“Companies are investing heavily in drones, planning to use them for anything from remote monitoring of assets to the delivery of products to end users, Howe told iTWire in an interview.
"Like driverless cars, smart grids, and smart homes that can be remotely controlled, IoT is an increasingly attractive target for criminals who could use them to create damage and disruption.”
Howe said the first groups which would attack IoT devices and infrastructure were organised crime groups that operate globally and have become highly skilled in cyber crime. They have attacked everything from Bank ATM networks and company IT systems to retail and government systems. The motivation was financial gain.
|
Howe said the second was state attacks — foreign governments — intent on gaining a political or economic advantage. "There have been instances of government-sponsored attacks that have targeted vital infrastructure in other countries and this is likely to increase as IoT infrastructures grow. The motivation is knowledge and therefore power."
And, he said the third was terrorist groups. These are an emerging threat, but were seeking ways to exploit vulnerabilities and cause disruption, panic and loss of life.
Howe said IoT represented a huge potential attack surface for cyber criminals, because of the vast number of connected devices and because many were developed with little attention paid to security.
"Many connected devices are small and basic that means they don't have a lot of extra processing capacity or network bandwidth resources. They simply cannot support sophisticated security software on the device as is the case with computers or mobile handsets. Add the fact that they are spread across large areas with little hope of physical management and things become even trickier," he said.
But he pointed out that while these factors may make the IoT security challenge seem impossible, one should realise that these devices were still just computers. They lacked the capabilities of PCs but still had an operating system, a user interface and a network connection.
"The devices also produce streams of data, which can be particularly useful when trying to improve their security. There is significant potential to extract this data, analyse it remotely, and use the results to detect anomalous activity," Howe said.
"The techniques used here can be like those used in other areas of IT security. These include log management, networking monitoring, forensics and endpoint monitoring, all of which are valid in an IoT world."
Howe said achieving effective IoT security meant connecting many security tools and streamlining and automating their function. This approach, dubbed Security Automation and Orchestration (SAO), ensures security can be scaled to cover hundreds of millions or even billions of connected devices.
"Rather than trying to install agents on every device, an SAO approach can allow traffic from each to be analysed automatically by tools. If there is any activity that deviates from an established baseline — let’s call it 'known good' — an alarm can be triggered that leads to further investigation by a human," he said.
"A standardised approach like this allows more efficient collaboration between teams and even different organisations. Details of threats identified in one area can be quickly shared with others to assist them with enhanced security."
Howe said that early detection and neutralisation of threats was critical to ensure security was maintained within IoT infrastructures. Organisations needed to ensure they could quickly respond to threats before damage or losses occurred.
"By taking a structured and thorough approach to security now, organisations can be confident their usage of IoT can deliver significant business benefits without causing any new potential areas for cyber criminals to target in the future," he said.