Those of you who are ISACA OC Chapter veterans might already know me. Those of you who are not, I have been a Chapter affiliate for over 30 years! I have served on the Executive Board and most recently as the immediate past Web Master. Those who are currently serving on the Board were reluctant to allow me to fade into obscurity, so they invited me to start a Blog. A Blog… my first question was what do I Blog about? Obviously, I should write about something that is related to IT Security & Control that might be of interest. So…Here we go!
Security and the Internet of Things (IoT)
I recently read a White Paper (https://storyscape.industryweek.com/sas-iot-ecosystem) that refers to the Three Layers of an IoT Ecosystem.
Data Collection Layer:
Where information is gathered.
Networking and Security Layer:
The physical network where data is aggregated and transmitted. Security is typically applied across this layer.
Where analytics engines extract actionable information.
I was specifically interested in the Networking and Security Layer. There are a number of critical issues that hamper the adoption of IoT. Industry Week (February 2018) provided the following:
Factors Limiting Faster Adoption of the IoT
Fragmentation of IoT offerings – What IoT offerings should an organization focus on. Should all of their IoT offerings complement each other?
Interoperability between legacy and new systems – Can legacy systems and new systems be integrated with each other? Do IoT offerings rely/interact with both?
Inconsistent communication protocol standards – There will be a number of communication protocols for which standards will need to be defined and adopted. Which protocols/standards should be considered?
Lack of open standards – A common core of open standards are the building blocks of the IoT. What open standards are in place in the IoT ecosystem which I plan to be part of?
Interoperability between equipment and devices – As noted above, there three layers of an IoT Ecosystem. Each of these layers must be supported by systems that will utilize various pieces of equipment and devices. It is important that these devices operate with each other as seamlessly as possible.
Inability to build a business case for the IoT – The adoption of IoT may not be an obvious advantage across all industries. Currently, it appears that the adoption of an IoT is more common among larger organizations. However, since the speed of technology waits for no one, it’s just a matter of time before the IoT becomes more common place.
So, in general, like all emerging technologies, there seem to be endless possibilities. However, as IoT ecosystems are implemented, the need to find common standards and architectures that will facilitate the integration of IoT.
IoT and Me
Recently, when watching the news (non- COVID TV for a change), There was a story of an automobile accident involving a Tesla. Coincidentally, this was one of those video-magazine shows that discussed the on-board computers installed on Tesla vehicles. As you probably already know, these computers not only provide a status report on the core automobile features, but they are also capable of providing auto-pilot functionality. Although this is a really amazing feature, I wonder about how secure these features are from external interference. What measures has Tesla taken to secure the integrity of its onboard computer system from malicious activity such as malware, potential hackers, in addition to guaranteeing the confidentiality of the data collected related to the user’s driving habits, location, etc.?
As end users should we be doing something to protect the systems in our IoT devices? Can a hacker crash a Tesla? This made me think even more about the other IoT “things” we have among us. Should we be more concerned about Siri and Alexa? What about our new home security systems, refrigerators and washing machines that we can query and manage from our Smart Phones?[GN1]
The only thing constant is change, hype cycles (from Gartner – the maturity, adoption, and social application of specific technologies) like the cloud, IoT are here to stay and will change our lives as we know it. As security professionals, we should embrace this new normal and ensure we are prepared to secure it appropriate and protect the peta bytes of data that these devices process every day.
Well, that’s it for now! Thanks to Victor Monga and Nemi George for their valuable input. I am open to any comments or suggestions that you might have. You may reach me at [email protected]. I hope that this Holiday Season brings you hope and happiness. Stay safe!
Jennifer F Alfafara