- Get link
- X
- Other Apps
- Get link
- X
- Other Apps
The Internet of Things (IoT) now shows a huge variety: from the networked Tesla to digitally controlled industrial and utility infrastructure to remotely monitored heating and smart meters that record electricity and water consumption and report them automatically. The risks in the Internet of Things are just as diverse as the applications . But with the right infrastructure, many security questions don't even arise.
In October 2016 something happened that should never have
happened: There were partial failures of communication networks around the
world. "Attack of the toaster" and "IoT devices paralyze
the Internet" were the headlines of the following days. In fact, it
was not so much the toasters as the millions of cameras and other devices that
were used by hackers for a massive DDoS (Distributed Denial of Service) attack . The
devices were interconnected to form a large botnet that sent countless
senseless requests to servers on the Internet, leading to overloads and
shutdowns.
As it turned out later, Mirai cameras in particular were
affected. The devices that are popular with consumers all over the world
and monitor house entrances, for example, are usually not only more or less
defenseless on the Internet, but are also extremely easy to crack - and the
latter could not be changed afterwards. The only alternatives left were to
completely replace these insecure devices or to make the network infrastructure
more secure.
From the Internet to The Real World
The
fact that hacking attacks do not only endanger the functioning of the Internet
became known to a wider public only with Marc Elsberg's novel “Blackout”, published
in 2012. His scenario: malicious attackers take over thousands and
millions of networked electricity meters and use them to switch the entire
power supply to the houses on and off at will. This leads to voltage
fluctuations in the network, which leads to a complete failure of the power
supply throughout Europe. Due to the continued attacks, the power grids
cannot be put back into operation and within a few days the powerless continent
sinks into chaos.
Elsberg's disaster scenario
may have contributed to the fact that smart meters today have to meet high
security requirements. But smaller "disasters" are also
conceivable. For example, there are intelligent garbage cans that
automatically report their fill level and are only emptied when necessary. Some
of these sensors also have a temperature sensor that is supposed to warn of
possible spontaneous combustion. What happens if hundreds or thousands of
rubbish bins sound a fire alarm at the same time in a city? Or if the
cameras that are used to monitor forest fires suddenly sound the alarm
everywhere - just not where there is actually smoke?
Protection Goals of IT Security
The
Internet of Things creates new attack and hazard scenarios. The underlying
mechanisms, however, are the same as in other IT infrastructures. Accordingly,
the same protection goals that are already described in the tried and tested
CIA triad also apply here:
- Confidentiality:
No unauthorized person has access, neither during data transmission nor
during storage;
- Integrity:
data must not be changed (strong integrity), or the changes must not go
unnoticed (weak integrity);
- Availability:
Data must be accessible when required, systems must be operational at all
times.
Further requirements that
can be considered as sub-items or supplements include:
- Authenticity:
Verifiability and trustworthiness of the data source;
- Non-repudiation
(liability): Preventing actions or communication from being disputed in
retrospect;
- Imputability:
An action carried out can be clearly assigned to a communication partner.
What sometimes sounds
abstract is easily explained with practical cases, for example when recording
electricity consumption using a smart meter. Such a system must ensure,
among other things, that the customer cannot deny that they have purchased
electricity. The transmitted data must be protected against manipulation
and no data may be lost or fall into the hands of unauthorized third parties. Conversely,
the electricity provider must be able to be sure that the transmitted data
actually comes from the customer's electricity meter. And last but not
least, the electricity meter must not fail or be shut down by hackers.
IT Security for the IoT
While
the mentioned Mirai cameras could be attacked simply due to design
deficiencies, there are IoT devices that can only operate safely to a limited
extent due to their limited resources. This mainly includes sensors. For
example, you do not have the computing capacity to implement complex
communication encryption. Self-sufficient sensors, which are only equipped
with batteries or accumulators, would also draw too much energy through complex connections and
cryptographic calculations.
It is therefore essential to embed such IoT devices in a secure IT infrastructure. But even with devices that have their own protection, such as smart meters, it is advisable in the sense of a tiered concept to further improve the security of the overall system through security measures in the network.
Conclusion IoT Security
Whether it is about
“stupid” sensors or clever measuring devices: In the Internet of Things,
security must always be a top priority. Because there is hardly a scenario
from which, due to a lack of cybersecurity, serious
consequences - for the operator, the user or even uninvolved third parties -
cannot be derived.
Protect your network from cyber-attacks. Use Total Security Software to secure your data.
DDoS Attack
Distributed Denial of Service Attack
Internet of Things
IoT Security
Total Security Software
- Get link
- X
- Other Apps
Comments
Post a Comment