“You better start swimming or you’ll sink like a stone for the times they are a-changin’,” Bob Dylan famously sang in 1964. “The Times They Are a-Changin’,” has become one of Dylan’s most recognized and well-loved songs. In fact, Steve Jobs recited the second verse of the song during the 1984 annual Apple shareholder meeting where he unveiled the Macintosh computer for the first time.
People talk about change in technology so much that it’s almost cliché. But the accelerating rate of change is a reality that security professionals face every day. This is especially true when it comes to the Internet of Things (IoT), which introduces significant changes that will require security to adapt.
There is no way to know exactly what the final form of the IoT will be, but we do have some indicators from products that are “IoT aware.” Whatever form the IoT does take, our lives will be different because of it.
Because of the billions of scanners and devices connected to the IoT, the world around us will be aware of our presence, know who we are and react to us, often before we are even aware what’s happening. Almost every piece of technology will tailor its behavior to our specific needs and desires. We’re already seeing some of this tailored behavior with smart washing machines and refrigerators that notify your smartphone when your clothes are ready to dry and when you need to buy groceries.
The IoT won’t only affect household appliances or personal possessions, but also how we manage entire cities.
For example, Hamburg, Germany plans to become a connected “Smart City.” Pilot projects include a smart traffic system to control traffic flow, electronic kiosks that provide administrative services and a smartPORT containing millions of sensors that provide data and help move cargo efficiently. Hamburg’s smart city has pushed the IoT beyond the realms of washing machines and refrigerators.
These kinds of innovations could equal a leap forward in technological achievement and progress. But the more IoT is used in this way, the more important it will be to secure it. What processes and policies will be in place to keep all these “things” secure? How can security professionals make sure that attackers don’t gain control over something like Hamburg’s smart city?
IT security must adapt along with the IoT. Security professionals, already busy keeping up with the constantly changing IT environment, need an approach that’s scalable enough to manage the number of sensors and devices while still being able to identify when they are under attack or being misused.
Humans have the same challenge. How is it possible to tell if someone is doing something suspicious within an innocent crowd?
One example of how this might work is the “Las Vegas” model. Security personnel in Las Vegas casinos handle this challenge by looking for specific signals that indicate suspicious behavior, rather than trying to keep track of every individual in the building. This method intrudes less on patrons but works very well for sneaky Blackjack players and other suspicious individuals.
Now apply this same concept to the IoT. If we understand the identity of a device connected to the IoT, we understand how it should behave. We can then track even the subtlest behavior and respond when something unusual or suspicious happens.
The challenge is that with every device or product in the IoT, there must be a concept of identity surrounding it. Those identities will have to tell us what each device is, when it was created, how it should behave, what capabilities it has and so on. Among the competition for creating standards for the IoT is the United Kingdom’s HyperCat, which enables devices to figure out each other’s functions to see what kind of information they want to share. HyperCat and similar standards that focus on identity will give security professionals the information they need to help keep the IoT secure, thus keeping people that interact with products and services secure.
The title of another classic Bob Dylan song, “Like a Rolling Stone,” describes the current state of the IoT: little individual stones rolling at a momentum that will eventually result in a technology landslide.
The landslide will change how we interact with products, services and work tasks—potentially resulting in a highly customizable, convenient and efficient world. But we need to avoid being crushed by potential security threats of the IoT landslide. To keep everything connected to the IoT secure, IT decision makers must adopt an identity-driven approach, so attackers won’t have access to our possessions, homes or even cities.
Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment. It just worked for at least one person, and perhaps it will be useful for you too. Be sure to test in a non-production environment.