Some of us might not yet know it, but the Internet of Things is most certainly revolutionising the way in which we live our lives. Peter Webster reviews exactly how the Internet of Things is connecting everything and everyone before assessing the security implications this presents for today’s risk managers.
The prospect of living in a world without the Internet is pretty difficult to imagine. Undoubtedly, it has become the dominant factor in terms of how we communicate and exchange information. For some, even the very thought of being without any Internet connection is simply too much to bear.
Indeed, that last point was amply demonstrated in Vodafone’s recent Digital Behaviours study which found that more than a third of Britons said they didn’t think they could make it through a full day without Internet access, the most common reasons why being that it’s part of modern life and an essential medium for making contact with friends.
Our reliance on the Internet is very much beyond doubt and, according to Ofcom, 69% of UK adults now use a smart phone in order to ‘stay connected’. However, that connection is evolving beyond mobile phones, tablets and computers and has, over the last few years, been developing into something called the Internet of Things (IoT).
It’s a term that’s widely misunderstood, but in a nutshell describes a system wherein items that make up the physical world – and sensors within or otherwise attached to those items – are connected to the Internet via wireless and wired connections.
In reality, this includes everything from smart phones to coffee makers, washing machines, energy meters, headphones, refrigerators, lights, cars, wearable devices and almost anything else. The number of connected devices in homes is rising with rapidity, while in the workplace more and more individuals and machines are connected to networks and each other, in turn sharing vast amounts of valuable data designed to make our lives and business operations that much more efficient.
Quite frankly, it appears that the scope of the IoT is only limited by the human imagination. As each week passes, new and exciting Internet-connected devices are being designed, developed and introduced to what’s now an ever-more ‘tech-savvy’ society.
While it’s clear that the number and variety of connected devices is growing exponentially, what’s less certain is the impact this process will have on us all. Proponents of the IoT view it as enabling a ‘Brave New World’ free from the more mundane aspects of life wherein, for example, driverless cars will transport us and physically shopping for food will be no more.
At the other end of the spectrum, those of a more cautious disposition envisage a ‘Big Brother’-style situation wherein Governments, corporations or those with malicious intent can access so much information about individuals and their activities.
However the IoT may be viewed, it’s almost certainly the gateway to artificial intelligence where interconnected machines harbouring human-like qualities to learn and rationalise will be developed and introduced.
Future scope of the IoT
Some of the predictions about the future scope of the IoT and the data that will be collected by it are truly mind-blowing. Estimates around the amount of connected devices set to be in use over the next few years vary enormously but, according to Intel, the IoT is predicted to grow from two billion objects (in 2006) to 200 billion by 2020, at which juncture there will be 26 smart objects for every human on the planet.
That’s a whole lot of information, with 90% of the data that exists having been created in the last two years alone. IBM claims that, every day, we realise 2.5 quintillion bytes of data. According to the US definition, that’s one followed by 18 zeros. Putting that huge number into perspective, it equates to filling up 57.5 billion 32 Gb Apple iPads. Staggering, isn’t it?
However, if we think that what we produce today represents big data, we really do need to reassess. IDC’s analysts predict that, by 2020, IoT devices will collectively create, copy and consume about 44 zettabytes of data (a zettabyte is a one followed by 21 zeros!) which is 50 times more than in 2012.
Furthermore, by 2020 about 1.7 megabytes of new information will be created every second for every human being on Earth.
IoT-based devices collect a good deal of personal data. For example, smart meters can already tell when a person is at home and what devices are being used at any given time. This information has the potential to be shared with other devices and held in databases by companies, but what happens to it then? Believe me, this is the question that concerns even the strongest supporters of the IoT.
Is enough being done to build security and privacy into the IoT during these early stages of adoption? Any failure to set a positive precedent may leave the door open for hackers somewhere down the line. Greater volumes of data can also render people, homes and businesses more attractive to cyber criminals.
As if to prove the lack of security in certain items, cyber criminals have hacked into a host of devices. Although those criminals don’t appear to be paying the IoT too much attention at present, just as soon as there’s a financial motive for doing so you can bet your bottom dollar they will.
It’s an issue that must be taken seriously. Symantec’s 2015 Internet Security Threat Report finds Britain to be one of the most targeted nations on Earth, while research by PricewaterhouseCoopers found that nearly 10% of UK businesses don’t actually know how many cyber attacks were visited upon them over the past year (with 14% not knowing how those episodes happened). The latter research also found that prevention and detection methods have proven largely ineffective against what are now increasingly clever assaults.
Blue sky thinking
The majority of the general public simply have no idea what type of information is being held about them and, just as importantly, where. Although the convenience of the cloud almost inevitably appeals to many, there are still those who simply don’t understand that this means their information isn’t in some untouchable place in the sky. Rather, it’s stored in physical buildings called Data Centres.
The Data Centre sector is one of the major success stories of the last 15 years, in no small part due to the need for housing somewhere the huge amount of electronic information that we all produce. There are now over 100,000 of these facilities across the world. Their owners and operators have to be very vigilant, not just around cyber crime but also physical attack.
Protecting Data Centres is, therefore, a key challenge. Traditional security measures have a part to play in guarding such a site, and these should form part of a multi-layered approach. Externally, perimeter fences, barriers, retracting posts at vehicle access points, CCTV cameras and trained and licensed security officers can all deter a physical security breach.
Internally, CCTV, alarms, integrated access control systems and appropriately-rated security doors and alarms all form part of the defence regime. Biometric controls, such as fingerprint and iris recognition, are beginning to replace swipe cards, which can be easily stolen, and these controls can be used to monitor and record the movement of staff in a facility.
Keeping the number of potential entry points to a minimum is also considered to be good practice, as is ensuring that members of staff are fully aware of their security responsibilities in tandem with limiting access to certain areas.
In terms of the physical infrastructure, racks and cabinets are the last line of defence. That being so, as well as housing a wide variety of important active equipment, they also need to protect the sensitive data contained within them. Locking systems will usually be employed in conjunction with a personal identification number (PIN) or a radio frequency identification (RFID) device. Software is now available that provides local or remote control of racks and cabinets with full event recording and a rolling 24-hour audit trail.
All Internet things considered
The IoT is transforming the everyday physical objects that surround us in ways that would have previously seemed the stuff of science fiction. Although we’re still some way away from witnessing the full potential of these intelligent machines, consumers need to wake up to the security and privacy implications of having billions of devices collecting their data at all times and put in place appropriate measures designed to protect themselves.
As for my perspective on all of this, let me be quite clear. I’m fully in favour of the Security and Intelligence Services having access to data to protect us from terrorist attacks, but we must build a world wherein we’re wholly protected from criminals stealing that same information.
Peter Webster is CEO of Corps Security