How Secure is the Internet of Things?
The Internet of Things (IoT) is changing the world.
Everything is connected and the amount of data available for consumption is growing exponentially.
From a technologist’s view, this is an exciting opportunity. From a network administrator’s perspective, it’s terrifying.
While the majority view IoT as an exciting buzzword, the network administrator understands that the connectivity required by true IoT deployments will lead to safety-critical industrial systems, which previously existed behind firewalls, being inevitably exposed to potentially insecure networks.
Not only that, but it creates a huge workload to ensure that countless machines are secured in the first place.
As the cherry on top, the network administrator likely understands that the existing defense paradigm already in place for network protection will no longer work.
Something needs to change. Network protection systems need to evolve.
Security of the Past
To understand how this needs to happen, it’s important to look back in time at the history of security — starting long ago before cyber ever existed.
Prior to 7000 BC, before mass agriculture had fully developed, the patriarch took on the role of defender and was responsible for the well-being of his family. He was tasked with learning how to fight and fend off invaders, regardless of circumstance.
While it worked to some degree, it was also inefficient because everybody had to devote some of their time to doing it.
As agrarian civilization emerged, people began to live closer together, ending the patriarchal defense system. With that transition, something fantastic occurred. They built walls.
Not just around houses, but around towns and villages. This let specialized “soldiers” defend a perimeter and fight for a village, letting the common people on the inside go about their daily lives without fear.
This had a variety of other benefits, but most notably it changed how people would live and defend themselves for the rest of history.
From Soldier to IT Specialist
Now, think about how this applies to software, notably software deployed onto the IoT. Think about how you might defend any of those endpoints today.
There might be a firewall, but that’s a static and slightly outdated technology.
To supplement and provide personalized security, most would probably use endpoint detection systems like an antivirus software, which runs an application on the device 24/7 checking for malware.
While it works to some degree at defending a system against threats, history has shown that such a solution is rarely scalable when dealing with a shifting threat landscape.
The Reasons Why We’re Falling Short
There are a few reasons why endpoint protection will not be sufficient for protecting the Internet of Things:
Accuracy — Endpoint protection solutions are traditionally built on signature-based detection methods, which 78% of security professionals agree (Keane, 2015) are not effective against general attacks.
Even in some of the best antivirus accuracy reports, only a small sample size of a few hundred stale malware samples are used to benchmark the products.
There are millions of malicious files created every day. The fact that 27% of all malware variants in history were created last year (Korolov, 2016) indicates that non-learning solutions won’t be able to keep up with the onslaught of zero-day attacks.
CPU Usage — According to a report published by Hobson and Company (Casten, 2009), antivirus software can account for over 15 minutes of downtime per week on endpoint desktops and laptops.
This amounts to over $300 of downtime per year per endpoint covered, and that’s on robust systems designed for intense computations. An average IoT node is barely a step up from a Raspberry Pi regarding compute capability.
That 15 minutes of downtime for a laptop could translate into hours of downtime for an IoT controller.
In order to get around that, some antivirus solutions are so lightweight that they’re no longer capable of adequately detecting threats. This solution would be unacceptable in the IoT world, as worms are often designed to propagate between nodes (i.e. Stuxnet).
If that affected node controls heavy machinery like a combustion turbine, any effectual downtime would be highly significant for the lives of many.
IT Burden — While endpoint security is not going to be 100% accurate, this lack of accuracy also accounts for lost economic value outside of missed threats.
False positives from endpoint solutions cause companies to spend nearly $1.3 million and 21,000 hours of wasted time on IT support every year (New Ponemon Report Reveals High Cost of Dealing with “False Positive” Cyber Security Alerts, 2015).
These numbers cannot scale with the Internet of Things — there are not enough IT jobs to support it, and there will be too many operating systems to work across. According to a survey by the SANS institute, the lack of people and dedicated resources maintaining threat detection systems is the leading contributor to why attacks go undiscovered (Shackleford, 2015).
As the number of endpoints available for attack increases, the potential for more undiscovered attacks rises, and the IT burden grows.
As history shows, the future of IoT will need a better security solution than just a firewall paired with an endpoint detection system. It will require something that is more accurate, more scalable, and less intrusive.
Facing the Changing Threat
The solution lies in building a true perimeter detection system capable of evolving as threats change.
Endpoint protection, for the time being, may be a necessary evil in some places, but new AI technologies will make it possible to improve perimeter security with no adverse affects to end users or nodes.
These tools can patrol the perimeter of an organization and provide enhanced threat visibility, automated evidence reporting, and rapid incident response, all in a dynamic environment at machine speed.
Building firewalls was a great start, but cognitive perimeter detection tools are capable of taking security to the next level.
Not only can they view externally facing log data (i.e. firewalls, web servers, etc.) and identify threats before they root and multiply, they can also sit on the outside and look in to find insider threats, malware propagation and malicious intranet traffic patterns.
When paired with good data sources, cognitive perimeter detection methods will provide scalable, accurate solutions behind the scenes. They effectively secure the borders so that end users and IoT nodes never need to worry.