The Internet of Things (aka IoT) is probably the hottest trend in the IT world at the moment, with many business leaders looking to the total digital integration of end devices of all kinds as a source of new opportunities. And with good reason. The experts at McKinsey estimate that the Internet of Things will to add up to $11.1 trillion per year to the global economy by 2025. But what about security?
Lea Toms, Regional Marketing Manager at Globalsign, warns of giant mega-networks of IoT sensors that are liable to exploitation by criminals as botnets – or "Thingbots," as she terms them – for such nefarious purposes as crippling critical infrastructure or spreading malware. "The more momentum the Internet of Things gains, the more devices and things are at risk of becoming part of a Thingbot," she says.
Toms cites several examples of Thingbot attacks. As long ago as May 2013, she says, a group of security experts at Cylance succeeded in hacking into Google Australia’s building management system and gaining access to floorplans and alarm systems. In January 2014, household appliances were compromised on a grand scale during a cyberattack. And in May of that year, a Thingbot hijacked various routers, thermostats and dryers.
Networked household devices like printers, refrigerators and TVs, she says, are well known for their vulnerabilities. Worse still, "they have nowhere near the level of security that’s possible with smartphones and laptops." Her conclusion: as the number of these sorts of devices connected to the IoT increases, so too will the number of cyberattacks.
"That’s because many domestic IoT devices work by recognizing the behavior patterns of their owners," Toms explains. "An IoT heating system will only heat the house when the owner is at home, for example. All IoT devices either use or pass on certain kinds of information – information that is supposed to make the user’s life simpler or safer. But that same information is also a huge temptation." In other words, if security is inadequate, the information could fall into the hands of cyber criminals.
Lea Toms’s solution to this problem is PKI – Public Key Infrastructure. "PKI is based on standards that have been tested and proven over many years. It also has the flexibility to accommodate the changing requirements of use in the IoT. Specifically, PKI offers authentication, encryption and data integrity – the three fundamental safety measures you need for trust in the Internet of Things."
Concrete protection against cyber attacks can be found at the “ Business Security ” cluster at CeBIT 2016. Well-known exhibitors from the security sector will present their products and services in Hall 6. The IoT is a major focus of daily discussions held at the “ Business Security Forum ” and at the “CeBIT Security Plaza”. The “ Communications & IoT SOLUTIONS ” forum in Halle 13 and CeBIT Global Conferences in Hall 8 will also address the challenges, opportunities and security matters presented by the IoT.