While driving a Jeep Cherokee through downtown St. Louis in July 2015, Andy Greenberg felt a sudden blast of air from the vents. The radio mysteriously changed stations, music began blaring and the windshield wipers started. The situation went from perplexing to frightening when Greenberg stepped on the gas pedal but couldn’t accelerate as he watched an 18-wheeler approach in his rearview mirror.
Fortunately, the experience was a test in which Greenberg had agreed to participate. Once the white hat hackers, Charlie Miller and Chris Valasek, illustrated their point — that they could hijack the vehicle’s wireless entertainment system and dashboard functions — they relinquished control of the system and let Greenberg take over.
The car-hacking test revealed a flaw not only in Jeep’s wireless systems but in the growing arsenal of IP-enabled products. People used to worry about malware on their computers, but in the age of the Internet of Things (IoT), home alarm systems, traffic lights, baby monitors, pacemakers — just about any “thing” — are susceptible to vulnerabilities.
Cyberattackers illustrated this point repeatedly in recent years, breaking into public utilities, sewage systems, even baby monitors. Adding so many new systems to networks puts additional pressure on IT departments that are already struggling to keep their systems secure. As more organizations adopt IoT solutions, they need to ensure they’re not creating new ways for cyberattackers to get in.
Due to the bullish projections for IoT’s growth, organizations are racing to stake their claims. Ninety percent of semiconductor manufacturers are developing new chips and sensors for IoT applications, according to a study by Morgan Stanley. And while some products are designed with security in mind, not all are created equal.
Deploying the Right Defences
To guard against the increased threats introduced to its IoT deployments, an organization needs a multilayered, scalable security strategy that starts at the gateway and encompasses elements including legacy systems, sensors and cloud-based solutions.
Firewalls: Whether an appliance or a software solution, a firewall is an important component of any security strategy. New firewall products are designed to accommodate the vast array and volume of devices unique to IoT.
Encryption: In order to protect data while it’s at rest on devices and in transit over a network, organizations can use an algorithm to scramble data, rendering it unusable by anyone other than a user with a decryption key.
Authorization: As more IT and OT devices connect to the network, it’s important to manage who has access to equipment and locations. With authorization tools such as Cisco Identity Services Engine, organizations can create policies that automate access management throughout an organization.
Network segmentation: IoT connects multitudes of IT and OT systems. So if a threat were to breach an organization’s network, any connected systems could be at risk. One way to guard against such a catastrophic situation is to segment the network. This way, if there is a breach, only the devices in that segment would be compromised.
Ready to take on IoT technologies? Download the free white paper, "IoT: Building a Data-Driven Future," to learn more about:
- data aggregation and analysis
- orchestration and automation technologies
- regulatory compliance and the IoT
You'll also score access to BizTech's entire library of free, downloadable white papers by signing up just once.