Smart Cities

“The Internet of Things Requires An Entirely Different Approach To Security”

There seems little doubt about it anymore; the Internet of Things (IoT) age is upon us. Predictions for IoT growth and adoption, from the world’s biggest economic analysis agencies, range from huge to incredibly huge. Yet we are still to agree on a suitable formula to make the IoT secure from cyber attack, and if this issue is not resolved soon, it could be too late to avoid catastrophe. Bain calculates that by 2020 annual revenues could exceed $470B for the IoT vendors selling the hardware, software and comprehensive solutions. General Electric estimates investment in the Industrial Internet of Things (IIoT) will top $60 trillion during the next 15 years. IHS forecasts that the IoT market will grow from an installed base of 15.4 billion devices in 2015 to 30.7 billion devices in 2020 and 75.4 billion in 2025. “As vendors scramble for their share of the market, they cut corners or completely ignore cyber […]

Stay ahead of the pack

with the latest independent smart building research and thought leadership.

Have an account? Login

Subscribe Now for just $200 per year per user (just $17 USD per month) for Access to Quality Independent Smart Building Research & Analysis!

What Exactly Do you Get?

  • Access to Website Articles and Notes. Unlimited Access to the Library of over 1,700 Articles Spanning 10 Years.
  • 10% discount on ALL Memoori Research reports for Subscribers! So if you only buy ONE report you will get your subscription fee back!
  • Industry-leading Analysis Every Week, Direct to your Inbox.
  • AND Cancel at any time
Subscribe Now

There seems little doubt about it anymore; the Internet of Things (IoT) age is upon us. Predictions for IoT growth and adoption, from the world’s biggest economic analysis agencies, range from huge to incredibly huge. Yet we are still to agree on a suitable formula to make the IoT secure from cyber attack, and if this issue is not resolved soon, it could be too late to avoid catastrophe.

Bain calculates that by 2020 annual revenues could exceed $470B for the IoT vendors selling the hardware, software and comprehensive solutions. General Electric estimates investment in the Industrial Internet of Things (IIoT) will top $60 trillion during the next 15 years. IHS forecasts that the IoT market will grow from an installed base of 15.4 billion devices in 2015 to 30.7 billion devices in 2020 and 75.4 billion in 2025.

“As vendors scramble for their share of the market, they cut corners or completely ignore cyber security, exposing the rest of us to identity theft, internet downtime and privacy breaches. Some military cyber security experts believe that IoT botnets could be used as weapons, even triggering a distributed denial-of-service (DDoS) arms race,” says George Corser, Assistant Professor of Computer Science and Information Systems, Saginaw Valley State University.

The competitive nature of the IoT market might be driving growth but makes the cyber security situation much worse. With price sensitivity so tight, cyber security considerations are often being neglected. The un-cyber-security-educated consumer is trying to justify return on investment from IoT devices with complex return characteristics, they are therefore focused on getting the lowest price to functionality ratio. This leads vendors to neglect security while striving for profit and market share.

“To add IoT to, say, utility meters, vending machines and smart-building sensors, the hardware must be as inexpensive as possible. That’s typically achieved by putting just enough memory and processing power into the IoT module for it to perform its tasks, with little or no resources left to support traditional cyber security tools such as anti-malware software,” explains Corser.

It is situations like this that have and will create some of the biggest and most dangerous cyber attacks in history, and these attacks not only affect the consumers and vendors at fault, they can affect anyone or everyone. In October 2016, hijacked IoT devices were used to bombard the DNS service Dyn with requests that ultimately brought the service down, along with its clients, Twitter, Spotify, and Reddit among others.

“In a relatively short time we’ve taken a system built to resist destruction by nuclear weapons and made it vulnerable to toasters,” tweeted Jeff Jarmoc, head of security for global business service Salesforce, referring to seemingly insignificant connected devices bringing down the internet.

With up-to-date security patches we can be much safer, but again, this is being neglected. Firstly we can’t depend on the un-cyber-security-educated consumer to upgrade their firmware; these are building or car owners who never had to think about cyber security for this kind of physical asset.

Secondly, the vendors are new to this too. “The people who bring connected children’s toy to market are the same people who bring normal children’s toys to market. They are not taking the dangers of connectivity into account, in fact they don’t even know what questions to ask,” Kaspersky’s David Emm told Memoori in an interview in June.

Thirdly, the low-cost requirement of the IoT means slim profit margins, hence little financial incentive for vendors to continue developing patches years after they sold the device. “Cars and utility meters are two examples of products that typically remain in use for at least a decade. How many of their IoT modules will be orphaned as their vendors stop supporting them, go out of business or are acquired?” asks Corser.

Take humans out of the equation, in fully automated systems that include automatic updates and you remove a layer of defence, as a human at the wheel could notice when things aren’t as they should be. While ensuring a human layer opens us up to human error or unexpected attack vectors. The fact that PINs and passwords can be derived from the minute hand movements of someone wearing a fitness tracker wristband while typing, demonstrates the scale of the cyber security problem.

“IoT requires a different approach to security. That’s why the IEEE Internet Initiative recently published a white paper with a set of best practices that anyone can use to improve the security of IoT applications. Available as a free download from the IEEE Internet Initiative, these best practices are applicable to any IoT application, regardless of the industry or whether it’s autonomous. IEEE will host a related webinar, “IoT Security Best Practices,” on Sept. 27, with a recording available soon after.”

[contact-form-7 id="3204" title="memoori-newsletter"]

Most Popular Articles

Danfoss Fire Siemens Data Centers
Security

What’s Behind Siemens Acquisition of Danfoss Fire Safety?

This Research Note examines what’s behind the acquisition of Danfoss Fire Safety A/S by Siemens Smart Infrastructure announced on 8th October 2024. We review the transaction details, the strategic rationale, the SEM-SAFE fire protection system, and deployments before assessing how this acquisition fits into Siemens fire safety portfolio. Transaction Details Siemens Smart Infrastructure has agreed […]

Complimentary Article AI Energy Management HVAC Optimization
Energy

Energy Management Software for HVAC Optimization Market

In today’s complex commercial real estate landscape, energy management has become a critical focus for asset managers, property managers, and facilities managers. As urbanization accelerates, energy demand grows, and the energy market becomes more volatile, optimizing energy use is no longer just about lowering costs, it has become a key factor in achieving sustainability, resource […]

dormakaba access control financial results
Security

dormakaba Access Solutions Business & FY2023/24 Financials Examined

In this Research Note, we examine one of the top three companies in the global access solutions market, dormakaba. Based on their FY2023/2024 financial results, year ending 30 June 2024 and their latest corporate presentation, this article highlights their solutions portfolio, financial highlights, and the latest results of their two business segments. dormakaba is listed […]

Subscribe to the Newsletter & get all our Articles & Research Delivered Straight to your Inbox.

Please enter a valid email

Please enter your name

Please enter company name

By signing up you agree to our privacy policy