People Innovation Excellence

6 Reasons Why IoT Security Is Terrible

The Internet of Things bears little resemblance to traditional IT systems—and that makes it harder to protect

Connecting physical infrastructure to the Internet makes systems vulnerable to new security threats. What keeps executives awake at night varies by industry, but cybersecurity problems are worsening everywhere.

Security officers in manufacturing worry about employees inserting infected USB drives into machines, while hospital administrators fear that malware will wipe out an unpatched MRI machine, or that a hacker will direct an infusion pump to administer a lethal dose of medicine.

Josh Corman, chief security officer at PTC, a computer software firm based in Massachusetts, has codified six reasons why security for the Internet of Things (IoT) is different from—and more difficult to tackle than—traditional IT security.

The first is that the consequences of failure are more dire. We’ve raised the stakes by connecting more physical systems and facilities to wireless networks. When cars or infusion pumps are hacked, people can die.

Which brings us to Corman’s second reason that IoT security is a special challenge: The adversaries are unlike any we’ve seen before. No longer are they lone hackers trying to make money or cause mischief. Today’s adversaries are nation states hacking systems in an all-out cyberwar.

Stuxnet, the virus that brought down Iranian centrifuges in 2010, may be the earliest example. Then in August 2017, a Saudi chemical plant was hit by a hack designed to cause an explosion and disrupt petrochemical manufacturing. Experts believe the attack was state sponsored and intended to send a political message.

Two more of Corman’s reasons come from timing and economics. When a firm buys a traditional IT system, it can count on the software company’s support for a set amount of time. Only in the last few months have some chipmakers and software vendors offered 7- and 10-year support for IoT products. Some still don’t provide any specified support contracts, or they limit the term to 2 or 3 years.

In some cases, that’s because the economics don’t yet make sense. A connected product that generates a small profit may require years of updates, patches, and security evaluations. In the future, the cost of goods sold may need to include annual security updates and patches.

Corman’s fifth reason has to do with the scary reality that many connected devices are built with software, hardware, and firmware that are created by different companies and pieced together at the end. It takes only one weak link to create a vulnerability, so if the company that created the telematics system for a car doesn’t update its software, the entire car becomes vulnerable. The IT world has a similar challenge, but through years of working together, manufacturers have agreed on systems to keep everything patched. [READ MORE]

Published at :
Leave Your Footprint

    Periksa Browser Anda

    Check Your Browser

    Situs ini tidak lagi mendukung penggunaan browser dengan teknologi tertinggal.

    Apabila Anda melihat pesan ini, berarti Anda masih menggunakan browser Internet Explorer seri 8 / 7 / 6 / ...

    Sebagai informasi, browser yang anda gunakan ini tidaklah aman dan tidak dapat menampilkan teknologi CSS terakhir yang dapat membuat sebuah situs tampil lebih baik. Bahkan Microsoft sebagai pembuatnya, telah merekomendasikan agar menggunakan browser yang lebih modern.

    Untuk tampilan yang lebih baik, gunakan salah satu browser berikut. Download dan Install, seluruhnya gratis untuk digunakan.

    We're Moving Forward.

    This Site Is No Longer Supporting Out-of Date Browser.

    If you are viewing this message, it means that you are currently using Internet Explorer 8 / 7 / 6 / below to access this site. FYI, it is unsafe and unable to render the latest CSS improvements. Even Microsoft, its creator, wants you to install more modern browser.

    Best viewed with one of these browser instead. It is totally free.

    1. Google Chrome
    2. Mozilla Firefox
    3. Opera
    4. Internet Explorer 9