Smart Cities

A More Pragmatic Approach To Cyber Security For IoT, Memoori Speaks To IoTium

On October 21st 2016 we saw one of the largest cyber attacks in history. The Distributed Denial of Service (DDoS) attack, which brought down some of the internet’s largest sites, used internet of things (IoT) enabled devices such as video surveillance cameras and printers, to overwhelm the popular DNS service provider Dyn. The nature of the attack has brought up important questions about the vulnerabilities being created by poor security protocols on the IoT’s edge devices. The worry is that the billions of “things” now being connected can now be used as ammunition to barrage and overwhelm important sites or core digital infrastructure. This week Memoori spoke with Ron Victor, the Founder & CEO of ioTium, about the October 21st attack, vulnerabilities of the IoT and his company’s pragmatic approach to cyber security in our increasingly connected world. “Anything that is based on usernames and passwords is compromisable,” Victor said. “That is why we do […]

Stay ahead of the pack

with the latest independent smart building research and thought leadership.

Have an account? Login

Subscribe Now for just $200 per year per user (just $17 USD per month) for Access to Quality Independent Smart Building Research & Analysis!

What Exactly Do you Get?

  • Access to Website Articles and Notes. Unlimited Access to the Library of over 1,700 Articles Spanning 10 Years.
  • 10% discount on ALL Memoori Research reports for Subscribers! So if you only buy ONE report you will get your subscription fee back!
  • Industry-leading Analysis Every Week, Direct to your Inbox.
  • AND Cancel at any time
Subscribe Now

On October 21st 2016 we saw one of the largest cyber attacks in history. The Distributed Denial of Service (DDoS) attack, which brought down some of the internet’s largest sites, used internet of things (IoT) enabled devices such as video surveillance cameras and printers, to overwhelm the popular DNS service provider Dyn.

The nature of the attack has brought up important questions about the vulnerabilities being created by poor security protocols on the IoT’s edge devices. The worry is that the billions of “things” now being connected can now be used as ammunition to barrage and overwhelm important sites or core digital infrastructure.

This week Memoori spoke with Ron Victor, the Founder & CEO of ioTium, about the October 21st attack, vulnerabilities of the IoT and his company’s pragmatic approach to cyber security in our increasingly connected world.

“Anything that is based on usernames and passwords is compromisable,” Victor said. “That is why we do not believe in usernames and passwords, we focus instead on routing and security”.

IoTium’s approach accepts the fact that anything that can be hacked, will be hacked, “it’s just a matter of time,” states Victor. The problem, he points out, is that we are connecting “things” that were never meant to be connected, referring to legacy systems that are being brought online under the auspices of the IoT.

The IoT demands that everything be connected to bring about all the benefits of real-time data analytics and big data’s predictive capabilities. Victor uses the example of locomotives that routinely pull into the yard for inspection and potentially maintenance. As it stands, the train will be met by a technician who will plug their laptop into the on-board system to inspect and test it. Through the IoT, that locomotive will constantly transmit data to the cloud, meaning the central system will now tell the train when it needs to go to the yard. Creating efficiency.

However, this creates exposed networks that hackers could potentially use to not only attack the locomotive but to gain access to the entire rail network and cause widespread damage. If “anything that can be hacked will be hacked” then the thought of connecting vital infrastructure such as the rail network or the power grid seems absurd. Unless, of course, the system can be made secure.

“You need a secure network infrastructure to be able to protect against hacks, and that’s where we come in,” says Victor. He is not talking about making the system hack proof however; instead, Victor and his team at IoTium take a more pragmatic approach to protecting IoT rich systems using a virtual overlay network.

“Legacy devices are out there, they have limited security capability and were never meant to be connected. If it has a username and password, all that compromisable stuff, it will be hacked. By using our virtual overlay network we can connect anything and guarantee security from the source, simply by guaranteeing that each data stream will be isolated.”

IoTium promotes a horizontal architecture, which can seemingly be used in any industrial internet of things (IIoT) vertical. It is able to collect data from any legacy systems and push it, creating an architecture where you can securely push services to the edge. They have abstracted out the physical network layer, the carrier layer, the security layer and the OT protocol layer – “addressing and managing the convergence of the OT network with the IT network through a single pane of glass”.

Victor exaplins that “this is built on the premise that we are all going to get hacked. It’s not if we get hacked; we will be hacked. So if you build a system with that premise, then you protect the system by trying to isolate every component.”

During the October 21st attack, hackers easily accessed a huge network of IoT devices, infected them with a special malware known as a “botnet,” then synchronized their requests to barrage a specific server with a massive amount of traffic until it collapsed under the strain. Using IoTium’s approach these devices, be they cameras or toasters, would still be compromised but the hack wouldn’t be able to penetrate further than that single data stream.

The ‘traditional,’ and only, other route to achieving this level of security is manually, Victor asserts. Essentially by sending a truck to every security camera, for example, to install a firewall, consign a username and password, and so on, but that would require an army of people, considerable time and money, and still leaves a lot of vulnerabilities.

Furthermore, once this manual system gets deployed at the edge it is going to be sitting there for 5-10 years. Within that time new software will come out and our digital age demands the ability to keep upgrading and updating on the fly, potentially for 10,000 buildings, 200,000 lampposts, or one million machines.

Victor suggests we consider the oil rig, which collects sensitive data from legacy devices of Halliburton, Schlumberger, Rockwell or Emerson, sending it all to the cloud. “This data used to be flown out by helicopter because we didn’t want to risk connecting it. That is no longer going to work in the world that we live in, now it must be connected, but now we need a secure architecture that going to take all these legacy systems and connect them securely to wherever their data is supposed to go.”

Looking forward Victor thinks that while we will become progressively more secure, it doesn’t mean that hacks will not happen. He expects increasingly sophisticated hackers will continue to use cyber attacks to try and bring things down, often using these inherent vulnerabilities of the IoT and our connected legacy devices.

“We need an infrastructure that anticipates and accepts that these attacks are going to happen. We can no longer think it may happen, when the reality is that it is going to happen. And if it is going to happen, then we need to isolate the s**t out of it”.

[contact-form-7 id="3204" title="memoori-newsletter"]

Most Popular Articles

CXApp CXAI 2024
Smart Buildings

CXApp Workplace Experience Business and Financials Examined

In this Research Note, we examine the CXApp workplace experience business and 2023 financials, following the SPAC merger with KINS Technology in 2022 and subsequent events. Founded in 2015, CXApp is a workplace experience platform for enterprise customers in a work ‘from-anywhere’ world for employees, partners, customers, and visitors. Functionalities offered include employee engagement, desk […]

Witco Acquisition
Smart Buildings

Consolidation in the Workplace Experience Market as Witco Acquires SharingCloud

This Research Note examines what’s behind Witco’s latest move to acquire SharingCloud. We review the deal in the context of the startup’s development, funding, prior acquisitions, and strategy. Witco Profile Witco, a Parisian startup was founded in 2016 as MonBuilding, serving the French and Canadian enterprise market for workplace engagement apps. After raising 2 million […]

Axis Communications Financials 2023
Security

Axis Communications Video Surveillance Business & 2023 Financials Examined

In this Research Note, we examine the Axis Communications video surveillance business. This analysis is based on Canon’s 2023 Results Presentation 30 January 2024, Axis Communications 2023 Sustainability Report, 22 May 2024, and Memoori analysis. Founded in 1984 with headquarters in Lund, Sweden, Axis Communications offers products and services for video surveillance and analytics, access […]

Subscribe to the Newsletter & get all our Articles & Research Delivered Straight to your Inbox.

Please enter a valid email

Please enter your name

Please enter company name

By signing up you agree to our privacy policy