Machine learning and analytics can spot anomalies in network traffic indicating a compromised device.
Internet of things technology was deployed in the Department of Defense long before IoT became a buzzword. But outdated technology stays in the field longer than might be desired, according to Charles Wells, who works on DOD projects at Symantec.
Recent events, namely the Mirai botnet attack, have increased the urgency for securing devices that are connected to the internet, which typically means patching or updating software. But there are too many IoT devices in DOD to make that practical.
“We’ve got a proliferation of sensors on the battlefield today,” Wells told the audience at a May 9 IoT Tech Summit hosted by the Washington, D.C., Chapter of Armed Forces Communications and Electronics Association. “In the last several years our sensor surge in Afghanistan has basically quadrupled the aerial collection that we’ve done.”
“I might have a device that was built by a manufacturer four years ago that’s being used in Afghanistan right now. And I know that hardware, when it was built, wasn’t secure,” he said. “How can I go out to 200-300 IoT devices across the battlefield and touch each one of those and upgrade those? That’s a huge challenge.”
The answer potentially lies with analytics and machine learning tools that can monitor a network, get a sense of what “normal” traffic looks like and provide alerts for any traffic that could be the result of an intrusion. The system could then improve as time goes on and as humans help it spot anomalies.
Others, however, say device security is “antiquated.”
”I would argue a slightly different point, and that’s that device security isn’t that important any more,” Cognitio CEO Roger Hockenberry said while speaking on the same panel.
Data accuracy is often discussed in connection to IoT, he said, but it is usually related to device security. Information accuracy should be given more weight, he added.
“All devices can be compromised; in fact, they are every day," Hockenberry said. "What we have to focus on … is the veracity of data -- so whether I have a compromised device, or what I think is a safe device, can I actually trust the information that it’s presenting me?”
Even when endpoints and IP addresses are secured, they get compromised, he said, “The goal for us is to stop focusing on device security and start focusing on information security and information veracity.”
NEXT STORY: The open, efficient, machine-readable government