IBM Resilient CTO and security guru Bruce Schneier takes a look at the security risks of the Internet of Things in his latest video. He brings up an interesting and rather disconcerting point, IoT devices tend to do critical things like turn on and off power or drive your car, so preventing hacking is even more critical with IoT than typical computers.
During the writing of this article, I noticed that Bruce Schneier and other cybersecurity experts at IBM are offering a free webinar today on the overall subject of cyber security that you might also be interested in:
December 6, 2018, at 12:00 PM: The Resilient End of Year Review: The Top Cyber Security Trends in 2018 and Predictions for the Year Ahead
Bruce Schneier, CTO at IBM Resilient and Special Advisor at IBM Security, provided an overview of the IoT security threat in a recent IBM video:
What Are the Security Risks of the Internet of Things?
IoT devices are just computers so all the threats that we’re used to from the computer world get transferred into any IoT device. In addition, they tend to be low cost, not well designed, built offshore, so they have more vulnerabilities. They tend to be deeply embedded in networks and organizations so they have a lot of access. They often control physical processes.
They turn on and off the power, they drive your car, they’re medical devices, which means the effects of a hack can be much more dangerous. On the one hand, they’re exactly the same as computers. On the other hand, because of how they’re made and what they can do, they’re very different than computers.
How Will IoT Security Evolve in the Coming Years?
These are low-cost consumer devices in many cases and there’s not a lot of money or even market demand for security. I think two things will happen. I think there will be more security in some of the more expensive devices.
Of the cheaper devices, there will be other things that you could purchase to go on your network that will monitor them. We don’t really have them yet but I think that’s where the future is going. We have to assume there’ll be lots of cheaply made insecure IoT devices in every network. How do we get security on top of that?
Click Here to Kill Everybody
Schneier has a brand new book out that goes into the security risks of IoT in depth called, Click Here to Kill Everybody: Security and Survival in a Hyper-connected World.
Here’s how Bruce Schneier describes the IoT threat:
Everything is a computer. Ovens are computers that make things hot; refrigerators are computers that keep things cold. These computers—from home thermostats to chemical plants—are all online. The Internet, once a virtual abstraction, can now sense and touch the physical world.
As we open our lives to this future, often called the Internet of Things, we are beginning to see its enormous potential in ideas like driverless cars, smart cities, and personal agents equipped with their own behavioral algorithms. But every knife cuts two ways.
All computers can be hacked. And Internet-connected computers are the most vulnerable. Forget data theft: cutting-edge digital attackers can now crash your car, your pacemaker, and the nation’s power grid.