IoT Security: The Basics
The Internet of Things (IoT) is the natural progression of our affinity for connectivity and convenience — and the natural progression of how we use technology to meet those ends. People want to connect, seamlessly and hassle free. Businesses want to push connected technology into aspects of the business that have never been connected before, in order to optimize processes and differentiate themselves from their competition. But we should also want to do all of that securely, and the IoT is making that an intriguing challenge. For businesses, the challenges are complicated and the implications profound.
So many of our devices are "connected," (i.e, they have the capability to connect to a network or to another device via a wired or wireless signal) that vulnerabilities are rampant. Importantly, devices don't have to connect to the internet to be exploitable. Bluetooth and less traditional protocols also enable connectivity, and can wreak havoc on your organization's data, privacy and revenue stream.
The Internet of Things encompasses all of the connections that occur between devices — and the devices that allow those connections. The increased mobility and connected device use of your employees and your business systems means access points and connected devices are everywhere in and around your business, even if you have a BYOD policy. The IoT is all of your employees’ devices, and all of the connections between them. It is all of your business systems that are connected and the devices or protocols they’re connected to. It is (to put it mildly) massive, complicated and unwieldy.
To develop a consistently broadened view about the devices that are part of the IoT that you're not seeing at the moment, start by thinking about rooms or spaces. (This exercise by no means covers everything you need to consider when you think of the IoT, but it's a good start to bring the big picture into focus.)
The kitchen and cafeteria space is home to microwaves, landline phones, ovens, toasters, refrigerators, dishwashers, employee mobile phones, etc. Your personal office hosts your computer, your fitness tracking wearable, your television, your webcam, a security camera, your Bluetooth speakerphone, your coffeemaker — and yes, there's a central air conditioning system that touches everything in the building. (Remember the example of tissue samples that demanded temperature control?) The manufacturing floor is home to your automated lines and individual working stations. The register area in your building includes POS systems. In today's internet, all of these things are devices.
What's connected? What could be? What is it connected to? Once you've exhausted rooms or spaces, move outside. What are the cars in the parking lot connected to? What will they connect to later? Take on the world with this mindset to really begin to fathom the risks (and benefits) of such a diverse and large-scale wireless security entity.
As you read this IoT security blog series, you'll learn more about how newly-connected systems create wireless security vulnerabilities, how each vulnerability is exploited, and what you can do to mitigate risk. Throughout your reading and beyond, remember this exercise: whenever you look for or think about a device touching your business or your network in any way, or about connecting devices and systems within your business to one another, ask if it's possible that these devices are communicating with something else, too — and if you have a plan in place to both find out and deal with it if they are.