- 18 Hot IT Certifications for 2014
- CIOs Opting for IT Contractors Over Hiring Full-Time Staff
- 12 Best Free iOS 7 Holiday Shopping Apps
- For CMOs Big Data Can Lead to Big Profits
CSO - You've probably been hearing a lot lately about the Internet of Things (IoT). The IoT (see: "The IoT: A Primer" at the end of this piece), while still in the early stages of development, is slowly making its way into the mainstream as more objects become connected via technology such as radio frequency identification (RFID) and the iniquitousness of the Internet.
Regardless of how the development of the IoT plays out in the months and years to come, or what specific plans organizations have for deploying related projects, there will clearly be security implications. IT and security executives might want to start thinking about the security aspects of IoT today, even if they have no immediate plans to link objects via the Internet.
Among the key security questions are what, if any, new challenges does IoT present and how can companies best prepare to address them?
Experts say the security threats of the Internet of Things are broad and potentially even crippling to systems. Since the IoT will have critical infrastructure components, it presents a good target for national and industrial espionage, as well as denial of service and other attacks. Another major area of concern is the personal information that will potentially reside on networks, also a likely target for cyber criminals.
One thing to keep in mind when evaluating security needs is that the IoT is still very much a work in progress.
[GADGETS: 8 Most Interesting Ones of 2013]
"It's not a hard step; it is more of a gradual slope," says Andrew Rose, a principal analyst at Forrester Research Inc. in Cambridge, Mass., who covers security and risk issues and authored a 2012 report entitled, "Prepare Your Security Organization for the Internet of Things."
"Many things are connected to the Internet now, and we will see an increase in this and the advent of contextual data sharing and autonomous machine actions based on that information," Rose says.
Among the key security considerations with IoT is that an object, whether it's a truck, a vending machine or a medicine bottle, will become a part of a network environment.
"The IOT is the allocation of a virtual presence to a physical object," Rose says. "As it develops, these virtual presences will begin to interact and exchange contextual information, [and] the devices will make decisions based on this contextual device. This will lead to very physical threats, around national infrastructure, possessions [for example, cars and homes], environment, power, water and food supply, etc."
As a variety of objects become part of an interconnected environment, "we have to consider that these devices have lost physical security, as they are gong to be located in inhospitable environments, instantly accessible by the individual who is most motivated to tamper with the controls," Rose says.
Attackers could potentially intercept, read or change data, Rose adds. "They could tamper with control systems and change functionality, all adding to the risk scenarios," he says.