The interest in the “Internet of all things” is growing
tremendously and it is believed that in 7-8 years, there will be 50 billion
devices connected to the internet, which includes traffic signals, swimming
pool pumps, home security systems, and even cars. Adding software and IP on top
of every hardware and machine and then connecting them to the network creates a very tempting
target for hackers. The scalability of software means that a single exploit can
propagate very fast and can be used against lots of machines. So the question is how secure is the "Internet of all things?"
Consider the same example of GM OnStar that we discussed in today's class, where the OnStar Control Center can slow down the car in case of a car theft or police chase. What if someone hacks the control center system and instead of slowing down the car, increase the speed of the car and cause it to crash. CNN Money talks about these dangers and discussed what can happen if they are used for cyber crime.
Consider the same example of GM OnStar that we discussed in today's class, where the OnStar Control Center can slow down the car in case of a car theft or police chase. What if someone hacks the control center system and instead of slowing down the car, increase the speed of the car and cause it to crash. CNN Money talks about these dangers and discussed what can happen if they are used for cyber crime.
Tools like Shodan, a search engine for the internet-connected devices, including some industrial control
systems, traffic signals, security cameras, health care units, gas stations, power plants, etc. Most of these systems have none or little security and many
devices use "admin" as their user name and "1234" as their
password.
The purpose of this blog is not to scare anyone but to start
thinking about the dangers of exposed systems. The evolution of industrial internet security is
much like the evolution of PC security, just as the
original generation of PC operating systems didn’t anticipate connections to
the Internet, many industrial systems are not built with outside contact in
mind.
So what can be done to avoid this?
- Create an “air gap” and complete isolation of these systems from the Internet and other connected networks? I don't think that's going to work anymore!
- Educate people and inform them about the necessary security measures? Very important!
- Create standards and protocols with greater focus on security? I wonder why it hasn't been done yet!
Any thoughts and ideas to mitigate these risks?
No comments:
Post a Comment