Changes are occurring in industrial control systems in factories and work-sites, in smarter appliances in our homes, in newer gadgets for health and fitness, and in highly assisted driving as well as autonomous vehicles on roads around the world. The benefits of the IoT may very well exceed the hype that surrounds it.
If we look back at computing systems history, just about any computing device which had been connected to a communications network has contained some form of vulnerability, experienced an attack, and required subsequent change to become more resilient, secure, and protected. In this era of Internet of Things we must be concerned and attentive to security issues and at the same time realize that every system has, or will have, a vulnerability at some point in time. Part of the solution for this inevitability is making sure that there are appropriate procedures, mechanisms, and attention paid to address issues that are discovered long after the devices are introduced into the market.
IoT devices, ranging from remote sensors and actuators to instrumented manufacturing facilities to connected vehicles must be treated as highly sophisticated computing systems that are now connected to a communications network. As such, the same core set of security characteristics must be applied to these devices as have been learned and applied to networked computing systems over the history of building and delivering computing systems. Authentication, Authorization, Auditing and Administration must all be considered. Confidentiality, Integrity, Availability, and Privacy of information must also be considered.
What is new in this era of the Connected Everything is that the devices which are being connected to communications networks are now much greater in number – by orders of magnitude, often-times constrained in their compute capacity, have sporadic or often-changing network connectivity, have battery power and/or heat limitations which reduce effective computing capacity, and are in control of physical elements which could pose a risk to human, environmental, or structural safety. We are in a situation of needing to apply known security techniques to a new environment which operates under a set of additional constraints. These techniques must also be applied to environments where existing equipment is outfitted with additional sensor and actuator technologies connected to communications networks through gateway computing devices.