-3 minuten leestijd-
OPINIE – Met de gangbare beveiligingstechnieken is het onmogelijk om het Internet der Dingen (Internet of Things, IoT) compleet veilig te maken. Omri Sagron van het Israëlische cybersecurity-bedrijf Comsec roept op tot een geheel nieuwe manier van denken over cyberveiligheid in een verbonden omgeving.
Since Charles Babbles’ invention of the Analytical Engine, computers have been very similar and all based on the same principal, however, with different input and output design. Think of your PC, smartphone, and tablet and compare them to day to day devices, such as a refrigerator, microwave, and even Home Automation Systems (HAS devices). Eventually they are all computer systems that process information, however, are definitely not all identical.
No question that nowadays computerized household products connected to the Internet are providing great opportunities for automation, control, and intelligence, however do the IoT (Internet of Things) components introduce many new risks? The answer is obviously and simply: “YES”.
The ongoing internet revolution turns billions of devices, such as smart watches, pacemakers, smart meters, production lines, and smart buildings into smart and vulnerable access points to our life. The IIoT (Industrial Internet of Things) trend promotes a connection of everything, including industrial control systems & critical infrastructures, such as electricity, gas, and water and those infrastructures that we all rely on day by day.
“The Industrial Internet of Things) trend promotes a connection of everything, including industrial control systems & critical infrastructures, such as electricity, gas, and water.”
Imagine that all of those old-age systems become smart and connected to internet-based networks. Smart thermostats, dryers and other IoT devices may get infected by malware that will forcefully join them to massive botnets, destruct or tamper data, or even exfiltrate or disclose sensitive information.
Low consideration for threats
The nature of the problem depends on the way those IoT components are designed, developed, modelled, installed, administered, and operated. As in every new technology, companies that develop IoT products for household and daily usage, put greater effort on developing new features, efficiency and cost-effectiveness, yet with relatively low consideration of impending security threats. Consequently, many IoT technologies do not include adequate cyber security controls and risk mitigation measures.
“It is impossible to use cyber security solutions commonly used in today’s IT infrastructure in order to fully protect IoT environments. It is time to change the way we think.”
As far as I see it, it is impossible to use cyber security solution suites commonly used in today’s IT infrastructure in order to fully protect I/IoT environments. Unfortunately, we cannot simply install anti virus or application firewalls on a microwave or a diesel generator. Not to mention that most IT experts (including organization’s information security teams) are not familiar with the IoT technologies and their specific security implications and risks.
It is time to change the way we think of protecting the IoT from external threats. An additional thinking is required in order to create a thorough and efficient defensive strategy to better defend IoT devices and environments.
Omri combineert operationele ervaring met strategische kennis voor het geven van cybersecurity-advies aan grote bedrijven over de hele wereld. De specialist in cybersecurity voor vitale infrastructuur werkt voor Comsec Global, het grootste cyberconsulting-bedrijf in Israël. Daarvoor was hij cybersecurity-specialist bij Mamram, het ict-centrum van het Israëlische leger. Daar leidde hij teams van militaire professionals op het gebied van operationele veiligheid, forensisch onderzoek, reverse engineering en penetratietesten.
In aanloop naar het NRC Live Event ‘De Slimme Wereld‘ deelt NRC Live iedere week één of meerdere (opinie)stukken van onze sprekers.