IEEE Spectrum - North American - March 2015 - 53
iNfiLtratiNg the iNterNet of thiNgs (or IoT, for short) doesn't nec-
essarily require a dedicated computer coder gone bad, willing to
devote long hours to finding a vulnerability. These days, an amateur hacker can download existing tools and use them to conduct
a basic attack. On the other end of sophistication, organized crime
and nation states have entered the hacking game.
Unlike business computers, which for decades have been
sheltered behind corporate firewalls and intrusion detection
and prevention systems (IDPS), the products now being linked
to the Internet are frequently on their own. A Columbia University study that ran a set of attacks against business systems and
embedded systems in such consumer products as home entertainment systems, webcams, and Wi-Fi access points found problems
in just 2.46 percent of the business products-and a whopping
41.62 percent of the consumer products. Even in those products
that do have shields, the protections are often not enabled or are
undermined by the use of default or weak passwords.
Too many manufacturers worry more about getting a product
to market quickly than securing it. In some cases, a manufacturer
has taken an apparatus designed for use in a private network
and simply connected it to the Internet without building in any
protection to speak of. It's also true that the devices themselves
are often so small that it's hard to build in the right protection.
And most IoT products, even if secured, have no way to automatically update their security software when vulnerabilities
are discovered. As things now stand, bad actors can exploit any
vulnerability they find for as long as the 10 or even 20 years the
devices remain in use.
The situation has got to change. Product makers-and the people who use these gadgets-have to protect against hacking. And
it is possible to do it.
haCkers who attaCk aLL these systems-home, car, and health-
are typically trying to do one of three things: take control of the
apparatus, steal information, or disrupt service.
Taking control of the apparatus means somehow logging in
as an authorized user, perhaps by figuring out the password,
finding a backdoor, or compromising the authentication mechanism. Strong authentication methods-such as randomly generated passwords; secure, token-based authentication; biometric
authentication; and certificate-based authentication-can make
this much more difficult.
Stealing information can mean eavesdropping or getting into
the systems and collecting data, such as patient information
from a medical device or credit card numbers from a TV used
for home shopping. It can also mean using a product like a phone
system, printer, or video camera to collect and transmit data.
Disrupting service usually means flooding a system, such as a
home-security or vehicle-control system, with messages in order
to make it unable to function.
The simplest way to stop all these attacks is by preventing
hackers from communicating with the gadgets they are trying
to hack. And that means using a firewall and an IDPS.
A firewall acts as a gatekeeper, blocking traffic that should not
be permitted to pass through. An IDPS monitors the computer
emergiNg staNDarDs
for iot seCurity
S
ecurity standards for IoT products are
evolving. Most of the current standards
came out of a specific industry or
application-for example, the North
American Electric Reliability Corp. has
set critical infrastructure protection (CIP) standards
to secure the electric grid, the U.S. Food and Drug
Administration has a set of guidelines to help product
makers better protect patient health and information,
and the National Institute of Standards and Technology
has created the somewhat broader Cybersecurity
Framework to help the financial, energy, and healthcare industries. Some relate peripherally to the Internet
of Things. But new standards specifically targeted at
the IoT are beginning to emerge. These include:
* the industrial internet Consortium: The
Industrial Internet describes a world in which physical
manufacturing and other machinery connects with
sensors and software that gather data, analyze it,
and use it to adjust the machinery-essentially, the
nonconsumer IoT. The IIC was created to make sure
that products from different companies can easily
share data; its members will be building security
protections into its reference architectures.
* the open interconnect Consortium: This
group of technology companies, such as Cisco, Intel,
and Samsung, is developing interoperability standards
for the IoT and will consider security as it does so.
* the international standards organization's
(iso) special working group on the internet of
things: This group is assessing existing standards
that might apply to the IoT along with current efforts
to develop standards; it plans to help guide their
evolution to better account for security. For example,
this may mean that the world's most widely adopted
family of information technology security standards,
ISO 27000, gets an update that will make it able to
work better with the IoT.
* ieC 62443/isa99, industrial automation
and Control system security Committee: This
committee develops security standards and technical
reports that define procedures for implementing
secure industrial automation and control systems.
* a number of ieee standards address
elements of security that can be applied to the
internet of things, including IEEE P1363, a standard
for public-key cryptography; IEEE P1619, which
addresses encryption of data on storage devices;
IEEE P2600, a standard that addresses the security
of printers and copiers; and IEEE 802.1AE and IEEE
802.1X, which address media access control security.
SPectrUm.ieee.orG
|
north american
|
mar 2015
|
53
�
http://SPectrUm.ieee.orG
Table of Contents for the Digital Edition of IEEE Spectrum - North American - March 2015
Contents
IEEE Spectrum - North American - March 2015 - Cover1
IEEE Spectrum - North American - March 2015 - Cover2
IEEE Spectrum - North American - March 2015 - 1
IEEE Spectrum - North American - March 2015 - 2
IEEE Spectrum - North American - March 2015 - Contents
IEEE Spectrum - North American - March 2015 - 4
IEEE Spectrum - North American - March 2015 - 5
IEEE Spectrum - North American - March 2015 - 6
IEEE Spectrum - North American - March 2015 - 7
IEEE Spectrum - North American - March 2015 - 8
IEEE Spectrum - North American - March 2015 - 9
IEEE Spectrum - North American - March 2015 - 10
IEEE Spectrum - North American - March 2015 - 11
IEEE Spectrum - North American - March 2015 - 12
IEEE Spectrum - North American - March 2015 - 13
IEEE Spectrum - North American - March 2015 - 14
IEEE Spectrum - North American - March 2015 - 15
IEEE Spectrum - North American - March 2015 - 16
IEEE Spectrum - North American - March 2015 - 17
IEEE Spectrum - North American - March 2015 - 18
IEEE Spectrum - North American - March 2015 - 19
IEEE Spectrum - North American - March 2015 - 20
IEEE Spectrum - North American - March 2015 - 21
IEEE Spectrum - North American - March 2015 - 22
IEEE Spectrum - North American - March 2015 - 23
IEEE Spectrum - North American - March 2015 - 24
IEEE Spectrum - North American - March 2015 - 25
IEEE Spectrum - North American - March 2015 - 26
IEEE Spectrum - North American - March 2015 - 27
IEEE Spectrum - North American - March 2015 - 28
IEEE Spectrum - North American - March 2015 - 29
IEEE Spectrum - North American - March 2015 - 30
IEEE Spectrum - North American - March 2015 - 31
IEEE Spectrum - North American - March 2015 - 32
IEEE Spectrum - North American - March 2015 - 33
IEEE Spectrum - North American - March 2015 - 34
IEEE Spectrum - North American - March 2015 - 35
IEEE Spectrum - North American - March 2015 - 36
IEEE Spectrum - North American - March 2015 - 37
IEEE Spectrum - North American - March 2015 - 38
IEEE Spectrum - North American - March 2015 - 39
IEEE Spectrum - North American - March 2015 - 40
IEEE Spectrum - North American - March 2015 - 41
IEEE Spectrum - North American - March 2015 - 42
IEEE Spectrum - North American - March 2015 - 43
IEEE Spectrum - North American - March 2015 - 44
IEEE Spectrum - North American - March 2015 - 45
IEEE Spectrum - North American - March 2015 - 46
IEEE Spectrum - North American - March 2015 - 47
IEEE Spectrum - North American - March 2015 - 48
IEEE Spectrum - North American - March 2015 - 49
IEEE Spectrum - North American - March 2015 - 50
IEEE Spectrum - North American - March 2015 - 51
IEEE Spectrum - North American - March 2015 - 52
IEEE Spectrum - North American - March 2015 - 53
IEEE Spectrum - North American - March 2015 - 54
IEEE Spectrum - North American - March 2015 - 55
IEEE Spectrum - North American - March 2015 - 56
IEEE Spectrum - North American - March 2015 - 57
IEEE Spectrum - North American - March 2015 - 58
IEEE Spectrum - North American - March 2015 - 59
IEEE Spectrum - North American - March 2015 - 60
IEEE Spectrum - North American - March 2015 - 61
IEEE Spectrum - North American - March 2015 - 62
IEEE Spectrum - North American - March 2015 - 63
IEEE Spectrum - North American - March 2015 - 64
IEEE Spectrum - North American - March 2015 - 65
IEEE Spectrum - North American - March 2015 - 66
IEEE Spectrum - North American - March 2015 - 67
IEEE Spectrum - North American - March 2015 - 68
IEEE Spectrum - North American - March 2015 - 69
IEEE Spectrum - North American - March 2015 - 70
IEEE Spectrum - North American - March 2015 - 71
IEEE Spectrum - North American - March 2015 - 72
IEEE Spectrum - North American - March 2015 - 73
IEEE Spectrum - North American - March 2015 - 74
IEEE Spectrum - North American - March 2015 - 75
IEEE Spectrum - North American - March 2015 - 76
IEEE Spectrum - North American - March 2015 - Cover3
IEEE Spectrum - North American - March 2015 - Cover4
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1217
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1117
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1017
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0917
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0817
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0717
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0617
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0517
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0417
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0317
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0217
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0117
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1216
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1116
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1016
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0916
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0816
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0716
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0616
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0516
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0416
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0316
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0216
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0116
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1215
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1115
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1015
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0915
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0815
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0715
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0615
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0515
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0415
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0315
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0215
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0115
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1214
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1114
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1014
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0914
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0814
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0714
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0614
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0514
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0414
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0314
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0214
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0114
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1213
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1113
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1013
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0913
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0813
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0713
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0613
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0513
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0413
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0313
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0213
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0113
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1212
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1112
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1012
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0912
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0812
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0712
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0612
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0512
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0412
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0312
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0212
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0112
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1211
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1111
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1011
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0911
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0811
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0711
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0611
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0511
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0411
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0311
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0211
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0111
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1210
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1110
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1010
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0910
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0810
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0710
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0610
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0510
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0410
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0310
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0210
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0110
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1209
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1109
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1009
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0909
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0809
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0709
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0609
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0509
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0409
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0309
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0209
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0109
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1208
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1108
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1008
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0908
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0808
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0708
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0608
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0508
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0408
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0308
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0208
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0108
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1207
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1107
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_1007
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0907
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0807
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0707
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0607
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0507
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0407
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0307
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0207
https://www.nxtbook.com/nxtbooks/ieee/spectrum_na_0107
https://www.nxtbookmedia.com