Learning New Terms - The Internet of Things

Just when you thought you had finally caught up on the latest IT buzzwords, they throw a new one at us - The Internet of Things! 

Ok, I'll bite.  What "Things" are we talking about?

According the SAS Institute "The Internet of Things is a growing network of everyday objects – from industrial machines to consumer goods – that can share information and complete tasks while you are busy with other activities, like work, sleep or exercise."

What-Is.com takes it one step further, stating "The Internet of Things (IoT) is when objects, animals or even people are provided with unique identifiers and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction."

In other words, normal everyday devices like your car, your refrigerator, your furnace and even your pacemaker will soon be attached to the Internet for you to manage or for manufacturers or others to extract data for whatever purposes they deem appropriate. 

Sound a little Orwellian?  Yes, but that's the future, so you'd better be prepared to deal with it because network security and the inherent vulnerabilities are going to get exponentially more complex over the next few years because of these "Things".

Joe Stanganelli recently wrote in e-Security Planet "Even last year's notorious Target hack resulted from an Internet of Things vulnerability. Hackers managed to steal network credentials belonging to a third-party refrigeration and HVAC vendor. They then used those credentials to access Target's internal network and push malicious software to the retailer's cash registers and other point-of-sale devices. In doing so, they were able to steal data from millions upon millions of credit cards."

The Internet of Things (IoT), which excludes PCs, tablets and smartphones, will grow to 26 billion units installed by 2020 representing an almost 30-fold increase from 0.9 billion in 2009.  Additionally, by 2020 the number of smartphones, tablets and PCs in use will reach about 7.3 billion units.

So what are we to do?  Network design considerations have to become more sophisticated and take into account the proliferation of "Things".  Network designers and managers are going to have to ask the questions "What if?" and "Then What?"  Gone are the days of simply cutting up network IP ranges along departmental or geographic sub-nets or even simpler designs.  Network Administrators are going to have make conscious design considerations to separate these new devices from the rest of their network or face the consequences like organizations like Target and Home Depot.  Manufacturers of these types of devices are going to have to improve the security abilities of these types of devices, too.

Tracking and managing traffic on these network to detect anomalous traffic is going to require implementing more sophisticated tools as well.  The average time it takes to detect exploits on a business network is over 200 days and with this proliferation of new "connected devices" that figure could get much worse unless security techniques improve dramatically. 

Keep the following in mind as you review the security of your networks going forward:

• Gartner Research anticipates that the total economic value-add from IoT across industries will reach $1.9 trillion worldwide in 2020 so don't expect enthusiasm to fade for adding such devices.
• Cisco reports that up to fifty billion devices will be connected to the Internet by 2020.
• The remote patient monitoring market doubled from 2007 to 2011 and is projected to double again by 2016.

• The utility smart grid transformation is expected to almost double the customer information system market based upon a study from Navigant Research.
• GE Corporation says that the industrial Internet could add $10-15 trillion to global GDP, essentially doubling the US economy.
• Seventy-five percent of global business leaders are exploring the economic opportunities of IoT, according to The Economist.
• Cities will spend $41 trillion in the next 20 years on infrastructure upgrades to accommodate this technology according to Intel.

The proliferation of these devices now and in the future requires that you address how to accommodate and secure these devices sooner rather than later and, as I said earlier, this is going to require a complete re-think of your network security tactics.

 

Jeff Hoffman is an IT Security and Data Protection Specialist with ACT Network Solutions.  His new book "Intruders at the Gate - Building an Effective Malware Defense System" is available on Amazon.com. For help with your network, he can be reached at jhoffman@act4networks.com