Fundamentals of security for a world connected through Internet of Things

By Pravin Srinivasan Any discussion on technology today is dominated by one topic – the Internet of Things (IoT) or the web of connected smart devices. According to Cisco’s estimates, the IoT could generate $4.6 trillion in value for the global public sector and $14.4 trillion for the private sector by 2022 through cost savings, productivity gains, new revenues and improved citizen experiences. What then is this Internet of Things that has the world in a tizzy? Is it really as good as it sounds on paper? Consider this, the parking lot at a popular tourist destination communicates to the smart lighting system, helping them brighten or dim according to the number of cars parked, thus saving energy. Or a parking lot that automatically updates status so that you can check availability and reserve a spot before you even leave home. It might sound incredible but these are simple examples of how the IoT can add value to our daily lives. The IoT denotes a connected system where machines communicate with other machines via a system of sensors and Internet connectivity to create a network of smart devices. Cisco predicts that about 50 billion devices will be interconnected by 2020. The potential offered by such level of integration is tremendous. The impact it will make on day to day life of private citizens is immeasurable. The only question at this juncture is “how secure is this web of smart devices”? Early experiments by researchers have highlighted some of the dangers posed by a connected world. As early as 2012, a security researcher showed how easy it was to take control of building power systems and city traffic lights among others. In 2014, a Russian website discovered streaming live footage from close to 10,000 private webcams, CCTV systems and even baby monitors from over 250 countries across the globe. 2015 saw a record number of data breaches from the personal to issues of national security. Closer home, CEO of a Hyderabad firm had to pay cyber extortionists who demanded a ransom to keep their customer data from leaking out. It is no wonder that securing the IoT is top most priority before the information technology world at the moment. In a vast, discontinuous and porous space where everyone is as much an insider as an outsider, the first security risk emerges - hacking. Identity theft and cyber threats closely follow. IoT depends on cloud computing, smart devices with in-built sensors and the huge number of applications that support them. Two additional risks jump out here. One, the inadequacy of integrated environments that is required to support such connected technology. The other is that cloud security needs continuous advancement to keep in tune with hacking technology. The good news here is that organisations and governments across the world are doing everything in their power to make the IoT secure. It is up to us to make sure we focus on protecting data and accessibility for systems and services that are inextricably linked with individual or national confidentiality, privacy and safety. IoT professionals are working hard at securing cloud infrastructure and connections, implementing multiple levels of security measure on the devices itself and defining user and access levels for IoT systems. While the initial generations of IoT devices did not come with advanced encryption, the devices being designed today come with in-built encryption capabilities and the technology is improving as we speak. To harness the digitization it is imperative that security of the network is given paramount importance. The embedded network security solutions would extend the security capabilities of the network. Transforming the networks as a sensor can deliver deep visibility into the network traffic flow patterns and can identify anomalous behavior and threats. With Network as an enforcer it is possible to dynamically enforce the security policies which minimise the threat of an attack. In addition, it is also crucial to put in place certain levels of access so as to streamline the flow of information and ability to enter a system. At the individual level, it is critical that we upgrade outdated software and replace outdated devices with more recent releases. While code level encryption might be a tall order for an individual at home, it is not very difficult to activate and deploy the security and privacy measures that are inbuilt on most modern devices ranging from smartphones to security systems. This makes it easy to disconnect a device in case of loss or theft, thereby ensuring that the system remains safe. Simple measures like dual level authentication, not sharing passwords online or on non-secure connections, keeping track of the spread of one’s digital footprint can help keep personal data confidential. That the world is moving to greater levels of interconnectedness is a fact. The Internet of Things is here, it is here to stay and it has the potential to become all pervasive. The question before us is not really whether we should adopt this connected lifestyle but how to make it work best for us. Security, privacy, confidentiality and safety rank foremost in any discussion regarding IoT today. With a concerted effort on all fronts, we can steer humanity into an era where we can usher in great positive strides in development and prosperity by effective use of technology. The author is Lead, Security Sales, Cisco India & SAARC.