On the surface, talking about IoT security would seem to be pretty straightforward—implement precautions to ensure hackers can’t gain control of devices or networks. But the reality is far more complicated, more like the Death Star plot in the original Star Wars movie from 1977.
Conceptually, security approaches to new technologies have followed the same patterns and procedures over the years, and for good reason. What works for protecting the web, for example, also works for protecting the cloud as everything essentially is one big network.
Therefore, security essentially boils down to an arms race between the good guys and the hackers, with both sides using the same defined network parameters. That’s why when an attack is discovered on the web or in the cloud, even years later as in the case of Yahoo, security experts know how to respond. While the underlying network is relatively easy to secure, the connected devices are not. Which brings us to the Death Star.
In the Star Wars story, research scientist Galen Erso is forced to complete work on the Death Star after the Empire killed his wife and kidnapped him. With revenge in mind, he built an undetectable hack into the planet-sized weapon that could destroy it.
This same scenario is what threatens IoT today, albeit the earth is unlikely to be blown up. Hackers can infiltrate IoT-enabled devices (or even a single device) at any number of development and deployment stages.
A disgruntled worker could sabotage devices during design or manufacturing. Criminals could steal a device shipment, reprogram the devices, and return the devices on their journey.
A hacker could fake a device malfunction in an existing system, alter the device software, and then bring the device back online—security personnel would simply assume it was a minor glitch.
In every case, the breaches might never be detected (as with the Death Star). Even when they are, it might be too late to save the system, unlike with traditional solutions. Of course, this is not to imply your IoT solutions are inherently at risk. It just means a new approach to security must be taken, one that looks at the entire system holistically with the intent of always finding the Achilles heel, no matter how seemingly benign.
For more information concerning the IoT and security, contact Aeris.