Risk vs. Reward with Internet of Things Deployments
The idealized view of the Internet of Things is a world of billions of connected devices that bring automation, efficiency and an overall better quality of life. In many ways, we're well on the way toward that vision.
Machines that people use every day — refrigerators, washers, thermostats, televisions, automobiles — are beginning to feature IoT technology that anticipates the needs and eases the tasks of daily living. Who wouldn't love a technology that lightens the drudgery of doing laundry?
On a wider scale, local governments are using IoT to power smart city developments. IT leaders are building communities of the future with sensors that support smart solutions for street and traffic lights, parking, road maintenance, water monitoring and more. We're undoubtedly in the midst of a transformation in how life is lived akin to changes during the Industrial Revolution.
SIGN UP: Get more news from the StateTech newsletter in your inbox every two weeks
IoT Offers a Soft Target for Hackers
An interdependent IoT future brings with it many challenges, chief among them is security. Suppliers are still in the early stages of creating strategies to protect hardware. Many devices do not possess security agents and are often cut over into operation on poorly segmented networks.
All of this makes the technology a soft target for hackers seeking to exploit vulnerabilities for monetary or political gain, or to simply create chaos.
This is not an abstract concern. In 2016, the Mirai botnet infiltrated millions of IP cameras, routers and digital video recorders. The resulting distributed denial-of-service attacks disrupted major internet-based companies, including PayPal, Spotify and Twitter. Internet service slowed or failed for almost all of the eastern U.S.
In October 2017, researchers at Check Point found a new botnet, named IoTroop (also called Reaper), that is thought to be infecting IoT devices such as IP wireless cameras. The attack is happening "at a far greater pace and with more potential damage than the Mirai botnet," said a Check Point analysis.
Risks from state actors also may develop. "In the future, intelligence services might use the IoT for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials," then-director of National Intelligence James Clapper told the Senate intelligence committee in 2016.
This is not welcome news.
Cybersecurity Spells IoT Success
Until threats are more adequately addressed, there is a risk that IoT will not realize its full promise — something that the IT field is coming to grips with. Gartner's 2016 IoT Backbone Survey showed that 32 percent of IT leaders cite security as a top barrier to IoT success.
"Understanding how to balance the promise of IoT-connected devices with potential security challenges will continue to be a megatrend in the years to come," says Mark Hung, research vice president and lead analyst on IoT at Gartner.
Government officials appear to grasp the problem. In August 2017, Congress introduced the Internet of Things Cybersecurity Improvement Act. If passed, the law would require that internet-enabled devices sold to the U.S. government permit security updates, have no known threat vulnerabilities and allow changes to default credentials. While this would apply only at the federal level, it helpfully shines a national spotlight on the issue.
Will the security challenges be resolved? Time will tell, but history shows that market forces drive innovation to fill gaps in promising technology, and there's no reason to believe that won't happen here.
The Public Information Factor in IoT Deployments
Whatever strides are made toward protecting IoT, IT professionals should keep the public informed. For those who live and breathe technology, it's easy to forget that most citizens find modern machines an enigma. They love what their smartphones do for them, but they have no idea how they work.
Couple that with major hacking events in recent years, and the average person understandably may be a little skeptical about a world of connected things.
Public-sector and private organizations should join to educate citizens on what is being done to secure IoT systems. That open communication will be crucial for local leaders looking to build consensus and support for their IoT deployments.
This article is part of StateTech's CITizen blog series. Please join the discussion on Twitter by using the #StateLocalIT hashtag.