8 · d e t e k t o r i n t e r n a t i o n a l
Business & Product News Every Day!
www.securityworldmarket.com
"Iot requires an entirely
different approach to security"
James Mc Hale, managing director at Memoori:
voice of the
security industry
The Genetec leader's rants about war,
espionage and treachery are certainly
worthy of a Hollywood tabloid.
There seems little doubt about it anymore; the
Internet of Things (IoT) age is upon us. Predictions
for IoT growth and adoption, from the world's big-
gest economic analysis agencies, range from huge to
incredibly huge. Yet we are still to agree on a suitable
formula to make the IoT secure from cyber attack,
and if this issue is not resolved soon, it could be too
late to avoid catastrophe.
By James McHale, Managing Director at Memoori
Bain calculates that by 2020 annual revenues could exceed $470B for the
IoT vendors selling the hardware, software and comprehensive solutions.
General Electric estimates investment in the Industrial Internet of Things
(IIoT) will top $60 trillion during the next 15 years. IHS forecasts that
the IoT market will grow from an installed base of 15.4 billion devices in
2015 to 30.7 billion devices in 2020 and 75.4 billion in 2025.
"As vendors scramble for their share of the market, they cut corners or
completely ignore cyber security, exposing the rest of us to identity theft,
internet downtime and privacy breaches. Some military cyber security ex-
perts believe that IoT botnets could be used as weapons, even triggering a
distributed denial-of-service (DDoS) arms race," says George Corser, As-
sistant Professor of Computer Science and Information Systems, Saginaw
Valley State University.
The competitive nature of the IoT market might be driving growth but
makes the cyber security situation much worse. With price sensitivity so
tight, cyber security considerations are often being neglected. The un-cy-
ber-security-educated consumer is trying to justify return on investment
from IoT devices with complex return characteristics, they are therefore
focused on getting the lowest price to functionality ratio. This leads ven-
dors to neglect security while striving for profit and market share.
"To add IoT to, say, utility meters, vending machines and smart-build-
ing sensors, the hardware must be as inexpensive as possible. That's typi-
cally achieved by putting just enough memory and processing power into
the IoT module for it to perform its tasks, with little or no resources left
to support traditional cyber security tools such as anti-malware software,"
explains Corser.
It is situations like this that have and will create some of the biggest and
most dangerous cyber attacks in history, and these attacks not only affect
the consumers and vendors at fault, they can affect anyone or everyone.
In October 2016, hijacked IoT devices were used to bombard the DNS
service Dyn with requests that ultimately brought the service down,
Security News Every Day
www. securityworldmarket.com
along with its clients, Twitter, Spo-
tify, and Reddit among others.
"In a relatively short time we've
taken a system built to resist de-
struction by nuclear weapons and
made it vulnerable to toasters,"
tweeted Jeff Jarmoc, head of se-
curity for global business service
Salesforce, referring to seemingly
insignificant connected devices
bringing down the internet.
With up-to-date security patches
we can be much safer, but again,
this is being neglected. Firstly we
can't depend on the un-cyber-
security-educated consumer to upgrade their firmware; these are building
or car owners who never had to think about cyber security for this kind
of physical asset.
Secondly, the vendors are new to this too. "The people who bring con-
nected children's toys to market are the same people who bring normal
children's toys to market. They are not taking the dangers of connectiv-
ity into account, in fact they don't even know what questions to ask,"
Kaspersky's David Emm told Memoori in an interview in June.
Thirdly, the low-cost requirement of the IoT means slim profit mar-
gins, hence little financial incentive for vendors to continue developing
patches years after they sold the device. "Cars and utility meters are two
examples of products that typically remain in use for at least a decade.
How many of their IoT modules will be orphaned as their vendors stop
supporting them, go out of business or are acquired?" asks Corser.
Take humans out of the equation, in fully automated systems that in-
clude automatic updates and you remove a layer of defence, as a human
at the wheel could notice when things aren't as they should be. While
ensuring a human layer opens us up to human error or unexpected at-
tack vectors. The fact that PINs and passwords can be derived from the
minute hand movements of someone wearing a fitness tracker wristband
while typing, demonstrates the scale of the cyber security problem.
"IoT requires a different approach to security. That's why the IEEE
Internet Initiative recently published a white paper with a set of best
practices that anyone can use to improve the security of IoT applications.
Available as a free download from the IEEE Internet Initiative, these best
practices are applicable to any IoT application, regardless of the industry
or whether it's autonomous.
James Mc Hale, managing
director at Memoori.
The new DV2.2x4.1SR4A-SA2L from Fujifilm
Advanced optical performance to capture security footage at the high
resolution of 4K. Finest details during day and night thanks to the incor-
porated Day/Night technology. Scan for more or visit www.fujifilm.eu/fujinon
Fujinon. To see more is to know more.
Fujinons' first 4K Vari Focal lens
A new dimension of Security:
140082_210x297_4K_GB.indd 1
14.10.14 15:42
Det INT 3_17.indd 8
2017-09-07 15:55