CyberEye

Blog archive
Wrenches and bolts to tighten security for the Internet of Things

Tools to tighten the Internet of Things

The Internet of Things (IoT) is coming, and there’s no doubting its potential. Government IT managers don’t care that your fridge can tell your smartphone what you need to buy next, but they do appreciate that advances in connectivity and data collection will enable major improvements to services that government provides citizens.

Those improvements will come from linking the embedded computing systems that drive much of the country’s infrastructure and that outnumber the more familiar servers, PCs and laptops many times over. With the IoT, systems will become even more numerous and capable, and that’s one of the key factors in the growth of Smart Cities. But it poses a massive security problem.

Market researcher International Data Corp. sees strong growth for the IoT in a number of areas over the next few years, including government. It projects a 7.2 percent compound annual growth rate in environmental monitoring and detection through 2018, for example, and 6.3 percent CAGR for public infrastructure assets management.

Other large growth areas are public safety, emergency response and public transit.

“For IT, typical drivers for this growth are cost and time savings,” said Scott Tiazkun, senior research analyst for IDC’s Global Technology and Industry Research organization. “There’s the convenience factor in having all of these sensors in many places that automatically send data back versus having to send a person out to do a reading, which also decreases the chance for errors.”

Typically, however, these kinds of embedded systems have been built with cost and performance in mind and not security. Now that they are also becoming more interconnected, that vulnerability has become increasingly attractive to attackers looking for protected information or who want to disrupt public services.

The Department of Homeland Security says many of the public infrastructure sites that have recently been successfully attacked were insufficiently protected, and at times administrators weren’t even aware they needed to be secured.

Some parts of the government are keenly aware of potential security problems. Embedded computer systems play a part in just about every area of military technology, for example, and the Defense Advanced Research Projects Agency started its High Assurance Cyber Military Systems program in 2012 specifically to create technology for embedded systems “that are functionally correct and satisfy appropriate safety and security properties.”

Fortunately, it seems the security industry has begun to take notice of the needs of the IoT, though it’s debatable how far traditional IT security systems and techniques can be made to work for embedded systems. But tools specifically aimed at this market are being developed and some are already out.

Computer scientists at the University of California, San Diego, have developed a tool that allows hardware designers and system builders to test for security as they build their devices, for example. It tracks a system’s security-specific properties and makes sure they stay secure. It also detects problems in non-critical subsystems that can affect other, more critical ones.

On the software side, Real-Time Innovations has introduced what it claims is the first secure messaging software for critical industrial systems. Its machine-to-machine communication doesn’t need the centralized brokers or system administrators required by traditional IT security, which ensures the low communication latencies needed by such systems.

These tools, and others like them, will be needed. Embedded system security is still an unknown territory for many government organizations. As the IoT becomes a reality, that could put a lot of public systems and infrastructure at risk.

Posted by Brian Robinson on Jun 20, 2014 at 10:57 AM


Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.