who took control of the vehicle from 10 miles away. Another such incident was when a smart fridge owner fell victim to cyber-attack which eventually exposed his email credentials. These incidents raise compelling privacy and security concerns for IoT enabled, smart devices at homes, where a lot of IoT applications will reside in the future. As a further example, smart energy meters can be hacked to read consumption patterns or other information, which can allow criminals to get sensitive information about whether a potential target is at home or not, raising alarming privacy concerns around the security of such devices1. The most shocking case surfaced when a cybersecurity consultant hacked into an airplane’s computer nerve center through their in-flight entertainment system causing lateral or sideways movement of the airplane.2
Clearly, for IoT to thrive, there needs to be a strong security framework to ensure its widespread adoption.
Let’s look at three primary ways in which hackers can attack and access data:
Attacking a device: Devices could be anything from smartphones to wearable technologies to even a security camera. Usually, since these devices have little or no security measures, they can be easily logged on to, giving hackers easy access to valuable information.
Attacking the communication: It is one of the most dangerous and probably one of the more common methods used by hackers. This involves the hacker monitoring and altering messages in real time. Given that large volumes of sensitive data will be transmitted, attacking the communication process allows them to intercept this information and change it, leaving the information and the user exposed to security breaches.
Attacking the Master of Devices: After the device and the communication mode, comes the master, which plays the role of issuing and managing devices. Hackers or early adopters of the technology have successfully breached manufacturers, cloud service providers and IoT solution providers leading to maximum damage. Manufacturers develop these technologies with large amounts of highly sensitive data, and if hacked would pose great threat to the future of IoT.
The risks are exacerbated by the fact that securing connected IoT devices may be more challenging than securing a home computer. Industry stakeholders are gradually recognizing this. According to a study conducted by Gartner, more than 20 percent of enterprises worldwide will have deployed security solutions to protect their IoT devices and services by 2017.3 But a similar survey conducted by telecoms.com on the outlook on IoT shows that currently only 10 percent of the vendors consider themselves ready to keep the IoT secure. A lot is yet to be done.
Security will be the factor that will govern the success of any IoT ecosystem. Needless to say, it will become imperative to build trust into the core of networked ‘things’. A system that will deliver on its promise of a connected lifestyle and that is both convenient and safe, will foster trust among users.
But, viewing security in a single layer approach in this era of vulnerability is no longer sufficient. Every use case is unique, and requires the appropriate expertise and technology elements to secure solutions. For companies developing IoT devices, security must be built into devices and software at the very beginning of the design process rather than as an afterthought. Original Equipment Manufacturers (OEMs), implementers and end users of connected devices need to ensure that new features do not allow the free passage for cyber-attacks. Security measures must be built into the device, and multi-layered approach must be adopted to protect data at rest and in transit as well as secure access to the device and data. Innovative techniques such as encryption, tokenization and PKI are key considerations for end-to-end security infrastructure.
In our Internet-enabled world virtually everything will be increasingly connected, everything will become accessible and therefore, potentially vulnerable. From a security and privacy perspective, the broad presence of sensors and devices into our daily lives will naturally make the consumers concerned about the security and privacy around these new products. And therefore, for IoT to be effective and at the same time to gain trust among consumers and enterprise customers alike, the companies, innovators and governments across the world are required to have a collaborative and comprehensive approach to IoT security. Companies and regulators have a shared interest in ensuring that peoples’ expectations about the security of IoT is met and it is crucial for them to consider fundamental privacy policies that protect consumers with enforceable legal rights. With collaboration and adequate steps towards effective security we can begin to build the secure IoT world everyone deserves.