Does IoT Really Present Security Risks?
The Internet of Things (IoT) refers to the network of
physical objects that feature an IP address for internet connectivity.
The
potential for these devices to change our day-to-day lives is limited only by
our imagination, from home environment systems that will automatically adjust
temperature and lighting based on your mood to doors that will unlock when they
sense you approaching. IoT will also aide in the automation of sectors such as
healthcare, finance, and more.
But this new way of interacting with the world comes with
serious security threats. In “Security
Challenges in the IP-based Internet of Things,” researchers discuss the
technical limitations with standard IT security protocols and how they will be
insufficient for IoT devices.
One risk has to do with the resource limitations of IoT
devices and the packet switching nature of networks. When information is sent
over the Internet, the network breaks this information down into smaller parts,
and these multi “byte”-sized chunks are referred to as packets. Each packet contains
information that identifies its sender and intended recipient – and is then
sent through the fastest route possible to its destination. This improves the
network speed because it allows packets to be sent through different routes simultaneously, a process known as Packet Switching, rather than one at a time.
This can become problematic, though, with IoT. Devices are connected to a more constrained network, and must use smaller packets of information to communicate
information. Researchers Heer, Keoh, et al explain this threat in their
aforementioned study, stating that, “The use of small packets may result in
fragmentation of larger packets of security protocols. This may open new attack
vectors for state exhaustion DDoS
(distributed denial-of-service) attacks, which is especially tragic.”
The list of security risks doesn’t stop there. The study
goes on to describe security issues through different phases in the lifecycle
of an IoT “thing,” including bootstrapping and operational phases. Each comes
with its own set of requirements and protocols.
With so many obstacles to overcome, it’s no surprise that
highly certified and experienced professionals will be needed to develop,
implement, troubleshoot, and monitor the emerging IoT network, and ensure that
important data is sufficiently protected. In fact, Cisco reports that there are
about 1
million cybersecurity positions worldwide that are unfilled.
The future is here. Are
you ready?
Comments
Post a Comment