We’ve reached the point where nearly every aspect of our lives is interconnected. Our homes, cars, offices, our commutes, practically every facet of our day-to-day existence has a device associated with it (in fact, several), all of which are designed to make life smoother and easier. The interconnected world is, in theory, a wonderful place to be. Until it isn’t.
What’s the concern? There are multiple currents in play here, but they all revolve around a core driver – security. These “things” (as in “Internet of”) are being produced across an enormous range of applications at a far faster rate than a secure enabling infrastructure that can support them can keep up. All of these myriad things are being designed for convenience and rapid adoption, and by that criteria are clearly succeeding. However, IoT security as an integral part of the design process, is often an afterthought.
How concerning is this? Four quick examples:
Home: your home security system could easily be accessed through an unsecured device on the network (e.g. your refrigerator), then monitoring cameras can be turned on or off, doors unlocked, etc. Manufacturers add network accessibility to devices to track usage and improve the product, but they don’t necessarily think of the associated IoT security risks. That is because these are normally outside the scope of their core competency.
Car: Your car is essentially a mobile device. Most of the electronics in modern cars are connected to a CAN (controller area network) bus, which carries data without the benefit of encryption. This means that once someone hacks in, they have access to everything. It’s already been proven that hackers can remotely take control of a car while its in motion, and this is likely to be even easier if its an autonomous vehicle, since they’re designed to be controlled remotely.
Commute: most of our infrastructure is woefully unsecured. The information architecture limitations associated with cars also apply to subways or buses (same risk, bigger scale). Traffic lights are normally managed through an under-secured control system. Suppose a hacker decides to turn all stoplights green at once?
Office: Most newer buildings are “Smart”, with centralized control systems for everything. Same risk profile as your home, but on a much bigger scale. Imagine all the sprinklers in an 80-storey building going off at once, or all the elevators shutting down simultaneously.
The enabling software that supports these devices needs a paradigm shift from a design, development and deployment perspective, and it needs to happen immediately. This is an excellent opportunity for DevOps (the development of software that enables the device to be smart) and IT Operations Management (which manages and reports back on the devices in a production environment), to take a leading role in securing an interconnected world. “Things” are by definition, operational in nature; having a closed loop that ties ITOM to DevOps is the framework that will integrate security as a foundational element for the billions of devices which surround us. If our IoT devices are not secure, neither are we.