Monday, September 21, 2015

FBI publishes examples of IoT risks

Tick-tock, tick-tock... with every passing day we're getting closer to those 50 billion devices that Cisco estimates will be connected to the Internet by 2020. In anticipation, security conversations around the Internet of Things (IoT) are heating up.


At the September Gartner Security and Risk Management Summit, analysts said that companies need to consider a holistic view of their digital business. This is a risk-driven practice of ensuring that current security risk practices not only protect digital assets, but that the relationships between these assets can be trusted.
“The IoT now penetrates to the edge of the physical world and brings an important new ‘physical’ element to security concerns. This is especially true as billions of things begin transporting data,” said Ganesh Ramamoorthy, research vice president at Gartner. “The IoT redefines security by expanding the scope of responsibility into new platforms, services and directions. Moving forward, enterprises should consider reshaping IT or cybersecurity strategies to incorporate known digital business goals and seek participation in digital business strategy and planning.”
Part of the power of IoT devices, is the ability to change the state of the environment around them, bringing IT into new territory. Examples could be a sensor that raises room temperature if it passes a threshold or a medical device that dispenses medication to a patient in a hospital bed based on data it collects combined with medical records.

This has the FBI concerned too. The Bureau's Internet Crime Complaint Center (IC3) warns that IoT devices can lack security and patching capabilities, leading to higher risk when linked to larger public networks.

"Criminals can use these opportunities to remotely facilitate attacks on other systems, send malicious and spam e-mails, steal personal information, or interfere with physical safety," the IC3 notice says.

The FBI goes on to list examples of attacks ranging from streaming your security camera and baby monitor video feed live on the Internet to taking over home automation devices and malicious email sent from more than your laptop -- using home routers connected to TVs and appliances with network connections. The really scary examples deal with the medical devices and physical infrastructure like monitors on gas pumps that could create a situation where tanks are overfilled creating a fire hazard.

Uplogix isn't going to protect your Wi-Fi-enabled toaster from spamming your gas pump, but as more and more devices connect, the exponential expansion of end nodes will break the underlying infrastructure (technically and from a financial perspective) without similarly exponential improvement in managing network infrastructure.

Uplogix will help enable the IoT revolution in two key areas:
  • Scaling management of network infrastructure | Combining continuous monitoring with automated diagnosis and recovery increases uptime. Uplogix speeds deployment, saves truck rolls and allows administrators to implement mass config changes efficiently. 
  • Secure administration of remote devices | Ensuring authorized and audited access at all times.
For more information, check out the Uplogix Solution Brief on Preparing your network infrastructure for the Internet of Things.