Government Technology

Securing the "Internet of Things"



August 26, 2010 By

Reprinted courtesy of MuniWireless.

If we are going to live in a wireless Internet-connected world, we need to secure it first. Intel's recent $7.68 billion acquisition of McAfee highlights just how important this will be to the future of Internet-connected mobile devices.

Current research estimates 5 billion Internet-connected devices later this month growing to 22 billion devices by 2020.

By adding an Intel/McAfee chip/software security combo, an additional layer of security could be offered in a more robust and manageable solution, that can react quickly to new security threats while maintaining interoperability. As an example, a multitude of network wireless access points have followed 802.x standards for several decades.  These standards have not only offered vendor-agnostic backwards capability but leveraged these standards when upgrading security platforms. Just like wireless network access points, security needs to be interoperable and standards-based.

With billions of devices out there, the typical computer OS stack doesn't exist in the same way, and security will be a big problem. In fact these Internet-connected devices are not computers but small processors doing low-power functions. Your security overhead may be too big to fit in the processor.  This was a terrible security lesson that was learned when deploying smart meters for the power grid.

 

The list of players pursing the smart-grid market is like a "Who's Who" of the biggest companies in the world and Intel is no exception.  In fact they are a major contributor to GridNet an industry consortium focusing on the smart grid.  This smart grid target market not only offers billions of dollars in chip and security solutions but also is a good opportunity to learn from smart meters.  Frankly if security issues with smart meters are not fixed first, it may stop Intel from securely connecting billions of Internet-connected home area network devices to the smart grid.

 

A recent report from Pike Research offered some sobering comments on just how important this is.  "It would be naïve to think that smart meters will not be successfully attacked. They will be," the report states. "In fact, smart meters represent a worst-case scenario in terms of security: the devices lack sufficient power to execute strong security software; they are placed in physically non-secure locations; and they are installed in volumes large enough that one or two may not be missed."

"Smart meters are one of the weakest links in the smart-grid security chain," says industry analyst Bob Lockhart.  "Home area networks, commercial building networks, and utility networks all perform well in terms of keeping data encrypted within their domains.  However, these domains terminate at the smart meter, and the only way for data to pass from one network to the other is for the smart meter to decrypt the data from one side and re-encrypt it on the other. Consequently, the data are, for a short while, unencrypted on the meter and could be successfully eavesdropped."

Without adding needed security, Internet-connected devices could offer entry into the smart grid potentially turning remote power on or off through the network connection or by way of a worm that could affect the millions of smart meters and billions of wireless Internet-connected devices. This may seem like a showstopper but there are actually ways to offer high-end security with low overhead through layer 2 security techniques.

A good understanding of layer 2 security is offered by 


| More

Comments

Add Your Comment

You are solely responsible for the content of your comments. We reserve the right to remove comments that are considered profane, vulgar, obscene, factually inaccurate, off-topic, or considered a personal attack.

In Our Library

White Papers | Exclusives Reports | Webinar Archives | Best Practices and Case Studies
Fresh Ideas In Online Security for Public Safety Organizations
Lesley Carhart, Senior Information Security Specialist at Motorola Solutions, knows that online and computer security are more challenging than ever. Personal smartphones, removable devices like USB storage drives, and social media have a significant impact on security. In “Fresh Ideas in Online Security for Public Safely Organizations,” Lesley provides recommendations to improve your online security against threats from social networks, removable devices, weak passwords and digital photos.
Meeting Constituents Where They Are With Dynamic, Real-Time Mobile Engagement
Leveraging the proven and open Kofax Mobile Capture Platform, organizations can rapidly integrate powerful mobile engagement solutions across the spectrum of mobile image capture, mobile data capture and complete mobile process integration. Kofax differentiates itself by extending capture to mobility, supporting multiple points of constituent engagement. Kofax solutions dynamically orchestrate the user’s mobile experience from a single platform—reducing time to market, improving process perf
Public Safety 2019
Motorola conducted an industry survey on the latest trends in public safety communications. The results provide an outlook of what technology is in store for your agency in the next five years. Download the results to gain this valuable insight.
View All

Featured Papers