Plenty of companies yearn to integrate cloud computing with their IT infrastructure but feel hesitant to do so due to concerns about data security. A lot of public cloud host service providers make use of the same hardware infrastructure to manage the needs of various clients which can compromise the security of data systems.

However, it is possible to hire the expertise of private cloud computing companies as they follow data security methods that can work for HIPAA and PCI-sensitive organizations. By getting private cloud computing solutions, companies can have greater control over their data security needs.

Here are 5 handy tips for implementing cloud computing concepts while maintaining the highest levels of security.

1. The first thing that you need to keep in mind is the location of your data. Unless you know the location of your data, it won’t be possible for you to secure it. While it is still important for you to use technologies like firewall, data encryption, and intrusion detection methods, knowing your data’s location allow you to prevent security breaches when the cloud system stops working. You should be able to use dedicated hardware to implement stringent security parameters for your data that you share through cloud computing.
2. Make sure that you keep your data perfectly backed up. When you take backups of your data, you can be sure of the fact that your data is safe against any kind of losses. This can also help you secure all important information about your business and provide you with the peace of mind that you seek.
3. The data centers that you choose to work with for your company should always take data security in a serious manner. They should be able to implement the best security measures in the servers in which your data is kept. It is important that they are PCI or HIPAA certified and SSAE 16, SOC 2 and SAS 70 audited. Managed services like intrusion detection, firewalls and antivirus can really work out well for you by making your data, applications, and enterprise more resilient.
4. A good way to ensure security for your data would be to check out the clients that a cloud service provider has worked with. By seeing whether the cloud provider has already worked with clients in the past requiring critical and stringent security measures, it is possible for you to make sure that your data is in good hands. Organizations operating in the financial, insurance, healthcare and government sectors are certainly good examples requiring high-end data security. By contacting these companies, you can be sure if they offer excellent data security.
5. It is important that you also carry out detailed tests to ensure that the cloud systems are equipped with the best security features.

These are the top 5 and most important cloud computing security tips that many app development companies india agencies are adopting in their development and implementation processes so as to have better security for their product or services.

Your home security system. Air condition system. Your car. Why, even your coffee maker. Almost every imagine digital appliance is now connected to the Internet. The era of connected things has arrived.

IoT is no longer a science project that businesses are putting off for the future. It is a promise to a future that must be leveraged now. In fact, today, it is more difficult to find a coffee-maker or any home appliance without Wifi or Bluetooth connectivity. Not just at homes, even at corporations, connected devices has become a serious boardroom topic. According to DigiCert’s State of IoT Security survey 2018, 83% of organizations say the Internet of Things (IoT) is important to business today, and 92% say it will be in two years.

IoT can bring to businesses several benefits like improved operational efficiency, new revenue channels, business agility, and enhanced customer experience.

However, there are enterprise concerns that dwarf the possibility of gaining these benefits.

Among the top 4 enterprise concerns for IoT are security and privacy.

Source: DigiCert’s State of IoT Security survey 2018

How the Internet of Things can become the Internet of ‘Threats’

If not controlled, secured and monitored, the Internet of Things can go from smart connected things to a web of connected threats. Here are some ways how connected devices can go rogue.

#1 The connected risk of BYOD

Global corporations are losing no time in enabling their employees with BYOD (Bring Your Own Device) and WFH Work From Home working models. Although these working models amplify productivity, they also carry with them the risk of IoT.

For instance, an insecure connected device at an employee’s home can be hacked into by a hacker thereby gaining access to the office system. If the employee has failed to take adequate security measures for the office gadgetry, then it leaves the ground open for the hacker to seed an infectious malware, virus or anything malicious into the office network. That is the connected risk of BYOD which IoT creates.

#2 DDoS attacks

Source: DigiCert’s IoT Security Infographic

Do you know that insecure IoT devices can take down cities? IoT botnets combined with DDoS attacks can bring connected urban infrastructure to a grinding halt. This is not any sci-fi or fictional scenario. Hackers can track down IoT sensors, hack into their weak interfaces and run commands to shut down services or to hijack their functioning.

To cite a real-world example, cities like New York, Singapore, Barcelona, etc. are already running extensive public utilities with the help of IoT. IBM’s white paper - The Dangers of Smart City Hacking found more than 17 security vulnerabilities that make it “painfully easy” to take down large IoT-based urban networks. The security vulnerabilities included public default passwords, SQL injection, authentication bypass and so on.

#3 Premise Intrusion

Home security device shipments worldwide is expected to touch 700 Millions by 2019. According to Alarms.org, three-fourth of homeowners buy security systems that can be monitored through their mobile devices. While these systems saves time and provide convenience, they also become easy targets that hackers can infiltrate easily.

By hacking into the smartphone or a weak smart device, the hacker can take down the home security system thereby gaining access to the entire household. The same scenario applies to corporate offices as well, which makes IoT a certain Internet of Threats.

So, do these security threats mean that it is the end of the road for IoT app development? Not so. There are best practices that enterprises can embrace to insulate their IoT networks from vulnerabilities.

Best practices to establish security in IoT app development

IoT is a relatively new concept. The IT industry as a whole is yet to attain widespread knowledge and authority on its usage, maintenance and security. Here are some best practices that can help thwart the security risks involved in IoT app development.

#1 Review the risk involved

Having a brief idea of the risk landscape will help device a strategic security policy specifically for IoT devices. Penetration testing can be carried out to identify key vulnerabilities that should be addressed on high priority. For example, default public passwords is a vulnerability that can be resolved quickly without much ado.

#2 Setup device identity

Each device in the IoT network must be identified and tagged to grant secure access. Use secure over-the-air updates to keep the device security intact and in tune with the latest development.

#3 Encryption

More than the connected device, it is the data that it creates and exchanges that is of value. Every data exchange by the devices in the network should be secured with end-to-end encryption, code signing or with SSL certificates.

#4 Public Key Infrastructure

Public Key Infrastructure (PKI) can help create the basic framework required for authenticating device identities and for establishing the integrity of security patches. It also facilitates easier management of public-key encryption thus making it a perfect choice for establishing IoT security.

#5 Plan long-term

IoT is going to be here for the long-term. It is not any short-term fad that can be easily replaced. It is got a strong hardware presence which cannot be removed easily. Hence, any security measures made for IoT networks should be planned for the long-term.

What’s next?

With the promise of IoT comes several perils as well. IoT botnets can take down large-scale and sensitive connected networks, including urban infrastructure, home security systems, etc. McKinsey Global Institute estimates the economic impact that IoT can create to be in the range of $3.9 trillion to $11.1 trillion worldwide by 2025. But, the true economic benefit of IoT can be attained only if it is secured and insulated from security threats. To sum it up, security should be the bottom line of IoT app development. Without security, IoT can create more damage than the benefits that it can provide.

A Broad View of the Impact of Artificial Intelligence on Remanufacturing 

The advancement and utilization of Artificial Intelligence (AI) is poised to make a similar impact in the 4th Industrial Revolution we are currently experiencing as Henry Ford’s assembly line did over 100 years ago.  A convergence of machine learning algorithms, big data analytics, and connectivity between machines due to Internet of Things (IoT) capabilities are impacting and reshaping industry and business around the globe.  Here is a broad overview of some of the contexts within remanufacturing these advances are rapidly being applied.

Design for Remanufacturing

Barriers for remanufacturing can always be traced back to the initial product design stage.  If products were better designed to accomplish the goals of the remanufacturing process, massive improvements and efficiencies can be accomplished.  The adoption of ubiquitous information and communication technologies (ICTs) thanks to elements of advanced AI as described above continue to blur the lines between virtual environments and the real world to create more sophisticated cyber-physical production systems (CPPSs).

Advanced Remanufacturing Processes

Artificial intelligence technologies are exponentially expanding computing power and connectivity which results in greater volumes of data that can be analyzed in a more robust manner than ever before.  This will allow remanufacturers to think big and push the envelope to develop more ambitious goals and objectives for their programs.  Lack of data or advanced robotics capabilities will no longer be impediments for remanufacturers to successfully process a higher percentage of product components and materials.

Robotics in Remanufacturing

Robots have already proven their capabilities in remanufacturing under certain conditions with relatively small and simple batches of components that usually involve some significant human oversight.  Advances in AI are moving the needle in identifying and creating new patterns in the way humans and machines interact.  This application of emerging technology shows significant promise to expand the capabilities of robotics in remanufacturing to tackle progressively more complex scenarios with less and less human interaction with greater efficiency.

Critical Failure Prediction

In industrial manufacturing settings, there is continuous pressure to improve efficiency, increase productivity, and reduce costs.  IoT connectivity and other elements of AI are being brought to bear in this environment to improve predictive maintenance and avoid machine failure during critical phases of production.  These same benefits of monitoring automated equipment on the front-end of the manufacturing process can also deliver the same benefits to the remanufacturing setting as well.  Not only can unexpected downtime be eliminated, but the ability to plan and schedule preventive maintenance more proactively and efficiently can occur as well.

Inventory Forecasting

One of the most significant challenges all remanufacturers face is predicting how much demand there will be for returned products with the flow of returned items coming into the remanufacturing process.  Of course, the quality of the materials being returned can make a significant difference as well.  AI technologies can greatly improve upon existing forecasting models that attempt to predict product returns.  Elements of Big Data and Machine Language Learning can leverage and up-date real-time data on sales, product usage, and warranty activity and more accurately predict product life expectancy and the rate and timing of returns into the remanufacturing process.  

Resilient Remanufacturing Networks (ReRuN)

Sustainability is the objective of remanufacturing in a world that has shifted from a linear model where products used to end up in a landfill once they are no longer functioning for their intended use.  As a society, we continue to grow more aware of the finite nature of our natural resources that has led companies to produce products according to a circular model whereas many components of an item are reused as many times as is practical.  

As stated in the points above, AI and other emerging technologies are already making significant improvements in all phases of the product life-cycle that occur prior to remanufacturing.  By embracing a ReRuN mindset that is calculated as early as the product concept/design phase, remanufacturing outcomes are positioned for greater outcomes due to improved forecasting in all elements of the remanufacturing process.

Closed-Loop Supply Chain Management

There can be no true resiliency for remanufacturing unless a complete closed-loop supply chain management strategy is employed.  In-depth studies on remanufacturing are just now starting to take place and raise awareness of the opportunities to be leveraged during the remanufacturing process to impact economic and environmental sustainability.  The advances in AI and all emerging technologies will help put remanufacturing on equal footing with all other phases of product life cycle.  Because this emphasis on remanufacturing is just starting to expand and receive attention, it also holds the most potential for impacting the entire product lifecycle.

The Future is Now

In the news, every day we continue to see advancements in the development of products and processes that seem to be right out of science fiction movies and shows of the 1960’s and 1970’s.  From flying cars to putting a colony of people on Mars, humankind is entering a bold new era where we now have the technology to execute just about anything we can imagine.  This coupled with an increased global awareness of our finite resources and need to be good stewards of our planet, will continue to bring greater emphasis and attention to remanufacturing in all phases of the product cycle.  AI and other emerging technologies are finally catching up and giving industry the tools to create this new reality.

Joseph Zulick is a writer and manager at MRO Electric and Supply. MRO Electric and Supply maintains a comprehensive stock of FANUC CNC and FANUC Robotics parts which are used in several industries including but not limited to engineering, manufacturing, packaging, and plant automation.

In 2016, the Industrial Internet Consortium gained agreement upon an understanding of the term “trustworthiness” and its effect on design and operation of an industrial system. At the core of that understanding was a definition of trustworthiness and the designation of five characteristics that define trustworthiness.

As defined by the IIC in its recently released Industrial Internet of Things Vocabulary v2.1 document: “Trustworthiness is the degree of confidence one has that the system performs as expected. Characteristics include safety, security, privacy, reliability and resilience in the face of environmental disturbances, human errors, system faults and attacks.”

Let’s take a deeper look at the 5 foundational characteristics at the core of trustworthiness:

• Safety ensures that a system operates without causing unacceptable risk of physical injury or damage to the health of people. This protection of humans is focused either directly or indirectly, as the result of damage to property or to the environment.
• Security protects a system from unintended or unauthorized access, change or destruction while Information Technology (IT) security ensures availability, integrity and confidentiality (AIC model) of data at rest, in motion or in use.
• Reliability describes the ability of a system or component to perform its required functions under stated conditions for a specified period of time.
• Resilience describes the ability of a system or component to prevent or at least reduce any serious impact of a disruption while maintaining an acceptable level of service.
• Privacy protects the right of individuals to control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed.

Achieving trustworthiness in industrial IoT systems requires recognition that a complex IoT system is comprised of subsystems and the integral components of the subsystems. The trustworthiness of the overall system depends upon the trustworthiness of each of the subsystems and each of the components, how they are integrated, and how they interact with each other. Trustworthiness must be pervasive in IoT systems, which means there must be trustworthiness by design and a means to achieve assurance that the trustworthiness aspects have been addressed properly. Permeation of trust is the flow of trust within a system from its overall usage down to its smallest components and requires trustworthiness of all aspects of the system. Trustworthiness requires ongoing effort over time as systems and circumstances change.

As such, the IIC Trustworthiness Task Group, in close cooperation with the IIC Security Working Group, is tasked to frequently enhance and redefine the definition and role of trustworthiness in industrial systems as the IIoT continues to evolve. Ultimately, their goal is to moves system designers from traditional safety thought processes into a new paradigm for system design that takes into consideration all 5 of the trustworthiness characteristics and their interactions within the system.  

You can read more about trustworthiness and its relationship with industrial systems and the convergence of IT/OT in the Fall 2018 issue of ICC’s Journal of Innovation.

By Marcellus Buchheit, Co-founder of Wibu-Systems AG and President and CEO of Wibu-Systems USA

This blog originally appeared as a Wibu-Systems Blog

Internet of Things News, Podcasts, Events and Insights from Rob Tiffany

http://theinternetofthings.io/the-internet-of-things-review-issue-30/

Internet of Things Insights from Rob Tiffany

https://theinternetofthings.io/the-internet-of-things-review-issue-29/

Despite the great promise of IoT to improve business and society, many think it’s being held back due to complexity and the associated lack of required skills to make it a success. Is it possible that the antidote to this complexity and skill shortage problem lies in the existing open standards and technologies that comprise the World Wide Web? In this podcast, Rob Tiffany makes the case for using existing W3C standards to power the Internet of Things.

Check it out at https://theinternetofthings.io/iot-podcast-can-the-web-save-the-internet-of-things/ 

-Rob

Internet of Things Insights from Rob Tiffany

https://theinternetofthings.io/the-internet-of-things-review-issue-28/

Security systems installed in a typical facility consists of cameras, access control, intrusion sensors and fire alarms. Typically, these devices are places behind a firewall on a dedicated network. Building control systems are installed on a secondary network can contains lighting, HVAC, fire protection, elevators/lifts, chillers and air/moisture sensors. These systems serve their purpose and will continue to be adapted and make facility systems design more complicated. This complexity can be controlled using common development tools and platforms. Not only will this approach make the process of creating smarter, safer, more energy efficient systems but will also reduce the number accidental deaths and injuries that occur every year.

The redundant network design approach is not a very efficient nor cost effective way of operating a facility. This is starting to change as savvy building managers are making the decision to integrate security and building control systems and map them onto a single network. This can entail integrating multiple disparate systems, sensors, NVR devices and video management software. The concept of integrating a camera or access control system to an HVAC system, or a visitor/facility management system or edge recording device to a lighting or fire protection system may seem unusual to some. Yet, this is where many security systems integrators and manufactures are missing out on untapped applications and services opportunities. Modern integrated security and building systems can give facility managers and security directors the tools to improve, simplify operations and reduce the efforts of the operations staff and points of control teams.

In the past, the security industry has relied on it’s own approach to integrated systems know as physical security information management (PSIM). PSIM attempts to provide an open architecture to integrate multiple security system products into a single operating platform. This approach has been very hit-or-miss and has left a bad taste in the mouths of systems integrators and end-users. On the flip side of the coin, facility managers have their own integration platform known as a building automation system (BAS). As it relates to physical security, BAS systems are intended to integrate with PSIMs and control individual security systems. However, BAS systems come in many different flavors; many of them are not viewed in a glowing light by building operation end users. Past integrations are not all filled with doom-and-gloom. There are some successful integrations attempted by the collaborative efforts of building controls and physical security organizations. The question is why is this design practice not more common where the benefits and economics make sense?

In order to facilitate the adoption and implementation of an integrated system the use of open standard protocols is an absolute must. The building automation industry created BACnet and LONworks which allow for real-time remote connectivity between sensors, actuators, controller devices and software. In the case of LONworks, hardware manufactures have the ability to include a chipset with built-in building control system support. It took some time, but finally the security industry created the protocols ONVIF and PSIA. These open architectures allows the end-user to choose vendors selecting either security or BAS equipment based on features and price. The end-user can also decide to install partial system upgrades without the risk of making costly investments in obsolete legacy systems. With that said, The security industry is curious about implementing the building controls protocols but needs an easier way to integrate them into their hardware and software products in an ad-hoc applications based manner.

There are security directors that are not completely sold on the idea of integrating with building control systems. On the other hand, facility managers may question the benefits of sharing a network with security systems especially when functions do not overlap with life-safety systems. However, system integration between building controls, physical and now cybersecurity offers more than just staffing convenience and operational efficiency. Here are a few results from a truly integrated security system.

Faster Response to Incidents – With the use of a robust mobile software solution and integration approaches such camera-to-access control-to-lighting or HVAC staff members can be freed from a console which makes them readily available to respond to incidents or equipment failure.

Provide more accurate compliance reports – Data provided by building controls and security edge devices can be paired with artificial intelligence technologies such as neural networks and genetic algorithms. This helps facilities to comply with government regulations with regards to security.

Reduce accidents and save money – Integrated systems provide better control of building and security systems. For example, if some accidentally stumbles into a restricted area or manages to make it to overly heated or chilled area the access control system, Variable air volume (VAV), or other HVAC system components can send alerts and create historical trend reports. Also a single network architecture can make managing system components easier.

Integrated building control and security systems are gaining some traction. However, it is still not a mainstream approach among many manufactures and systems integrators. One proposed solution is to utilize a common platform that is utilizes the industry protocol standards as application and system component building blocks.

The dream of making money with IoT, AI and Blockchain

Have you ever think about how could you make money with the Internet of Things (IoT) or Artificial Intelligence (AI) and of course with Blockchain?  What would happen if you could use the three of them in a new business model?.  Apparently, Success, Success and Success.

In the next sections I provide information of some business models implemented with these three technologies.

IoT Business Models

As IoT moves past its infancy, certain trends and economic realities are becoming clear. Perhaps the most significant of those is the realisation that traditional hardware business models just don’t work in IoT. Take a look at “The top 5 most successful IoT business models” that have emerged as particularly effective applications for IoT.

If any of you is building an IoT product, this article ” IoT Business Models For Monetizing Your IoT Product”  show how to make money with IoT.

Zack Supalla, the founder and CEO of Particle, an Internet of Things (IoT) startup, suggest “6 ways to make money in IoT”.

Finally, in “How IoT is Spawning Better Business Models” we can read three ways companies like Rolls Royce, Peloton, MTailor or STYR Lab  was rethinking their business model and have created revolution in the marketplace. 

Blockchain Business Models 

It sounds repetitive, but yes "Blockchain technology may disrupt the existing business models”. The authors´ s findings concerning the implications of blockchain technology for business models are summarised in the following picture.

Do you think that blockchain will likely to cut into big-players’ revenues? Then, this article: “New Blockchain-Based Business Models Set to Disrupt Facebook and Others”, is for you.

If you are ambitious and you are planning to build a viable business on blockchain, then read “Building an International Business Model on Blockchain”.

I am also an advocate of the coming era of decentralization (at least in my most optimistic version) and Blockchain is a step more to create value when the End of All Corporate Business Models will arrive.

AI Business Models 

Companies from all industries, of all shapes and sizes are thus faced with an important set of questions: Which AI business models and applications can I use ? And what technologies and infrastructures are required?.

It seems that we all are convinced that artificial intelligence is now the most important general-purpose technology in the world that can drive changes at existing business models. Not surprised then, that  AI is Revolutionizing Business Models.  The “data trap” strategy, that in venture capitalist Matt Turck’s words consists of offering (often for free) products that can initialize a data network effect. In addition, the user experience and the design are becoming tangibly relevant for AI, and this creates friction in early stage companies with limited resources to be allocated between engineers, business, and design.

This article introduces  some good examples of AI business models :

New Business models with the intersection of IoT, AI and Blockchain

With IoT we are connecting the Digital to the Physical world. Connected objects offers a host of new opportunities for companies, especially in terms of creating new services. The amount of data generated by the billions of connected objects will be the perfect complementary feed to many AI applications. Finally, blockchain technology could be used to secure the ‘internet of things’ and create smart contracts in a decentralized infrastructure that boost the democratization of technology and creation of sustainable communities.

You must remember that new business models that include IoT, AI and blockchain need among other characteristics: Volume and Scalability. Volume of devices, Volume of data, Volume of customers, volume of developers and powerful ecosystems to escalate. 

Good luck in your search and implementation of your new business model.

Thanks for your Likes, Comments and Shares

With any security system involving a human component, there’s a careful balance between requisite security measures and the user experience. The reason most of us have one or two locks on our front door – instead of twenty – isn’t because we don’t want more security, it’s that the experience would be far too much of a daily hassle.

When it comes to IoT security, the balance is askew in the other direction: the marketplace is glutted with lower end IoT devices that privilege a simplified user experiences over robust security. While this strategy allows consumers relative ease and a frictionless process in activating smart home and other internet-connected products, this devaluing of security leaves a virtual unlocked front door for malicious hackers who have little difficulty in accessing these devices. A largely unsecure IoT industry is proving time and time again to have significant and harmful repercussions, in the form of the mayhem that hackers can inflict on vulnerable users, and for the internet at-large as devices are corrupted for use in devastating IoT botnet-based DDoS attacks that continue to make headlines.

The need for security is, of course, a major issue that the IoT industry must overcome. Even as Gartner foresees the IoT rapidly expanding to 20.4 billion devices by 2020, a recent market survey finds that 90% of consumers do not have confidence in the security of IoT devices. In the same way, IoT security – and customer confidence in it – is just as important to the enterprise, as commercial IoT applications may provide personalized services that utilize sensitive data, involve monetary transactions, or offer other features requiring authentication that is unquestionably safe and frictionless for customers. Altogether, this makes IoT security a key concern that absolutely must be resolved for the IoT industry to have longer term staying power and to reach its full potential.

Passwords are (rightfully) going extinct

Passwords continue to be the default option for account security across all industries. While common, they’re also an overly complex user authentication method that are becoming less effective in securing access, while also becoming more frustrating and challenging from a UX perspective.

Forgetting your password requires ones to waste time with reset emails and security questions – if we can remember them -  a cumbersome process equivalent to fumbling with twenty door looks.  And beyond delivering a subpar UX, most IoT devices are manufactured without a traditional security interface (no screen, no keypad), leaving passwords a poor candidate for IoT security and leading enterprises across industries seek alternative and more secure ways for authenticating users.

Biometrics are the answer to the IoT’s present – and long term – security needs

Biometric security measures are growing in popularity and in widespread use.  Smart phone users are deploying fingerprint identification or facial recognition to unlock screens. Alexa, Siri, and other voice-activated tools have made talking to your technology commonplace, increasing demand for voice-based authentication as a common security solution.

The biometric approach to security is particularly well-suited to the IoT, though, and offers a compelling synergy with the desires of today’s businesses to establish more personalized interactions and relationships with customers. As demonstrated by the rise of chatbots, brands are evolving to include personalities that go beyond mascots and logos. Businesses want the customer’s brand experience to feel familiar – acquaintances and friends don’t require identification when they see you.  Biometric authentication enables a more natural and passive experience, whether that’s opening the smart home lock on your front door, activating IoT devices inside, or interacting with brands and their products by other means.

In addition to the stylistic advantages, several technical advances have enhanced the current viability of biometric security for the IoT. The memory footprint of biometric security algorithms are getting smaller while also getting more efficient.  Algorithms as small as 2MB now have the capability to fully secure IoT devices. And these algorithms are also becoming smarter and can thwart spy movie-esque attempts at trickery; for example, biometrics can now distinguish between your voice and a recording of it. Backed by AI and machine learning that studies individual user behavior, biometrics can also now authenticate users by their gait, how they type, how they apply pressure to a touchscreen, and plenty more of the things that make you, you.

Secure authentication is the only way to commercialize IoT in the enterprise. When this happens, there will be proper verification of monetary transactions and sensitive personal data can be shared. The challenge for the industry is to provide a secure, frictionless (passive) authentication that fully takes advantage of the IoT without compromising the UX.

With the death of passwords accelerating and the stakes of security for IoT industry health so high, the arrival and incorporation of highly capable biometric security measures within IoT devices is certainly a welcome one.

Although it took some time to manifest, nation-states have realized the potential for cyber espionage and sabotage on IoT devices.

The latest news

On April 16, 2018, the US authorities issued a warning that government-backed Russian hackers are using compromised routers and other network infrastructure to conduct espionage and potentially lay the groundwork for future offensive cyber operations.

In a joint statement, the US Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI), along with the UK's National Cyber Security Centre (NCSC) - the cyber arm of Government Communications Headquarters (GCHQ) - said that Kremlin-backed hackers are using exploits to carry out malicious attacks. The hackers are using compromised routers to conduct man-in-the-middle attacks to support cyber espionage, steal intellectual property, and maintain persistent access in victim networks for use in additional campaigns.

U.S. CERT noted that cyber actors are exploiting large numbers of enterprise-class and residential routers and switches worldwide to enable espionage and intellectual property theft.

A growing concern

This is just the most recent of several incidents wherein nation-states have used connected devices for their goals.

A spying campaign called “Slingshot” targeted at least 100 victims in the Middle East and Africa from at least 2012 until February 2018, hacking MikroTik routers and placing a malicious dynamic link library inside to infect target computers with spyware components.

In another incident, nation-state actors left political messages on 168,000 unpatched IoT devices. The attackers used a bot to search the Shodan search engine for vulnerable Cisco switches and were easily able to exploit a vulnerability in Cisco Smart Install Client software to infect and “deface” thousands of connected devices with propaganda massages.

The west is also toying with IoT devices

Russia and China are not alone in investigating the potential of exploiting IoT devices. In 2016, US intelligence chief James Clapper acknowledged that the US would consider using the Internet of Things to spy on adversaries. More recently, the Dutch Joint Cyber SIGINT Unit hacked a CCTV camera to spy on a Russian cyber group called ‘Cozy Bear.’ As a result, they were able to identify many of the members as employees of the Russian Foreign Intelligence Service.

As western countries become more aware of espionage efforts by foreign governments, it is not surprising that they are fighting back by trying to reduce the attack surface. Several Chinese CCTV manufacturers were recently flagged for having built-in backdoors that could allow intelligence services to syphon information. Dahua, a maker of CCTV cameras, DVRs and other devices was forced to issue an emergency patch to its connected devices. Camera models from Shenzhen Neo Electronics were also exposed to have a severe security flaw. Finally, the largest maker of surveillance equipment in the world, HIKvision, was accused of having a backdoor and banned by certain US bodies.

What’s next?

While the potential for information collection through IoT devices is enormous, we shouldn’t forget that these are physical devices deployed in the real world, so hacking them can have real consequences.

Doomsday scenarios

Here are just four of many potential “doomsday scenarios” that could result from IoT device hacking:

Grid manipulation attacks

Power grid security has received the appropriate attention in recent years, due in part to large scale cyber-attacks on power grids around the world. But what if, instead of hacking secured power plants, a nation-state was to hack millions of smart devices connected to the power supply, so that it could turn them on and off at will? That would create spikes in local and national power consumption, which could damage power transformers and carrying infrastructure, or at the very least, have substantial economic impact.

Power companies try to balance consumption loads by forecasting peak consumption times. For example, in the UK, demand spikes are as predictable as half-time breaks in football matches or the conclusion of an Eastenders episode, both of which require an additional three gigawatts of power for the roughly 3-5 minutes it takes each kettle to boil. The surge is so large that backup power stations must go on standby across the country, and there is even additional power made available in France just in case the UK grid can’t cope. 

But since no one could anticipate an IoT “on-off” attack, nobody could prepare standby power, and outages would be unavoidable. In addition, power production, transportation and storage costs would be enormous.

Smart utilities

By attacking Internet-facing utility devices such as sewage and water flow sensors and actuators, attackers could create significant damage without having to penetrate robust IT or OT networks.

Smart city mayhem

Having a connected urban infrastructure is a terrific thing. The problem is that once you rely on it, there is no turning back. If the connected traffic lights, traffic monitoring cameras and parking sensors are taken offline or manipulated, cities could suffer with large scale interferences to their inhabitants’ daily lives. For example, shutting down connected street lighting could impact millions.

Simple terror

Since we are all aware of the potential impact of a devastating cyber-attack, it would not take much to invoke large-scale hysteria. Just imagine someone hacking a street sign and altering it to display messages from the country’s enemies.

Summary

Nation-states have long targeted IT infrastructure to gather intelligence and intellectual property, but their focus has shifted to OT/industrial networks with the aim of facilitating disturbances and physical sabotage. IoT seems to be the new domain in which proficient bad actors can collect information, create disturbances, cause large-scale damage, and inflict terror and panic. The IoT is both insecure and increasingly ubiquitous, and these characteristics make it attractive for hackers and guarantee continued exploitation.

We often don’t compare technology to fable stories, but when it comes to the internet of things (IoT), the story of Pandora’s Box comes to mind. It’s a technology that has great potential, but where the weakness and possibilities lie are in it’s lack of basic security measures. We might even go as far as to say, what security? These are the concerns we’re thinking about at IT Security Central.

As a completely remote company, we’re taking measures to understand how the internet of things can impact our company data security. Hackers look to exploit technology vulnerabilities to access valuable information. Hacking an IoT connected fish tank, smart fridge - these aren’t far-fetched stories. These are stories that are happening now. 

The lack of secured IoT devices starts in the development phase. These devices are developed on a basic linux operating system with default codes that buyers rarely change. When these devices are developed, security isn’t on the agenda; rather, developers are looking at human behaviors and outside threats. When they should be looking inwards.

An unsecured IoT device is the weak link in the connection. As one of the fundamental purposes of the technology is to provide connection and accessibility, this one weak link can bring down the entire network. And if your remote worker’s BYOD devices are in someway connected to that network, your company just became vulnerable.

Remote workers or ‘the gig economy’ is expected to increase in frequency. According to the Global Mobile Workforce Forecast Update, employees working remotely is suppose to increase to 42.5% of the working population by 2022. At that time, the world is projected to see half of its population working outside the office either full-time, or part-time. 

Security vulnerabilities, remote workers and IoT - where is the connection? The scary thing, remote workers are likely to already have IoT devices in their work environment, and most likely, they are not protected. These devices can mostly be smart home devices that workers have acquired to make their daily lives easier. Common devices include Amazon Echo, Neo and GeniCan.

The first step in active prevention is to make your employees aware of the importance of data security and then aid them with the tools for success.

Best Practices for Protecting Your Network (from Remote Workers)

With the wealth of internet-based security technologies, the idea of protecting your network with in-house servers and the traditional firewall is (well) old school. With cloud-based companies, you can now access and protect data in easy step-by-step processes, and the best news, most of these companies do the data management for you.

One of the most progressive approaches to remote worker security would be to adopt a monitoring service to collect data and actively look for anomalies in the network. Through data collection and analysis, a monitoring software creates a user profile of normal, everyday behavior. The administrator can set ‘alerts’ for when certain data repositories and files are accessed, or when sensitive data is moved. The longer a data breach goes undetected, the larger financial implication for the company. Requiring remote workers to download and use a remote monitoring software is one of the highest levels of protect against data loss.

But if monitoring isn’t on your agenda, these are a few basic tactics that employers can encourage remote workers to undertake.

Permissions Management

Though the workers are remote, administration can set limits to data access. This process starts by undergoing a through analysis and understanding of each position. It’s important to understand who needs access to what information, and who doesn’t need access to information. Once this is understood, administrators can restrict information, and they can also set ‘alerts’ when information is accessed without prior approval.

Home Network Policy

Once employees leave the brick & mortar walls, the manager has little access where and on what internet network they’re accessing information. But don’t fret, this freedom and flexibility is part of what make remote work appealing. Where privacy might be a factor, we don’t suggest to go as far as asking remote workers to eliminate IoT devices on their network. Rather, we encourage to create a policy that specifically states the security requirements that the IoT must have in order for the work network to be accessed. By educating your employees, you can save them and data loss heartbreak.

Encryption

Encryption, encryption, encryption. You’ve heard the importance of encryption. For remote workers, the company can never be too safe, so they should go the extra mile and set remote workers up on an encrypted network. A VPN ensures all connections and communications are encrypted when the network is accessed. Don’t worry about IoT connectivity in their home, or when remote employees connect to an unsecured public wi-fi connection. A VPN provides the next level of security through encryption, and a hacker won’t be able to access communication or data without alerting administrators to a potential breach. 

IoT devices are already integrating into our at-home lives, and when remote workers access their at-home networks, suddenly the topics collide. As more workers go remote, it’s important to look inwards towards security to see how everyday IoT devices impact company data. Take the time to ensure that remote workers are protecting the network effectively.

Guest post by Isaac Kohen. Isaac Kohen is the founder and CEO of Teramind (https://www.teramind.co/), an employee monitoring and insider threat prevention platform that detects, records, and prevents, malicious user behavior in addition to helping teams to drive productivity and efficiency. Isaac can be reached at ikohen@teramind.co. Connect with Isaac on social media: LinkedIn, IT Security Central and Twitter @TeramindCo.