Right now, there are roughly 26 billion connected IoT devices for around 7.7 billion people on the planet. That’s the equivalent of more than 3 devices per person; phone, tablet, virtual digital assistant. This number looks set to rise exponentially in the coming years. The UK Government are certainly taking no precautions with the potential cyber security risks this may cause. Here we look at this phenomenon and the CRIBB IoT efforts we’re putting in motion.
Before we start looking into legislation, let’s take a step back to explore IoT in simple yet plain terms. We do this in the company of CRIBB Cyber Security’s very own Patrick Carolan:
Patrick, what is Internet of things in simple words?
It’s basically a network of objects or devices that are connected by the internet and able to gather and exchange data. An even simpler description would be that there are things out there detecting data and then collecting it. They then send it to the internet.
Who invented IoT?
The term was originally used by MIT’s Kevin Ashton in a presentation to P&G in 1999. He co-founded the Auto-ID Lab and pioneered the use of RFID in supply-chain management.
What are the benefits of IoT?
The main benefits I think would be a greater level of efficiency and more time saved. M2M communication, communication between devices, leads to the automation of daily tasks. That frees people up to focus on other things.
What are examples of the Internet of things?
Apart from the more obvious choices such as your mobile phone, there are now security systems that are connected. We also have thermostats which can learn, electronic appliances such as smart televisions, smart speakers and more. This year is expected to see more people purchasing the Amazon Echo Plus voice controller. This enables them to listen to music playlists, request information and check the weather (for example). Doorbell Cams are also growing in popularity, along with learning Thermostat Temperature Controls. People like to see who is at their front door when they aren’t around. They also like entering a warm house when they get home from work!
What effect is IoT having on Cyber Security?
The UK Government are taking steps to offer more protection to millions of IoT users across the UK. There is new legislation from the DCMS and the NCSC. A new law is being introduced to enforce accountability in companies who are actively manufacturing and selling devices connected to the internet. Security standards are now going to be built into devices at the design stage. This is a direct example of security by design, so you can definitely see how IoT is starting to have an impact on cyber security.
Any words in closing, Patrick?
Whilst these new security developments are a good step, I do think it is important to note the relative lack of security with IoT devices. For example, most unsecure IoT devices are publicly viewable on website applications such as Shodan Search Engine. The biggest challenges to be faced with IoT are insufficient testing and updating. There is also brute-forcing and the issue of default passwords, IoT-related malware and ransomware, data security and privacy concerns. Small IoT attacks that evade detection need to be considered too. Then you have AI and automation, home invasions, remote vehicle hijacking plus hijacked devices being used to send Spam emails or being conscripted into Botnets.
Security by design
Will the new security developments you mentioned before deal with all of these do you think?
We will see but the security by design approach is already a very positive step in my opinion. There is every chance that a lot of these challenges will be tackled as a result of the new devices being much more robust from the outset. It’s difficult to predict because cyber-attacks are becoming ever more ingenious. Cyber-attackers are growing in number and ability, but as long as pro-active actions are in place and legislations are enforcing accountability, I think we’re in a good position! For CRIBB, IoT is definitely a huge consideration whenever we’re working with clients. We’re taking steps to achieve IoT secure compliance as well, as part of our certifications services.
P&G – Proctor & Gamble
RFID – Radio-frequency identification; this uses electromagnetic fields to automatically identify and track tags that are attached to objects
M2M – Machine-to-Machine
DCMS – The Department for Digital, Culture, Media and Sport
NCSC – The National Cyber Security Centre
Shodan Search Engine – A search engine that allows users to find specific types of computers such as servers, routers and webcams that are connected to the internet via filters
Botnets – A number of Internet-connected devices that is running one or more bots. These can be used to steal data and send spam, also giving attackers access to a device and its connection
If you are interested in IoT or would like some advice on how cyber resilient your current set-up is, then CRIBB Cyber Security’s experts can help; contact us today to find out more…