Securing the Internet of Things 2013

The Internet enables any-to-any connectivity. The first wave of connectivity was user buildings (homes and offices) connecting to business buildings with wired Internet connections. The second wave was mobile user devices (laptops, smartphones, tablets) connecting to businesses and each other over wireless Internet connectivity. The latest wave is "things" connecting to users, businesses and other "things" using mixtures of wired and wireless connectivity. This includes automobiles, airplanes, medical machinery, personal medical devices, windmills, environmental sensors, natural gas extraction platforms, you name it. The effectiveness and efficiency of these systems is being greatly multiplied by both client/server and peer to peer connectivity, enabled by advances in new forms of connectivity, inexpensive controllers and Internet-standard protocols.

The Security Challenge: Most of the devices in the Internet of Things will be used in two broad areas:

1. Critical Infrastructure - power production/generation/distribution, manufacturing, transportation, etc.
2. Personal "infrastructure" - personal medical devices, automobiles, home entertainment and device control, retail

Critical infrastructure represents an attractive target for national and industrial espionage, denial of service and other disruptive attacks. Internet connected things that touch very sensitive personal information are high priority targets for cyber criminals, identity theft and fraud. In both of these areas, new technology requiring new approaches to security will be added to legacy systems employing legacy security processes and technology. While the same Critical Security Controls will be needed in the Internet of Things, the way security is architected, delivered and monitored will need to change.