The three columns of IoT security

Risk Analytics is expected to become a 26.32 billion US dollar market by 2020. Risk is big business, and the Internet of Things (IoT) phenomenon is likely to drive this industry well above those lofty predictions. Part of the reason is in the IoTs rapid growth, estimated by McKinsey at 32.6% CAGR. The other is the lackluster attitude that many manufacturers of connected devices and IoT enabled products have towards security. And that’s because to date, there is no legal liability for manufactures to secure their products.

Last year’s Dyn attack by the Mirai botnet, that involved over 100,000 independent IP addresses – presumably from unsecured modems and digital video recorders with default passwords – caused hundreds of thousands of US dollars in lost revenue for the affected websites. But those companies that manufactured the IoT devices, escaped scot-free.

This is worrying, because unlike IT, IoT extends from the digital realm into the physical. In innocuous uses of IoT, a digital app can turn on a physical ceiling fan, and a digital sensor can regulate a farmer’s physical water pump. In these examples, the liability resulting from poor security is somewhat limited. Where risks begin to mount, however, is within larger IoT ecosystems, like transportation. Next year, if the National Connected Multimodal Transport (NCMT) Test Bed in Melbourne is on track, a digital camera mounted on a tram will be able to change the physical traffic lights, to help alleviate congestion. Little imagination is needed to see the possible worst-case scenarios, should these IoT enabled traffic lights be hacked. Understandably, the NCMT project is cautiously starting with a 5 square km zone within Melbourne, to mitigate this risk…Click HERE to read full article.