To view this page ensure that Adobe Flash Player version 11.1.0 or greater is installed.

special report IoT cybersecurity T he opportunities available through the Internet of Things are well known – remote control of a variety of devices, enhanced data insights and increased comfort and convenience for consumers. Yet, a concern which is increasingly raising its head is that of IoT security. It’s very much top of mind following the vast attack on US and European internet structures in October this year, which saw DVD players and webcams along with other unsecured internet-connected digital devices, such as home routers and surveillance cameras, being used to form a botnet. Security risks and implications for IoT devices can take many forms including hacking sensors and/or abusing devices in general and actuators in particular. Tampering with the speedometer, giving incorrect speed readings; thus the car will not be able to correctly determine the speed. The anti-skid functionality on the brakes can be de-activated, making the vehicle unable to manage challenging driving conditions. The engine can be hacked to increase acceleration, causing a potentially fatal accident. While these are extreme cases with the objective being to cause harm, milder interventions could cause false alerts or cause machinery to operate outside of normal operating parameters, putting it and the people in the vicinity in danger. The Department of Homeland Security recently published Strategic principles for securing the Internet of Things, which sets out key considerations for IoT security. Hack the sensor The first type of risk entails a sensor being hacked and fooled into behaving in a certain way. Of specific interest to utilities are the following best practice guidelines: Incorporate security at the design phase At a Black Hat security conference in 2013, demonstrations showed how sensors could be fooled into spraying the audience with water when a replica water plant component was forced to over pressurize. Another showed how wireless sensors commonly used to monitor temperatures and pressure in pipelines and other industrial equipment could give false readings, tricking automatic controllers or even human operators into taking damaging action. A third showed how flaws in wireless technology used in 50 million energy meters across Europe made it possible to spy on energy use and even cause blackouts. More recently, it was demonstrated (albeit sporadically) that hackers could fool Tesla’s autopilot system. By using off-the- shelf radio-, sound- and light-emitting tools, researchers were able to deceive Tesla’s autopilot sensors, causing the car’s computers to ‘see’ an object where there was none, or even worse, miss a real object in the Tesla’s path. Enable security by default through unique, hard to crack default user names and passwords. Because user names and passwords are often not changed by the user and are easily cracked, strong security controls should be something the industrial consumer has to deliberately disable, rather than deliberately enable. Build the device using the most recent operating system Use the most up-to-date operating systems as a way of ensuring system vulnerabilities will have been mitigated. Design with system and operational disruption in mind. Knowing what consequences could flow from a failure will enable device developers, manufacturers, and service providers to make more informed risk-based security decisions. Build on recognized security practices Take control The second challenge is potentially one of the scariest: abusing actuators and other “things.” If we go back to the example of self-driving cars, where multiple parts are controlled by the car’s central computer, some of the risks include: 30 Start with basic software security and cybersecurity practices Take note of sector-specific guidance where it exists. Practice defence in depth Employ security that includes layered defences against cybersecurity threats, including user-level tools as potential entry points for malicious actors. This is INTERNET OF THINGS