A new strain of the famous Mirai IoT malware surfaced recently, with the discovery by Chinese researchers of exploit code targeting networking equipment. Previously, Mirai was known for having infected thousands of webcams, security cameras, and DVRs, and then using those devices to launch DDoS attacks. The exact aims of the new variant are still unknown, but it’s another reminder of the very serious security issues presented by the IoT.

Last month, a Gemalto survey took a closer look at those issues and people’s perceptions of them. An overwhelming 90 percent of consumers reported that they lack confidence in the security of IoT devices. Their most common fear (65 percent of respondents) is that a hacker could gain control of their devices, while 60 percent worry about their data being stolen via connected devices. In spite of such concerns, over 50 percent of consumers now own an IoT device (on average two) but only 14 percent believe that they are extremely knowledgeable when it comes to the security of these devices.

The survey also set out to discover how IoT companies addressing these concerns. The survey found that IoT device manufacturers and service providers spend just 11 percent of their total IoT budget on securing their IoT devices. These companies do, however, appear to recognize the importance of protecting devices and the data they generate or transfer, with 50 percent of companies reportedly having adopted a “security-by-design” approach.

Two-thirds of organizations reported that encryption is their primary method of securing IoT assets, with 62 percent encrypting the data as soon as it reaches their IoT device, and 59 percent encrypting as it leaves the device. Encouragingly, 92 percent of companies said they see an increase in sales or product usage after IoT security measures have been implemented. Also encouraging; businesses are realizing that they need support in understanding IoT technology and are turning to partners to help, with cloud service providers (52 percent) and IoT service providers (50 percent) reported as the favored options.

While these partnerships may encourage adoption, most organizations (67 percent) admitted they don't have complete control over the data that IoT products or services collect as it moves from partner to partner, potentially leaving it unprotected.

Stakeholders on all sides are looking to the government for guidance. The survey found that almost every business organization (96 percent) and consumer (90 percent) is looking for government-enforced IoT security regulation.

As new malware continues to exploit gaps in the IoT ecosystem, both consumers and businesses are justified in their lack of confidence in service providers and device manufacturers. The EU is demonstrating with its GDPR law that it recognizes the importance of this issue and that effective legislation is possible. Here in the U.S., each of the groups involved in the IoT ecosystem – manufacturers and cloud service providers, not to mention the government – should adopt a 'security-by-design' philosophy. 

There is a lot of talk, and, indeed, hype, these days about the internet of things. But what is often overlooked is that the internet of things is also an internet of shared services and shared data. What’s more, we are becoming too heavily reliant on public internet connectivity to underpin innovative new services.

Take this as an example. Back in April, Ford Motor Company, Starbucks and Amazon announced and demonstrated an alliance that would allow a consumer to use Alexa to order and pay for their usual coffee selection from their car. Simply saying, “Alexa: ask Starbucks to start my order,” would trigger the sequence of events required to enable you to drive to the pickup point and collect your already-paid-for coffee with no waiting in line.

Making that transaction happen behind the scenes involves a complex integration of the business processes of all the companies involved. Let’s be clear: this is about data protection. For this series of transactions to be successfully handled, they must be able to share customer payment data, manage identity and authentication, and match personal accounts to customer profiles.

Because all of that critical data can be manipulated, changed or stolen, cyberattacks pose significant data protection risks for nearly any entity anywhere. The ambition of some of these consumer innovations makes an assumption that the “secure” network underpinning this ecosystem for the transfer of all that valuable personal data is the public internet. And that’s the point – it’s not secure.

As we’ve talked about previously on Syniverse's blog Synergy, the public internet poses a systemic risk to businesses and to confidential data. In short, when we are dealing on a large scale with highly sensitive data, the level of protection available today for data that, at any point, touches the public internet is substantially inadequate.

And this alliance between Ford and Starbucks is just one example of the type of innovation, across many different industry and consumer sectors, that we can expect to see a lot of in the very near future. These services will connect organizations that are sharing data and information about businesses and about consumers – about their purchase history, their preferences and requirements, and also about their likely future needs. This is potentially a very convenient and desired service from a consumer’s point of view, but at what cost?

We need security of connectivity, security from outside interference and the security of encrypted transfer and protection for our personal and financial data. And we need to be able to verify the protection of that data at all times by ensuring attribution and identity – both concepts we’ll explore more deeply in an upcoming blog post. And that’s a level of security that the public internet simply cannot provide.

Last month, an internet-based global ransomware attack took down systems and services all over the world – affecting sensitive personal healthcare data in the U.K. in particular.

Whether it is personal health records, financial records, data about the movement of freight in a supply chain, or variations in energy production and consumption, these are digital assets. Businesses, institutions and government bodies all over the world have billions of digital assets that must be constantly sent to and from different parties. And those assets require the type of high-level data protection that is not currently possible because of the systemic risk posed by the insecure public internet.

As mentioned in my last blog post on Synergy, there is an alternative. Some companies using private IP networks were able to carry on regardless throughout the high-profile cyberattacks that have been capturing headlines in the last year. That’s because those companies were not reliant on the public internet. Instead, they were all using what we are beginning to term “Triple-A” networks on which you can specify the speed and capacity of your Access to the network while guaranteeing the Availability of your connection. What’s more, on a Triple-A network, Attribution is securely controlled, so you know who and what is accessing your network and the level of authority granted both to the device accessing the network and to its user.

The public internet cannot provide or compete with a Triple-A level of security, and nor should we expect it to. It cannot live up to the stringent data protection requirements necessary for today’s critical digital assets. We cannot remain content that so much infrastructure, from banking, to transport and to power supplies, relies on a network with so many known vulnerabilities. And we must consider whether we want to carry on developing an industrial internet of things and consumer services on a public network.

We will continue to explore these issues on this blog, to highlight different approaches, and examine the requirements of the secure networks of the future. And in the process, we’ll take a look at the work being done to build more networks with a Triple-A approach.

In IoT ecosystem, gateway security is of prime importance since it is the key piece of data collection in the connected system. But how to ensure security of IoT gateways? Read this blog to find different ways to secure IoT gateways.

Along with many technological, environmental, and economic benefits, the rapidly moving connected world also represents an array of growing attacks like side-channel attacks, fault attacks, physical tampering, etc. Considering these risks, ensuring security and robustness of IoT becomes inevitable, in which IoT gateways play an important role.

IoT Gateways are undoubtedly the heroes of whole IoT paradigm, as they are the key piece of data collection in the connected system. In IoT ecosystem, security is the key aspect, in which, IoT gateway security is of prime importance since a secured gateway enables robustness of the entire IoT environment. If there are no sufficient security measures, there are chances of potential risks like malicious threats, spoofing, man-in-the-middle (MITM) attacks, data snooping, etc. If you lose a gateway in the middle of the communication chain, it will jeopardize the entire IoT ecosystem as gateway act as a gate or bridge between the edge devices and cloud.

So how do you know whether your IoT gateway is secure or not?

Listed below are some common questions related to the security of IoT gateways. If your concern matches with any of the below questions, then there is the need to consider gateway security for your IoT ecosystem:

• How can edge device sense and prohibit unsecured gateways, or vice versa?
• How can peripherals ensure their data are successfully relayed in the face of gateways?
• What happens if someone snoops the data from the gateway?
• What if the gateway is located in a remote location and is sending incorrect information to the cloud? In this case, how can gateways help in reverting information?
• Is it possible for gateways to build and demonstrate reputation-based trust?

Trustworthiness of gateway is the key aspect in the IoT ecosystem. To overcome the security concern, let’s explore some of the key hardware security aspects that can be implemented to secure IoT gateways.

TPM (Trusted Platform Module)

What is TPM?

It is a microprocessor that integrates with system hardware on a gateway to perform crypto operations, such as key generation, key storage and protects small amounts of sensitive information, such as passwords, measurement data for boot software and cryptographic keys to provide hardware-based security.

How does it work?

TPM is often built into a system to provide hardware-based security. It is a combination of hardware and software to protect credentials when they are in unencrypted form.  TPM is based on a trusted execution environment (hardware root of trust) that provides secure storage of credentials and protected execution of cryptographic operations. It is isolated from the main CPU and implemented either as a discrete chip, a security coprocessor or in firmware.

• Microprocessor scans the firmware and validates the key. If the key is valid, then the processor begins executing the firmware, but if not then, processor halts.
• The TPM is used to store platform measurements that help ensure that the platform remains trustworthy. It contains a set of registers that comprise of RTM measurements for launch modules of the boot software.
• The computing platform must have a root of trust for measurement (RTM) that is implicitly trusted to provide an accurate validation of the boot code modules. The TPM provides the root of trust for reporting and a root of trust storage for the RTMs. The TPM stores a set of “known good” measurements of boot components that are securely generated and stored.

Hardware Root of Trust/Chain of Trust: It is the fundamental part of secured computing. The secure boot process is utilized to implement a chain of trust.

• Bootstrapping is a secure system or device that involves a chain of steps, where each step relies on the accuracy and security of the previous one. At the end of the chain, you assume or verify the correctness of the last step – this step becomes the Root of Trust (RoT). The Root of Trust is provided by hardware services, including cryptographic support, secure key storage, secure signature storage, and secure access to trusted functions. This allows the creation of a trusted module forming the basis, or root, for validating other components within the system.  The chain of trust begins with the bootloader.  From this boot loader, the OS is validated, and from the OS, the applications are validated, creating a chain of trusted elements.

TEE (Trusted Execution Environment)

What is TEE?  

The TEE is an insulated and secure area of the main processor providing security functionality for application integrity and confidentiality. The TEE differentiates between security functionality and operational functionality.

How does it work?

• It mainly consists of three parts: Trusted OS, internal micro-kernel, and APIs. Used for security check parallel to standard OS.
• Common security functions include isolated execution of security operations, the integrity of code loaded and data stored and confidentiality of data stored in the TEE. It protects data-at-rest and data-in-use within the TEE.
• It also provides higher performance and access to a large amount of memory.

Security properties that TEE can achieve

1. Isolated execution
2. Secure storage
3. Device identification
4. Device authentication
5. Platform integrity

All the above security properties can be achieved using the measured boot, secured boot, and attestation.

• Secured Boot: It is a security standard verified by the trusted OEMs that ensures authenticity and integrity of a device’s boot. When the first boot happens, only the validated code from the device OEM is allowed to run to verify and validate the authenticity of software present in the gateway. This prevents attackers from replacing the firmware with versions created to perform malicious operations. It provides the APIs required for code signing, code validation, and secure firmware updates.
• Measured Boot: Measured boot is generally used for integrity protection. As anti-malware software has become better at detecting runtime malware, attackers are also becoming better at creating rootkits that can hide from detection. Detecting malware that starts early in the boot cycle is a challenge. At this time, measured boot measures each block, from firmware up through the boot start drivers, stores those measurements on the hardware, and then makes a log that can be tested remotely to verify the boot state of the client.
• Attestation: In cloud computing scenario, attestation is an essential and interesting parameter, often rooted in having trusted hardware component to build trusted system. It is basically used in the process of validating integrity in terms of software and information for securing embedded systems. Attestation uses cryptography identity techniques that confirm the identity and authentication credentials of remote devices, without revealing the devices and their own identities.

IoT gateways are crucial to addressing the inherent complexity. By using the pre-ensured hardware building blocks like TEE and TPM, you can secure the whole communication chain from the connectivity of legacy devices, data storage on a gateway, secure data transmission as well as the fast deployment of data on the cloud to perform intelligent analytics.  There should be some programmable architecture that ensures confidentiality and integrity against specific attacks. So, layered IoT gateway security is essential.

For more information on our security capabilities, visit: From edge to cloud: A comprehensive look at IoT device security

Let’s just say it: The public internet is great, but it’s an unfit, wide-open place to try to conduct confidential business.

More and more, the public nature of the internet is causing business and government leaders to lose sleep. The global ransomware attacks this year that crippled infrastructure and businesses across Europe clearly shows the concern is not only justified but also growing.

As a result, internet and privacy regulations, like GDPR and PSD2, are front and center as governments around the world increasingly look at the web and how it’s being used. This is creating competing and contradictory objectives.

On the one hand, governments want to protect consumer privacy and data; on the other, they want to be able to monitor what certain folks are up to on the internet. And in both cases, they can at least claim to be looking to protect people.

Regardless of the difficulty of the task, there is no doubt the big governments are circling and considering their options.

Speaking in Mexico in June, Germany Chancellor Angela Merkel touted the need for global digital rules, like those that exist for financial markets, and that those rules need to be enforceable through bodies like the World Trade Organization.

From a business perspective, I can applaud the ambition, but it does seem a little like trying to control the uncontrollable. The truth is that the public internet has come to resemble the old Wild West. It is an increasingly dangerous place to do business, with more than its fair share of rustlers, hustlers, and bandits to keep at bay.

The public internet connects the world and nearly all its citizens. When it comes to connecting businesses, national infrastructures, and governments themselves, trying to regulate the Wild West of the public internet simply isn’t an option. Instead, it’s time to take a step back and look for something different.

We believe organizations that want to conduct business, transfer data, monitor equipment and control operations globally – with certainty, security and privacy – should not be relying on the public internet. The sheer number of access points and endpoints creates an attack surface that is simply too wide to protect, especially with the increased trending of fog and edge networks that we’ve discussed on previous Syniverse blog posts.

Just last week, the online gaming store CEX was hacked. In an instant, around two million customers found their personal information and financial data had been exposed. Consumers in America, the U.K. and Australia are among those affected. As I said, the public internet presents an ever-widening attack surface.

Recently on the Syniverse blog, we’ve been talking about the need to develop private, closed networks where businesses, national utilities and governments can truly control not just access, but activity. Networks that are always on and ones where the owners always know who is on them and what they are doing. Networks that are private and built for an exact purpose, not public and adaptable.

Trying to apply or bolt on rules, regulations and security processes after the fact is never the best approach.  Especially if you are trying to apply them to a service that is omnipresent and open to anybody 24/7.

When we look at the public internet, we see fake actors, state actors, hackers and fraudsters roaming relatively freely. We see an environment where the efforts to police that state might raise as many issues as they solve.

Instead, it’s time for global businesses to build a new world. It’s time to leave the old Wild West and settle somewhere safer. It’s time to circle the wagons around a network built for purpose. That is the future.

This infographic takes a look at the number of devices, incidents and vulnerabilities in medical devices. 

In my recent interview with Sam Shawki, the founder and chief executive officer of MagicCube, I wrote about getting a new Ram Truck and noted that it was a beast not just in size and towing power, but a beast of electronics and connectivity. According to Intertrust Technologies, the percentage of new cars shipped with Internet connectivity will rise from 13% in 2015 to 75% in 2020, and that in 2020, connected cars will account for 22% of all vehicles on the road. That number is sure to grow. More stats in the infographic below. 

Not far from San Francisco International Airport, San Bruno is a quaint middle-class residential suburb, yet underground in San Bruno was a gas pipeline controlled by SCADA software that used the Internet as its communications backbone. On Sept. 9, 2010, a short circuit caused the operations room to read a valve as open when it had actually closed, spiking the readings coming from pipeline pressure sensors in different parts of the system. Unbeknownst to the families returning home from ballet and soccer practice, technicians were frantically trying to isolate and fix the problem. At 6:11 pm, a corroded segment of pipe ruptured in a gas-fueled fireball.

The resulting explosion ripped apart the neighborhood. Eight people died. Seventeen homes burned down. The utility, PG&E, was hit with a $1.6 billion fine.

The accident investigation report blamed the disaster on a sub-standard segment of pipe and technical errors; there was no suggestion that the software error was intentional, no indication that malicious actors were involved. “But that’s just the point,” Joe Weiss argues. “The Internet of Things introduces new vulnerabilities even without malicious actors.”

Joe Weiss is a short, bespectacled engineer in his sixties. He has been involved in engineering and automation for four decades, including fifteen years at the respected Electric Power Research Institute. He has enough initials after his name to be a member of the House of Lords—PE, CISM, CRISC, IEEE Senior Fellow, ISA Fellow, etc., all of which speak to his expertise and qualifications as an engineer. For instance, he wrote the safety standards for the automated systems at nuclear power plants.

The problem, Weiss claims, is using the internet to control devices that it was never intended to control. Among these are industrial systems in power plants or factories, devices that manage the flow of electricity through the energy grid, medical devices in hospitals, smart-home systems, and many more.

Continue reading this article on Quartz.

Threat actors have weaponized the Internet of Things (IoT) and connected devices.

They’re using unsecured IoT devices and creating botnets to launch catastrophic distributed denial of service (DDoS) attacks. This has given rise to the DDoS of Things (DoT).

LEARN MORE IN THE DDOS OF THINGS INFOGRAPHIC

Additional information here.

Blockchain is a form of technology that had over $1 billion invested in it in 2016 alone. While this technology is far from new, it is one that grew in popularity thanks to Bitcoin. With it, a digital ledger is created that allows online records to record transactions, and ensure that all information is verified by another source to confirm accuracy. The network created by blockchain scans a number of computers within the same network. With each transaction, the size of the database grows and the number of users that access and manage the transactions increases.

Unique software is required for a blockchain to be run. When it is created, it is near instantaneous, and that means there isn’t the ability to alter transactions before they become recorded. This cuts down on the risk of fraud in most sectors which makes it appealing. It is also encoded and hashed in batches, so that the blocks of several bits of data create a chain. This allows for validation to occur at the same time, and protects the security of the system running it. Each time a transaction takes place, a unique transaction number is encrypted that show everything that took place in the transaction. Since several computers make up the different portions of the blockchain, it is nearly impossible for fraudulent activity to occur.

While Bitcoin and virtual currency is still where the bulk of blockchain is used, many companies are searching for ways to add it to their own applications beyond currency. This would help to reduce conflicts that are the results of disputes and even things like land rights, or legal items could be verified and the accuracy and lack of fraud would ensure that sensitive items such as these would constantly have more authenticity and reduce many legal woes.

However, not everyone is on board yet. Some companies are still concerned that since this technology is still in a relatively infancy, there is a need for proven transparency and someone to remain accountable for the data that is obtained. Since the process is also labor intensive, there would need to be dedicated users who solely work on the blockchain that is being handled. This would need to be people who have a basic understanding of IT and the way that it would be used for blockchains.

Another concern is the amount of resources it would take. There would need to be high end machines that handled the resource intensive nature of the software. Additionally, companies would need frequent access online to continue update and building the information. With more countries blacking out sections of the internet, this could prove to be a problem.

Blockchains are destined to become a more significant part of our industry. It is important that the technology is continued to be advanced, so more companies have a chance to benefit from it. After all, it is the technology that will help to boost security and ensure that there is something in place we can depend on. With Bitcoin showing it is already possible to succeed with this technology, there is little doubt that success will be had. 

About Bill McCabe/ Internet of Things Recruiting - Executive Search/ Retained Search for the Internet of Things/ Machine 2 Machine/ Big Data Markets

IBM IOT Futurist - see you at #IBMInterconnect - March 19-23 Las Vegas

Top 50 IOT Authority on Twitter - per IoT Central

Need Help finding your next Big Data or IOT Employee or If you require the top 5% of IOT talent let’s talk. Drop me a line or use this link to schedule an IOT Search Assessment Call Click Here to Schedule

OR Contact me at 303-337-7871

Wearable devices have become hugely popular in recent years, to the point where it’s no longer novel to see people wearing smartwatches and fitness trackers out in public, or even in the workplace. As much as these devices have allowed for new experiences and added convenience in business and professional settings, they also come with a certain level of risk.

In business cases, a number of companies are now considering wearables as devices to use in their health and wellbeing strategies, or even for staff tracking and other operational functions. Is this a good thing for the employment relationship, and should employees have concerns regarding their privacy and the use of mandated wearable technology?

Full Disclosure Will Be Key to the Acceptance of Workplace Wearables

In an age when the majority of electronic devices are becoming increasingly connected, it is reasonable that the average person should have some concerns regarding their privacy. In personal life, a user can take their own steps to protect their personal data; so what happens when it’s an employer that controls the collection, storage, and use of personal data?

For any organization to be able to make use of wearables for any kind of employee tracking or data collection, it is important that full disclosure is made. Employees need to know what data will be collected, how they are expected to provide it (through wearables or other biometric devices), and how that data will be used. Employers have an obligation to provide all of this information upfront, and an element of transparency will help to facilitate the acceptance of any new workplace policies regarding mandatory wearable devices.

Data Protection is a Non-Negotiable Obligation

Being transparent is the first step, but it’s not enough on its own. Employers need to have an appropriate security solution that will prevent data loss, unauthorized access, or even data theft by third parties. The intent to protect data should be outlined in contractual employment agreements, and should comply with any local or federal laws regarding information collection and storage. While organizations do have some rights to collect data with employee agreement, they should also be aware that employees have the right to decline participation in any new wearable device data initiatives, which could lead employment disputes and loss of valuable staff.

With such a fine balance between making use of new technology and data, privacy, and the employment relationship, organizations will need to be careful when developing strategies regarding wearable devices. It needs to be clear how such devices and data collection will benefit an organization, and appropriate messaging should be in place to achieve employee buy-in for any new initiative.

With the right approach, wearables could allow companies to better track staff attendance, manage workplace incidents, and even ensure the health and wellbeing of employees. However, without the right management, the push for wearables could easily damage the relationship between employees and employers, making strategic planning and communication an essential aspect of implementing any new technology in the workplace.

About Bill McCabe/ Internet of Things Recruiting - Executive Search/ Retained Search for the Internet of Things/ Machine 2 Machine/ Big Data Markets

IBM IOT Futurist - see you at #IBMInterconnect - March 19-23 Las Vegas

Top 50 IOT Authority on Twitter - per IoT Central

Need Help finding your next Big Data or IOT Employee or If you require the top 5% of IOT talent let’s talk. Drop me a line or use this link to schedule an IOT Search Assessment Call Click Here to Schedule

By 2021, it is estimated that big data could reach $66.8 billion in net worth. But as the volumes of data that becomes accessible increases, so do concerns with privacy as the data out there might not be exactly what people want to have released.

In fact, more customers have become vocal about their concerns with the data that is being collected by them. With potential security challenges and high profile breaches taking place all the time, people are demanding better protection. With data breaches giving sensitive personal information to thieves that results in millions of people becoming victims to cybercrimes, it’s getting tougher for people to trust the online businesses they are working with.

Perhaps this is why more people are demanding more action being done. With the monetization of big data, there becomes valuable databases that are targeted for attack. Many of which use a single level of protection now to protect the data they contain. This is why automated data transfers with beefed up security might be a better result. This will require new data to be validated, to reduce the risk of anything that isn’t trustworthy or accurate creating problems. Since the data would be monitored and tracked on a regular basis, the likelihood of a breach decreases. After all, the more data contained in a single resource, the more that can be obtained by cyber criminals, and thus there becomes more mistrust with the public, as they see new concerns being brought out against them.

Companies must now accept greater responsibility for the personal information they maintain. While risk can vary, companies must accept that their responsibility is there. If a breach does happen, the public is more likely to be unforgiving, especially if there isn’t transparency with what happened and how the company will ensure that this never happens again. This includes those who attempt to pass the blame by using third party providers to help them store their data in clouds and other areas. As the responsibility for the data isn’t moved when you move the information, despite some misconceptions out there.

Customers are also increasing in curiosity with how their data is being used. When you monetize big data, you are also releasing information to companies that some may be concerned as private. Fortunately, the government is actively reviewing this information and ensuring that better privacy focused measures are taken, so that companies can still benefit from the monetization of big data, without there being as much risk to the individuals that they are collecting the data on.

While unauthorized use and service failures can still occur with the big data, it does seem like more companies are committed to protecting the data that they are handling. This means that even when monetization expands, customers will be provided with their privacy rights through digital databases, while having new avenues of encrypted protection released so there is never any concern with their information getting in the wrong hands. 

About Bill McCabe/ Internet of Things Recruiting - Executive Search/ Retained Search for the Internet of Things/ Machine 2 Machine/ Big Data Markets

IBM IOT Futurist - see you at #IBMInterconnect - March 19-23 Las Vegas

Top 50 IOT Authority on Twitter - per IoT Central

Need Help finding your next Big Data or IOT Employee or If you require the top 5% of IOT talent let’s talk. Drop me a line or use this link to schedule an IOT Search Assessment Call Click Here to Schedule

OR Contact me at 303-337-7871

The idea of a blockchain, or distributed database as it is technically known, has only come about in recent years. While originally developed to facilitate the bitcoin cryptocurrency, the technology is now seeing interest from organizations in traditional lines of business.

Blockchains can provide a number of advantages, including being secure by design and highly resistant to the modification of the data that they contain. Records, or blocks, can be identified and verified with a high level of integrity, and this is one of the biggest reasons why this approach to recording information is garnering interest from financial institutions, organizations that handle large transaction records, and even the medical industry where accurate and verifiable records are critical.

With so many advantages to using blockchain, it’s surprising that only a handful of high profile companies have moved towards this type of database… or is it?

When you take a look at some of the downsides of the technology, it becomes easier to understand why some of the largest accounting and financial firms are still in the early stages of their feasibility studies. Let’s take a look at what these pitfalls are, and how much impact they could have on the future growth of blockchain utilization.

Blockchain is Environmentally Flawed

The biggest ‘sell’ for blockchain is that when implemented correctly, it can potentially eliminate the possibility of any type of fraud within a closed database. However, to achieve such integrity, blockchain (by design) uses an almost unfathomable amount of computing resources and energy.

On extremely large cryptocurrency blockchains, a single transaction uses the equivalent energy that 1.5 average households do in a single day. If blockchains were the defacto form of database for the majority of businesses, you could safely assume that the world’s available energy and computing resources wouldn’t be able to keep up. Of course, blockchains aren’t supposed to take over every kind of conceivable database, but it’s still interesting to note that superior fraud protection comes with the caveat of huge energy demands.

Larger Blockchains Mean Longer Verification Times

In 2016, it took an average of 43 minutes to verify a single bitcoin transaction record. By comparison, standard ATM transactions are processed almost instantaneously on archaic network connections, and will reflect immediately on a financial ledger. Even interbank money transfers can be completed in seconds.

As a blockchain grows, verification times become longer, and as mentioned, that means that more computing resources are required to process even the smallest transaction. Younger networks or inherently small blockchains wouldn’t suffer the same problems, but there’s no denying that this is a significant limitation of the technology.

With these two points, it becomes evident what the pitfall of blockchain is.

By design, the technology is made to deter fraud by making it economically and sometimes practically unviable. There’s no denying that as a chain grows, fraud becomes virtually impossible. Unfortunately, this also means that the entire chain becomes computationally intensive and inherently slow to verify records; which is one of the biggest limitations preventing blockchain from being widely implemented today. Banks and other large institutions would also need to develop their own implementation of the technology to suit their needs, and as yet, no major player has made a significant investment.

Blockchain may well play a significant role in the future of banking, finance, and other forms of critical record keeping, however, the risk and pitfalls appear too great for the technology to impact the mainstream at this time.

About Bill McCabe/ Internet of Things Recruiting - Executive Search/ Retained Search for the Internet of Things/ Machine 2 Machine/ Big Data Markets

IBM IOT Futurist - see you at #IBMInterconnect - March 19-23 Las Vegas

Top 50 IOT Authority on Twitter - per IoT Central

Need Help finding your next Big Data or IOT Employee or If you require the top 5% of IOT talent let’s talk. Drop me a line or use this link to schedule an IOT Search Assessment Call Click Here to Schedule

OR Contact me at 303-337-7871

Tripwire, Inc., a security company, recently announced the results of a study conducted in partnership with Dimensional Research.  The study looked at the rise of Industrial Internet of Things (IIoT) deployment in organizations, and to what extent it is expected to cause security problems in 2017.  

The big not so surprise: 96 Percent of IT Security Professionals Expect an Increase in Cybersecurity Attacks on Industrial Internet of Things.

Yes, you should expect to get hacked.  

Robert Westervelt, security research manager at IDC said in a statement: “As Industrial companies pursue IIoT, it’s important to understand the new threats that can impact critical operations. Greater connectivity with operational technology (OT) exposes operational teams to the types of attacks that IT teams are used to seeing, but with even higher stakes. The concern for a cyber attack is no longer focused on loss of data, but safety and availability. Consider an energy utility as an example - cyber attacks could disrupt power supply for communities and potentially have impact to life and safety.”

Key findings include:

• 96 percent of those surveyed expect to see an increase in security attacks on IIoT in 2017 
• 51 percent said they do NOT feel prepared for security attacks that abuse, exploit, or maliciously leverage insecure IIoT devices
• 64 percent said they already recognize the need to protect against attacks against IIoT, as they gain popularity with hackers
• 90 percent expect IIoT deployment to increase 
• 94 percent expect IIoT to increase risk and vulnerability in their organization

The study was commissioned by Tripwire and carried out by Dimensional Research in January 2017. A total of 403 qualified participants completed the survey. All participants had responsibility for IT security as a significant part of their job and worked at companies with more than 1,000 employees. Survey respondents were based in the United States (278), the United Kingdom (44), Canada (28) and Europe (53). 

Read more about IoT and security on IoT Central. To receive these articles, sign up on IoT Central. 

• Why is the IOT Catnip to Hackers?

• Using Blockchain to Secure IoT

• Security-First Design for IoT Devices

• What Bruce Schneier teaches us about IoT and cybersecurity

• IoT and IIOT Cybersecurity Market Map

• Automated Software Development Tools for Improving IoT Device Security

• How insecurity is damaging the IoT industry

• The Internet of Evil Things

• Securing IoT Consumer Devices

• Security challenges for IoT

• What is Going on with Residential IoT Cyber Security?

• Report: List of Top 10 Internet of Radios Vulnerabilities

• What's Hot in Hiring: Data Security Consulting!

• Big Data, IOT and Security - OH MY!

• BYOD + IOT ≠ Security.

• IoT Security: How to Protect Connected Devices and the IoT Ecosystem

• Smarthome Security Concerns: The Question of Privacy

• These Are The Weakest Points in Your IoT Security

The IEC (International Electrotechnical Commission), an organization that prepares and publishes International Standards for all electric and electronic devices and systems, came out with a new white paper that provides an outlook on what the next big step in IoT could involve – the development of smart and secure IoT platforms.

How data is collected and implemented will determine how transformational IoT can become. Security grows exponentially in importance as devices that were once isolated become interconnected and more and more information is collected. As with most disruptive technologies, solutions are developed by a wide range of providers promoting their proprietary approaches, which can also impact interconnectivity. Bringing the ambitious visions expressed by IoT to reality will require significant efforts in standardization.

The white paper provides an overview of where IoT currently stands, with a particular focus on IoT system design as well as architecture patterns, the limitations and deficiencies of the current IoT framework, and its security, interoperability and scalability. Several use cases from the industry, public and customer domains are investigated.  

The White Paper can be downloaded from: http://www.iec.ch/whitepaper/pdf/iecWP-loT2020-LR.pdf

Funding was from SAP and Fraunhofer ASEC.

The Internet of Things is slated to be one of the most disruptive technologies we’ve ever seen. It’s going to change a great deal - including how we look at and use the cloud.

Software-defined cars. Internet-connected ‘smart’ fridges, coffee machines, and televisions. Wearable technology like smartwatches and smartglasses. The Internet of Things is going to change everything from how we work to how we drive to how we live our lives. And as it does so, it’s also going to change the cloud.

It already is, actually.

Enter fog computing. It’s an extension of the cloud, born out of the fact that there are more Internet-connected devices in the world than ever before (by 2020, Gartner predicts that there will be 6.4 billion.)  Given this influx, the traditional, centralized model of the cloud is no longer viable.

“Today, there might be hundreds of connected devices in an office or data center,” writes Ahmed Banafa of Thoughts On Cloud. “In just a few years, that number could explode to thousands or tens of thousands, all connected and communicating. Most of the buzz around fog has a direct correlation with IoT. The fact that everything from cars to thermostats are gaining web intelligence means that direct user-end computing and communication may soon be more important than ever.”

It makes a lot more sense to move the real computing and processing closer to client devices. To carry out analysis at the network’s edge. See, the thing about the Internet of Things is that it depends on managing data over very short timeframes. Even a slight delay introduced as a result of bandwidth is unacceptable.

Consider the following examples:

• A self-driving car is communicating with the vehicles and traffic infrastructure around it, and analyzing traffic and weather conditions. While it may communicate with a central server, it needs to be able to analyze and aggregate data immediately, lest it cause an accident.

• Autonomous tunneling and boring machines at a mining site ensure workers don’t have to subject themselves to hazardous underground conditions. These machines must be capable of analyzing and storing terabytes of data, as network connectivity hundreds of feet underground is near-impossible. They also must be able to communicate with other mining infrastructure, as well as a central server, uploading processed data to the cloud when mining is finished.

• Sensors at an oil well must connect to a cloud server to provide headquarters with a real-time vision of the facility. These sensors, however, must be capable of analyzing data on-site before it is uploaded.

In each of the examples above, distributed computing works together with a more traditional cloud model to better-enable connected equipment and sensors. And that’s where the cloud slots in with IoT. It’s still the cloud - but it’s changed in order to adapt to new workflows, business processes, and an entirely new world.

“With the increase in data and cloud services utilization, fog computing will play a key role in helping reduce latency and improve the user experience” writes Data Center Knowledge’s Bill Kleyman. “We are now truly distributing the data plane and pushing advanced services to the edge. By doing so, administrators are able to bring rich content to the user faster, more efficiently, and - very importantly - more economically.”

Photo credit: Mr. & Mrs. Gray

About the Author:

Tim Mullahy is the General Manager at Liberty Center One. Liberty Center One is a new breed of data center located in Royal Oak, MI. Liberty can host any customer solution regardless of space, power, or networking/bandwidth requirements.