January 18th news, according to "Connected" magazine reported that the Internet of Things is coming, but many IT executives are worried about hiding the network security issues. Or more accurately, they have chosen to resign. In a study of 553 IT decision makers in May, 78% said they thought their company was likely to suffer data loss or theft of IoT devices. About 72% said the speed of the Internet of Things has made it difficult to keep up with changing security requirements.
This concern stems from reality. In October last year, hackers used about 100,000 "malicious endpoints" of IoT devices to attack companies that control most of the Internet's domain name system infrastructure. Recently, the malware WannaCry attack has paralyzed many banks' ATM networks. For IoT opponents, these attacks confirm their fear that hackers can create chaos by hijacking our IoT devices.
At the same time, the Internet of Things industry continues to grow steadily. Market research firm Gartner predicts that by 2020, there will be approximately 21 billion IoT devices, compared to just 5 billion in 2015. About 8 billion of them will be industrial products, not consumer devices. Both types of devices provide attractive targets for hackers.
Chris Moyer, CTO of DXC and vice president of network security, said: "The reason why the industry has not given up on the Internet of Things is that its value is very high, but its risk is also high, which is where the balance lies. Regardless of the appetite of the industry, the scale of the Internet of Things is unlikely to expand until the industry solves security problems. This will require cooperation between suppliers, government intervention and standardization. In 2017, these things seem to have no solution.
What are the security issues with the Internet of Things?The current consensus is that the Internet of Things is still under-protected and can pose catastrophic security risks because companies believe that IoT devices can be used for business, operational, and security decisions. Existing standards are not in place and vendors are constantly striving to embed the right level of intelligence and management into their products. As collaboration between attackers becomes more intense, these challenges need to be addressed in multiple dimensions. Here are the security challenges that IoT devices face:
1) Unlike PCs or smartphones, IoT devices often lack processing power and memory. This means they lack powerful security solutions and encryption protocols that often protect them from attack threats.
2) Because these devices are connected to the Internet, they are threatened every day. The search engine for IoT devices also provides hackers with access to web cameras, routers, and security systems.
3) Security has never been considered in the design or development phase of many networked devices.
4) Not only is the IoT device itself lacking security capabilities, but many of the networks and protocols that connect to them do not have a strong end-to-end encryption mechanism.
5) Many IoT devices require manual intervention to upgrade, while other devices cannot be upgraded at all. Moyer said: "Some of these devices are built very quickly, and their design thinking is limited to the first iteration, and some are even non-upgradeable."
6) IoT devices are a “weak link†that allows hackers to penetrate into IT systems. This is especially worrying if the device is connected to the entire network.
7) Many IoT devices have default passwords that hackers can find online. Given this fact, Mirai distributed denial of service attacks are possible.
8) These devices may have “backdoors†that also provide opportunities for hackers.
9) The security costs of IoT devices may offset their financial value. Internet hardware security expert Beau Woods said: "When you have a 2 cent component and you need to spend $1 on it to maintain security, you break the business model."
10) These devices also generate a lot of data. Kieran McCorry, director of technology projects at DXC, said: "You don't just have to deal with 21 billion Internet devices, but you also have to deal with the huge amounts of data generated by them. These data are almost orders of magnitude and far. Exceeding the amount generated by these devices. This is a huge data processing problem."
With these deficiencies in mind, companies can protect them by observing IoT security best practices. However, if compliance is not 100% (which is impossible), then an attack will inevitably occur, causing the industry to lose confidence in the Internet of Things. This is why security standards are imperative.
Who will set the safety standards?Various IoT devices have been regulated by various government agencies. For example, the Federal Aviation Administration (FAA) regulates drones and the National Highway Traffic Safety Administration (NHTSA) regulates unmanned vehicles. The US Department of Homeland Security is actively participating in the Smart City initiative based on the Internet of Things, and the FDA is also monitoring the IoT medical devices.
But at present, no government agency is responsible for supervising IoT devices used in smart factories or smart homes. In 2015, the Federal Trade Commission (FTC) published a report on the Internet of Things, including recommendations for best practices. In early 2017, the FTC also released a challenge to the public, creating a “tool to fix security vulnerabilities caused by outdated software in IoT devices†and offering the winner a $25,000 bonus.
Moyer said that although the government will regulate certain aspects of the Internet of Things, he believes that only the industry can create its own standards. He envisioned two ways to develop such a standard: first, buyers introduced standards and refused to buy products that did not support the standard; second, one or two major players used their market dominance to set a de facto standard. Moyelle said: "I don't think the latter situation will happen. There is no such dominant player yet."
There are several standards in this industry, not one or two standards, and it seems that no standard is gradually gaining a dominant position. These standards include vendor-based standards and standards proposed by the Internet of Things Security Foundation, IEEE, Trusted CompuTIng Group, the Internet of Things World Alliance, and the Industrial Internet Society Security Working Group. All of these organizations are researching standards, protocols, and best practices for creating a secure IoT environment.
Moyer said that the final change in the market will be buyers, they will begin to ask for standards. He explained: "There are many reasons for the development of standards, some of which are required for regulation, but many because buyers think this is important to them."
Due to the lack of standards, Woods saw several ways to improve the security of the Internet of Things: one is the transparency of the business model. Woods said: "If you buy 1000 cars, you can do 'air update', while other cars need to be manually updated, it may take 7 months. This is a different risk calculation."
Another solution is to require manufacturers to take responsibility for their equipment. Woods said that the current situation of hardware devices is like this, but it is not clear who will be responsible for software failure.
Does AI act as a savior?In this case, an unknown factor is artificial intelligence (AI). Proponents believe that machine learning can find general usage patterns and alert the system when anomalies occur. For example, BitDefender looks at cloud server data from all endpoints and uses machine learning to identify anomalies or malicious behavior. Just as a credit card system may mark a behavior of showing off $1,000 abroad as suspicious, machine learning systems may recognize unusual behavior through sensors or smart devices. Since IoT devices are functionally limited, it is relatively easy to find these anomalies. Since the safety of using machine learning is still new, advocates of this approach advocate the use of security systems that include human intervention.
The real solution: combine everything
While AI's role in protecting IoT security may be larger than originally envisioned, the integrated IoT solution will include all of these things, such as government regulation, standards, and AI. While the industry has the ability to create such a solution, the problem is that it needs to be done very quickly. Currently, the latter is winning in the competition between IoT security and the popularity of the Internet of Things.
So what can the company do now? Moyer has some suggestions for this:
1) Take an integrated approach. This is the better the solution, Moyer said, companies using IoT should integrate management solutions, bring the IoT platform into the main connection and data movement, and import this data into a more complex analysis environment. , perform automated behavioral analysis on them. He said: "By integrating these components, you can be more confident that the information you get in the IoT environment is statistically valid."
2) Choose the right IoT device. These devices have a strong ecosystem and a range of partners that share information publicly.
3) Use IoT gateways and edge devices. To enhance overall security, many companies use IoT gateways and edge devices to isolate unsecured devices and the Internet and provide a layer of protection between them.
4) Participate in the development of standards. At the macro level, the best thing you can do is to ensure long-lived IoT security, which involves setting standards in your specific industry and the entire technology industry.
EKG Cables,Medical Cable Assembly,ECG/EKG Cables & Accessories,Welch Allyn ECG Cable
Dong guan Sum Wai Electronic Co,. Ltd. , https://www.sw-cables.com