Tools to tighten the Internet of Things
The Internet of Things (IoT) is coming, and there’s no doubting its potential. Government IT managers don’t care that your fridge can tell your smartphone what you need to buy next, but they do appreciate that advances in connectivity and data collection will enable major improvements to services that government provides citizens.
Those improvements will come from linking the embedded computing systems that drive much of the country’s infrastructure and that outnumber the more familiar servers, PCs and laptops many times over. With the IoT, systems will become even more numerous and capable, and that’s one of the key factors in the growth of Smart Cities. But it poses a massive security problem.
Market researcher International Data Corp. sees strong growth for the IoT in a number of areas over the next few years, including government. It projects a 7.2 percent compound annual growth rate in environmental monitoring and detection through 2018, for example, and 6.3 percent CAGR for public infrastructure assets management.
Other large growth areas are public safety, emergency response and public transit.
“For IT, typical drivers for this growth are cost and time savings,” said Scott Tiazkun, senior research analyst for IDC’s Global Technology and Industry Research organization. “There’s the convenience factor in having all of these sensors in many places that automatically send data back versus having to send a person out to do a reading, which also decreases the chance for errors.”
Typically, however, these kinds of embedded systems have been built with cost and performance in mind and not security. Now that they are also becoming more interconnected, that vulnerability has become increasingly attractive to attackers looking for protected information or who want to disrupt public services.
The Department of Homeland Security says many of the public infrastructure sites that have recently been successfully attacked were insufficiently protected, and at times administrators weren’t even aware they needed to be secured.
Some parts of the government are keenly aware of potential security problems. Embedded computer systems play a part in just about every area of military technology, for example, and the Defense Advanced Research Projects Agency started its High Assurance Cyber Military Systems program in 2012 specifically to create technology for embedded systems “that are functionally correct and satisfy appropriate safety and security properties.”
Fortunately, it seems the security industry has begun to take notice of the needs of the IoT, though it’s debatable how far traditional IT security systems and techniques can be made to work for embedded systems. But tools specifically aimed at this market are being developed and some are already out.
Computer scientists at the University of California, San Diego, have developed a tool that allows hardware designers and system builders to test for security as they build their devices, for example. It tracks a system’s security-specific properties and makes sure they stay secure. It also detects problems in non-critical subsystems that can affect other, more critical ones.
On the software side, Real-Time Innovations has introduced what it claims is the first secure messaging software for critical industrial systems. Its machine-to-machine communication doesn’t need the centralized brokers or system administrators required by traditional IT security, which ensures the low communication latencies needed by such systems.
These tools, and others like them, will be needed. Embedded system security is still an unknown territory for many government organizations. As the IoT becomes a reality, that could put a lot of public systems and infrastructure at risk.
Posted by Brian Robinson on Jun 20, 2014 at 10:57 AM