Within this year, we would see hundreds of billions of devices expected to be connected to internet connecting our lives, homes, commute, shopping, transportations etc. etc. All of these, whether call it Internet of Things or Internet of Everything, will be potentially putting everything about us and everything of us on internet. When Facebook connected went beyond connecting friends but also putting all about us online to be learnt, profiled and targeted, it of course became huge privacy concern for all of us. But IoT goes much beyond, it is no more informational, but if hacked, can be controlled.
There are three main issues: First, any devices connected to
First, any devices connected to internet, would potentially be monitored. If you are putting cameras in all the rooms so that you can monitor your teenager or intruder remotely from your office, the same cameras can be potentially monitored by hackers, and if you are unlucky, then by anti-social people including thieves and terrorists.
Second, the devices can be subjected to Denial of Service attack hence they would not perform as expected.
Third, more dangerous, is they can be controlled. Once, their control plane is hacked in, the devices can be controlled. Whether your self driving car, or your home entrance door or oven, if they can be controlled by you, they can be controlled by others too. Wouldn’t it be scary.
Of course, traditional security measures are getting appropriated for devices, their OS, communication etc. Multi-level, authentications, authorizations followed with encryptions, key and secrets managements are getting in from devices, to OS, to transports to controls.
This need spurring a lot of initiatives along with partnerships, at the RSA Conference last week in San Francisco, Intel partnered with Intercede, UK-based digital identity and credentials expert. To protect the transfer of data between devices and cloud and web servers, Symantec is partnering with Cryptosoft. Symantec claims have already embedded security in over one billion devices. For protecting ‘connected Car’, WISeKey, a Swiss cyber security company, and bright box announced an alliance to protect connected cars.