IoT Brings New Value, New Risks
My first blog post! Let me take a minute to introduce myself, I’m an engineer inside our Federal Group, and mostly help our customers with networking design and deployment, with a huge focus on security. I live in the Washington, DC area, with my wife, kid, and dog. More about the dog in a moment.
These days, my focus is on the Internet of Things, and for good reason. The Cisco Visual Networking Forecast (get it here) predicts over 12 billion machine-to-machine connections by 2021, and nearly a billion wearable devices in the next three years.
Even pets will get wearable devices. At my house, we use a product from a company called Whistle to track our dog, letting us know how much the dog has run around that day, and more importantly, where to find him if he gets out. It has 4G, GPS, Bluetooth, and Wifi connections. This sounds like a Cisco household: Our Corgi connects to multiple networks.
Even when I’m traveling, I can tell if the dog gets walked after school, and who does it. Here’s a cool feature of the Internet of Corgis – the Bluetooth of your phone identifies which owner was with the dog. I can open the Whistle app on my mobile phone to find out who walked the dog that day.
In all seriousness, there are tremendous benefits to be had by connecting people, processes and things and analyzing the data. I believe that there will be tremendous leaps in productivity, safety, and health over the next couple of years. Just as the rise of the Internet created both value and risk, the same goes for the Internet of Things.
The German Federal Office for Information Security released a report detailing a 2014 spear phishing campaign against a steel mill that allowed hackers access to the industrial control systems. Multiple systems fell under the hackers’ control, until enough failures accumulated that the blast furnace could no longer be shut down “in a regulated manner.” Massive damage occurred.
Read press coverage about the attack here.
Fortunately, the attack caused only property damage in this case; no one died. The most chilling aspect is the technical sophistication the attackers displayed. Not only did they have sharp social engineering skills, they also had expert knowledge of industrial systems. This, combined with months for them to work undetected, is a truly dangerous combination. The German industrial site might not have suspected it would be the target of a sophisticated attack, but U.S. federal agencies certainly know that they are.
Modernizing outdated equipment, patching, secure access, segmentation, visibility – these are all common practices in information technology (IT), and need to become the norm in operations technology (OT) as well. If we can design machine-to-machine communication with security in mind, we can get back to all the opportunity before us.
Get the Cisco 2017 Cybersecurity Report here.