INTERNET OF THINGS: CURBING SECURITY AND IT’S MEASURES

I am glad to say that i am coming up with a post which highlights security threats faced in our modern day society from Cyber crimes, to Smuggling and other forms of terrorism and not just based on that alone, we should know that to not be invested in IoT is a very big (and potentially costly) mistake. That’s likely why some of technology’s biggest names are, in addition to offering IoT products and components, investing in the market.

Underneath the hood, a veritable who’s who of companies are investing in Internet of Things. Google is developing a platform called Brillo on which other devices could offer Internet of Things services. Intel INTC -1.44% and Qualcomm QCOM -2.29% are both offering chip-based platforms designed to bring connectivity to formerly “dumb” devices. Apple AAPL -2.57% is getting into the mix with a smart home platform, called HomeKit, that’s designed to help device makers connect their products to iPhones and iPads. Even BlackBerry BBRY -2.73% is building out an IoT business.

“Consumers are already demanding that their various devices connect and sync seamlessly—from their fitness trackers to cars to home security cameras,” says Talluri. “When everyday devices are intuitive to use and can share data intelligently, it improves peoples’ lives, from better personal safety, to being able to more closely monitor our health and that of our loved ones, to helping us save time and make better use of our natural resources.”

The sheer number of ways companies are vying for a spot in the market is staggering. Perhaps one of the more surprising moves came recently when Netflix NFLX -3.25% , a company that provides streaming-video services and would ostensibly have no interest in IoT, delivered a smart solution for users. Dubbed the Netflix Switch, the prototype allows users to control Netflix, dim lights, and order food. Netflix even provided a step-by-step guide on its website to show do-it-yourselfers how to can create their own Switch.

“The Netflix Switch is a marketing play for hardware hobbyists intrigued by smart home and IoT tech,” Frank Gillett, vice president and principal analyst at Forrester, told Fortune, seemingly brushing aside Netflix’s creation. But the very fact that Netflix even created its own IoT device illustrates how important the market has become.

According to venture-capital tracker CB Insights, Intel’s investment arm spent the most money on IoT starts up in 2014, dropping cash on Enlighted, Appscomm, and Avegant. Qualcomm Ventures and Cisco CSCO -2.28% Investments also joined the funding parade alongside traditional venture capitalists, like Sequoia Capital and Andreessen Horowitz.

Although CB Insights did not share exact funding amounts, research from Tata Consultancy Services found that 26 companies around the globe, including 14 in the U.S., plan to spend at least $1 billion on IoT this year.

“Creating a connected product using IoT technologies creates a relationship between the product company and the customer,” Gillett said of why companies are willing to invest so heavily in IoT. “This becomes an ongoing service experience and relationship that dramatically improves customer engagement and brand awareness. The relationship goes from being a one-time, arm’s-length transaction to an ongoing service relationship.”

Looking ahead, as companies continue to invest in IoT, the benefits to consumers will only grow. In fact, Talluri sees a world where IoT makes lives easier and maybe even a bit cooler.

“The benefits are endless,” Talluri said, adding that he sees a future where IoT will deliver “smarter, more efficient use of natural resources to safer driving conditions to lighter and trendier wearables.”

One other benefit of IoT, according to Talluri: “drones replacing selfie sticks.”

HOW CAN WE EFFECTIVELY CURB SECURITY WITH IOT?

Where there is less consensus is how best to implement security in IoT at the device, network, and system levels Network rewalls and protocols can manage the high-level traffic coursing through the Internet, but how do we protect deeply embedded endpoint devices that usually have a very specific, defined mission with limited resources available to accomplish it? Given the novelty of IoT and the pace of innovation today, there seems to be a general expectation that some entirely new, revolutionary security solution will emerge that is uniquely tailored to IoT—that we can somehow compress 25 years of security evolution into the tight time frame in which next-generation devices will be delivered to market

Unfortunately, there is no “silver bullet” that can effectively miti- gate every possible cyberthreat The good news, though, is that tried-and-true IT security controls that have evolved over the past 25 years can be just as effective for IoT—provided we can adapt them to the unique constraints of the embedded devices that will increasingly comprise networks of the future

“But let’s start by discussing the Evolution of Network Security”

We can only be safe only if the solution for Individual and societal safety is safe enough to protect homes and Societies but the question is how did we get here.

HOW DID WE GET HERE:

Protection of data has been an issue ever since the first two computers were connected to each other With the commercialization of the Internet, security concerns expanded to cover personal privacy, financial transactions, and the threat of cybertheft In IoT, security is inseparable from safety Whether accidental or mali- cious, interference with the controls of a pacemaker, a car, or a nuclear reactor poses a threat to human life

Security controls have evolved in parallel to network evolution, from the first packet- filtering firewalls in the late 1980s to more sophisticated protocol- and application-aware firewalls, intrusion detection and prevention systems (IDS/IPS), and security inci- dent and event management (SIEM) solutions These controls attempted to keep malicious activity off of corporate networks and detect them if they did gain access If malware managed to breach a firewall, antivirus techniques based on signature matching and blacklisting would kick in to identify and remedy the problem

Later, as the universe of malware expanded and techniques for

avoiding detection advanced, whitelisting techniques started replacing blacklisting Similarly, as more devices started coming onto corporate networks, various access control systems were developed to authenticate both the devices and the users sitting behind them, and to authorize those users and devices for specific actions

More recently, concerns over the authenticity of software and the protection of intellectual property gave rise to various software verification and attestation techniques often referred to as trusted or measured boot Finally, the confidentiality of data has always been and remains a primary concern Controls such as virtual pri- vate networks (VPN) or physical media encryption, such as 802 11i (WPA2) or 802 1AE (MACsec), have developed to ensure the secu- rity of data in motion

NEW THREATS, CONSTRAINTS, AND CHALLENGES

Applying these same practices or variants of them in the IoT world requires substantial reengineering to address device constraints Blacklisting, for example, requires too much disk space to be prac- tical for IoT applications Embedded devices are designed for low power consumption, with a small silicon form factor, and often have limited connectivity They typically have only as much pro- cessing capacity and memory as needed for their tasks And they are often “headless”—that is, there isn’t a human being operating them who can input authentication credentials or decide whether an application should be trusted; they must make their own judg- ments and decisions about whether to accept a command or execute a task

The endless variety of IoT applications poses an equally wide vari- ety of security challenges For example:

• In factory oor automation, deeply embedded programmable logic controllers (PLCs) that operate robotic systems are typically integrated with the enterprise IT infrastructure How can those PLCs be shielded from human interference while at the same time protecting the investment in the IT infrastructure and leveraging the security controls available? ?

Similarly, control systems for nuclear reactors are attached to infrastructure How can they receive software updates or security patches in a timely manner without impairing functional safety or incurring significant damages?

• Figure 1: A generic Internet of Things topology: A typical IoT deployment will consist of sensor-equipped edge devices on a wired or wireless network sending data via a gateway to a public or private cloud. Aspects of the topology will vary broadly from application to application; for example, in some cases the gateway may be on the device. Devices based on such topologies may be built from the ground up to leverage IoT (green eld) or may be legacy devices that will have IoT capabilities added post-deployment (brown eld). As illustrated by Wind River (a world leader in embedded software for intelligent connected systems).

Thanks for taking the time to read through my article. I would be Speaking at the IOT for Africa Summit in May 2016 at the Ticket Pro Dome in Johannesburg, So we can share ideas on how we can curb, control and harness IOT in our every day lives and industry practices as my next article would be discussing about  the “The End to End iOT Security Solution  and the next will be "building iOT Security in from the Bottom Up in our Modern day Africa .”