The Internet of Things has entered consumers’ lives with wearable devices, cell phones, and security systems that send data through the internet. Meanwhile, a related concept is developing: the Industrial Internet of Things. Companies large and small are creating the infrastructure for the digital industrial revolution and focus on IOT Security.
Wireless Sensor Systems
A small company just entering the field, ProAxion of Apex, North Carolina, is marketing its first product, TACTIX, a wireless sensor system that detects machine vibration. Such cloud-connected sensors can let factory workers know that a machine needs maintenance. By maintaining their equipment, factories prevent unexpected machine failure, thus saving money by maintaining production schedules and avoiding repair costs.
CEO and Co-Founder Justin Rothwell explained: “ProAxion is a play on proactive. Our mission is to develop technology tools that help manufacturing facilities use data to be proactive, rather than reactive.”
The ProAxion system is easy to use, Rothwell said. Customers can attach it to their equipment without understanding how it works.
Digital industrial companies
Jeff Immelt, chairman and CEO of GE, called his company the “world’s largest digital-industrial company.” The multinational corporation, widely known for electric engines, is now a player in the software field. It has developed Predix, an operating system for the Industrial Internet of Things that is cloud-based, at its San Ramon, California offices.
Predix can expand opportunities, not just for GE and its employees but also for its customers. Immelt recently visited the Le Centorial building in Paris, where he announced the opening of what the company calls a “digital foundry.” GE plans for several hundred engineers, data scientists, and designers to work in Paris, using Predix to develop software for industrial machines, including those that factories depend on.
Delta Airlines is employing Radio Frequency Identification (RFID) baggage tracking technology. RFID has replaced bar code hand scanning, the industry standard since the early 90s. It is a sensor technology based on smart tags attached to the suitcases. RFID labels contain more information than a bar code label and aren’t scanned individually like a bar code tag. When an RFID tag passes a scanner, the scanner reads the tag.
Delta Airlines is able to track a suitcase in real time and so will the passenger if the passenger downloads the Delta app. Delta handles 120 million bags annually. With a $50 million investment in RFID at 344 locations around the world, each tag’s radio signal will be read at various points along the way to make sure each piece of luggage is en route to the correct destination. Delta plans to deliver every bag on every flight.
Convenience vs Security
The Internet of Things offers all sorts of tempting conveniences, but these conveniences can also bring new security threats into the home, office and even your automobile. Some of these threats, like a malicious hacker taking control of a car’s acceleration or remotely turning on an oven to set a house on fire, are technically possible yet so easily managed with security failsafes that they are more likely to be seen in a movie than in real life. The IoT can create a real threat to privacy and data IoT Security, however, and examples of this are already being seen.
The major threat thus far has been to cloud-based services that manage devices. The most prominent example is the VTech hack of late 2015, in which the personal data of roughly five million people (including personal pictures of minors) was exposed to unknown intruders who were able to breach the company’s security.
Database hacks aren’t something that’s exclusive to the IoT, of course. But the new wrinkle here is that devices connected to a provider’s cloud-based system will be implicitly trusting that system to do things like update software, apply patches and execute remote commands. When those cloud servers are compromised, that means all the devices in homes, offices and vehicles that are linked to them are potentially compromised as well!
There’s also added vulnerability at the local level. While a hacker is very unlikely to be able to use your toaster to set your house on fire, that toaster (along with every other gadget connected to your WiFi network) represents a potential point of vulnerability. Your computer may be well-secured with the latest software patches, but what about the toaster? Or the washing machine? Or the refrigerator? Every device connected to the network can potentially be used to get access to every other device on the network if it is compromised.
New Business Models
The “Internet of Things” offers all sorts of interesting possibilities, from virtually checking your fridge through your phone while at the grocery store all the way to integration with smart city grids. There’s one huge stumbling block to success, however.
Most of these devices offer little threat if someone takes control of them. The primary issue is the fact that their internal computing ability is enough to make requests of websites, an ability that an attacker can use maliciously. For example, in the October attack, a “botnet” made up mostly of unsecured “smart devices” was used to simply flood one of the backbones of the internet with junk traffic, keeping legitimate traffic from accessing the sites hosted there.
Many smart devices are currently shipping with either no password protection whatsoever or a default password that cannot be changed. When users are able to set their own passwords, they sometimes don’t take these devices as seriously as they do computers, picking a very simple and weak password that is easy for a “brute force” hacking attack to crack by simply trying entries from a password list over and over.
None of this should drive anyone away from using the Internet of Things when it is beneficial to them, but it is important to both keep these security concerns in mind and to screen new devices carefully for potential vulnerability. Ultimately, consumers who choose to partake of these “smart devices” will need to demand that manufacturers have taken proper security measures, and to vote with their dollars when manufacturers take shortcuts that can potentially leave their data and local networks exposed. Manufacturers of these devices should take this as a warning to begin implementing much stronger IOT Security settings, as should end users to take anything connected to the internet more seriously. Contact Us! about IOT Security.