Smart Industry 1/2016

a word of warning from the fBI
A public service announcement by
the Federal Bureau of Investigation
released last September details a
number of specific IoT risks, and it
warns companies and the general
public to be aware of new vulnerabilities
that cybercriminals could
exploit. Specifically, the FBI worries
that exploiting the Universal Plug
and Play protocol (UPnP) widely used
in many modern IoT devices will be
a pathway of choice for many cybercriminals.
UPnP is a set of networking
protocols that permits networked
devices to seamlessly discover each
other’s presence on the network and
establish functional network services
for data sharing, communications,
and entertainment. Unfortunately,
UPnP was originally intended only
for residential networks and not
for enterprise-class devices. Crooks
could also exploit default passwords
to send malicious code and spam
mails or to steal personally identifiable
or credit card information. Other
scenarios to Feds worry about are
the possibility of compromising IoT
device to cause physical harm, to
overload them, thus rendering them
inoperable, and to intercept and interfere
with business transactions.
On the other hand security leaks
could be used by intelligence services
to get access to areas of interest.
James R. Clapper Director of US
National Intelligence has made an
according statement in the report
“Worldwide Threat Assessment of
the US Intelligence Community”,
published in February 2016: “Smart
devices incorporated into the electric
grid, vehicles – including autonomous
vehicles – and household appliances
are improving efficiency, energy
conservation, and convenience.
However, security industry analysts
have demonstrated that many of
these new systems can threaten data
privacy, data integrity, or continuity
of services. In the future, intelligence
services might use the IoT for identification,
surveillance, monitoring,
location tracking, and targeting for
recruitment, or to gain access to networks
or user credentials.”
In July 2015 Gartner published the
fourth edition of the IoT Hype Cycle. IoT
has the potential to transform industries
and the way we live and work. This
Hype Cycle helps enterprises assess
the levels of risk, maturity and hype
that are associated with a transformative
trend.
Predicting security for Iot
Digital security is defined as a combination
of current cybersecurity and risk
practice with digital business practice
to protect all digitalized assets of an organization,
whether at the core of the
enterprise or at its edge. It is the alignment
of information security, IT security,
operational technology security, IoT
security and physical security to form
cybersecurity solutions. An IoT business
solution is a heterogeneous mix of
several assets including IoT endpoints
such as sensors, devices, multidevice
systems, fleets, and actors, one (or
more) IoT platform(s), and various non-
IoT back-end systems which all have
to be included into an overall security
solution. An IoT platform is a software
suite or cloud service (IoT PaaS) that facilitates
operations involving IoT endpoints,
cloud and enterprise resources.
Looking for IoT platform offerings, the
advice for CIOs, planners and architects
not only should include device and its
EXPECTATIONS
IT/OT Integration
Quantified Self
IoT Architecture
Event Stream Processing
Wide-Area IoT Networks
Embedded Software and Systems Security
Real-Time Analytics
IoT Platform
Connected Home
Operational Intelligence Platforms
Wearable User Interface in Logistics
Things as Customers
IoT Business Solutions
IoT-Enabled ERP
Energy Harvesting
Internet of Things Authentication
Innovation
Trigger
Managed Machineto-Machine
Communication
Services
Licensing and Entitlement
Management
Digital Security
Peak of
Inflated
Expectations
Iot device
manufacturers
fail to
implement
basic secuity
standards
James Lyne
Global Head of Security
Research, Sophos
Riding the curve
Digital Security has
reached the area of
innovation trigger. It will
take fi ve to ten years
to reach the plateau of
productivity
iBeacons and Bluetooth Beacons
Internet of Things
Predictive Analytics
Smart Transportation
Wearables
Lost-Cost Development Boards
Home Energy Managment/Consumer Energy Management
IT/OT Alignment
Automobile IP Nodes
Cloud MOM Services
Personal Health Management Tools
Operational Technology Platform Convergence
Operational Technology Security
Big Data
High-Performance
Message Infrastructure
Trough of
Disillusionment
Enterprise Manufacturing Intelligence
Slope of Enlightenment
TIME
PLATEAU WILL BE REACHED IN:
less than 2 years 2 to 5 years 5 to 10 years more than 10 years
application software management,
data aggregation, integration, transformation,
storage and management,
event processing, analysis and visualization,
self-service user interface, but
also security.
To protect hardware and firmware
from compromising attacks and assist
in the delivering integrity and
confidentiality of the data those systems
process it is recommended to
implement embedded software and
systems (ESS) security which is practice
and technology designed for engineers
and developers. The requirements
of ESS are complex, because
the devices have long field lives, are
often accessible to attackers, and
As of July 2015
Plateau of
Productivity
obsolete
before plateau
photo©: Sophos
Source: Gartner
31