Security is hard enough to master in the traditional enterprise network. Now add all types of devices on the Internet of Things, great (think cars) and small (think webcams and baby monitors), which were never built with cyber security in mind.
Internet-connected devices run the gamut from SCADA systems to consumer products. Security weaknesses in these products have been under the glare of the spotlight the past year as researchers have publicized major flaws. Some of the affected industries got their first taste of white-hat hacking as vulnerabilities were revealed in cars, pacemakers, road traffic systems, home automation systems, and airplanes. The big shift: Public safety is now part of the equation with some of these products.
Many come with purpose-built features that actually equate to security flaws: intentional backdoors, hardcoded credentials, unencrypted data traffic, and critical systems sitting on the same network as noncritical ones. Even after highly publicized presentations at Black Hat USA and DEF CON last month, many remain unfixed and vulnerable.
Just how enterprises can manage the onslaught of connected devices will also be a big topic next month at Interop New York. Kent Shuart, network security product manager for Dell SonicWall, will present a session titled "Next Line of Defense: Internet of Things."
So why not just patch or update IoT devices or build them more securely? There are some big-time challenges in securing these consumer and other embedded systems:
1. There's often no consistent or official software update process or mechanism.Malware on a Windows machine eventually gets discovered, but Marc Maiffret, CTO at BeyondTrust, says there is little or no visibility into IoT devices. "Nobody has visibility into these devices or what is the authenticity of the firmware" if there's an update to them.
Read the rest of this article on Dark Reading.
Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio