This was a missed opportunity because this is an area worth investigating, and a networking company like Cisco could have brought some real insight. Instead we were treated to the usual diet of how teenagers use Facebook and, that hoariest of hoary internet subjects, the internet-enabled fridge.
But what are the security issues surrounding an internet of 50 billion devices, 48 billion of which are going to be cheap remote sensors of some kind? And what are the security implications?
One of the key issues is data integrity. How do you trust the data your sensors are sending? In fact how do you even know it is a sensor that is sending data at all, and not a bot or piece of malware?
Then there is the problem of encryption. When smart meters are installed across the grid you can be sure that they will have a high degree of encryption built into them—after all they are likely to be pretty expensive pieces of kit. You can be sure that authentication and encryption will be built in.
But what about a cheap (less than €1) sensor that is, say, responsible for reporting whether a parking place is occupied, or one that reports on the tensions in a restraining cable. How much encryption will be built into a 10¢ chip? But if it sends its data unencrypted, and it doesn’t use proper authentication, then it really is a simple matter of jumping in and adding whatever data you want to that stream.
So what? Why does this matter? Well it comes down to data integrity. There are two sorts of cyber criminals (actually there are loads, but let’s just take two for now); those out to make a quick buck, and those who are rather more sophisticated and perhaps have other, more destructive, aims.
Low-life cybercriminals typically use well-known exploits to target businesses and organizations with lax security. They are not going to hack a sensor as there is no money to be made and it is much easier to make money selling stolen personal data.
But the second group, maybe state agents or those engaged in industrial sabotage, might well. And rather than hack a network and bring it down, so alerting everyone what you have done, why not simply start to feed in rogue data from cheap, insecure sensors. Not a lot of it, and not data that is so outlandishly fake that simple error checking will detect it.
No, what about slowly infecting a company’s databases with dirty data? At some point the company will notice, but by then it will be too late. It will have databases full of dirty and clean data, intermingled. Perhaps business decisions have been made based on the wrong data? Most importantly, how will the company know what data to trust, and what data is dirty? How do you clean a database like that?
Traditionally security has come from dividing the world into two—stuff inside my perimeter which I can trust, and stuff coming from outside which I can’t. The perimeter view of the world is the cyber equivalent of ‘there be monsters’. Even in today’s computing environment that view is becoming less and less tenable as networks become more and more heterogeneous and the simple amount of data and sources becomes too great to manage using existing intrusion detection techniques.
So there are some interesting issues to be debated around the security implications for the world of 50 billion (or more) sensors. And almost certainly these debates are being had right now. It was just a shame that Cisco wasn’t able to share them.
0 comments:
Post a Comment