Cross-Market Security Issues

The real attractiveness of the Internet of Things is the ability to leap across communications barriers. Roll back just 15 years ago and carmakers offered special car phones as an option on high-end vehicles. Roll back 20 years ago and connectivity was so slow that you could hear your modem connecting with the modem on the other end.

The widespread adoption of the cell phone, and the pervasive, rapid and continuous connectivity of just about everything has made connectivity ubiquitous and nearly instantaneous. But it also is opening security holes that will persist for many years to come, as what previously were distinctly separate vertical markets evolve into connected markets.

Consider the security that’s inside a smart phone, for example. Most consumers will trade those out in two or three years because they’ll be offered shiny new versions with better performance and lower power and more functionality for roughly the price of a trade-in. And along the way, there will be regular updates to the OS and the apps on the phone to improve performance, patch known security flaws, and make everything work together more seamlessly.

Now combine that with a car, which may last 20 years on the road. If it isn’t a new electric model, its firmware may be upgraded every few years—or maybe never. And even if you stop reading this article right now, and go out and buy the latest model just off delivery truck, the car’s security probably will be outdated in the next few months. The devices that connect to that car may be more secure, but the problems that connecting them together can cause are not well defined. In fact, in most cases they’re not defined at all. Cross-vertical-market scenario planning doesn’t exist. Most people aren’t even talking about it.

In industry, the situation is even worse. While there is a push on to reap the benefits of the remote management and service, most of the equipment that is connected inside of companies was put in place a decade or more ago. Just connecting manufacturing to modernized corporate IT systems can raise some serious security issues that have never been contemplated.

The fundamental problem is that security inside of different vertical markets progresses at speeds relative to those markets, but when everything is connected together it has to progress at the same speed. It may seem obvious that to get into the corporate coffers you need to go through the business office, but in a connected world you can enter the system from almost anywhere—the connected thermostat, the motion detector, or an individual computer connected over a network from the other side of the world. And if security systems are updated at different times throughout an organization, the obvious entry point will be the most outdated security.

This becomes even more complicated in industries where consolidation is rampant. Acquiring companies typically uses a fairly straightforward formula of assets and liabilities, coupled with an informed assessment about potential upside and risks. Rarely, however, do companies consider security from the standpoint of the architectures of physical assets. As the Internet of Things begins really taking hold, however, that kind of analysis will become essential to the risk formula.

It also becomes an issue in the home, where different devices are being rolled out so quickly that there is no concern for how they’re connected together. Security schemes will differ greatly from one product to the next, and so far there is no way of telling how they all are secured other than the homeowner’s Internet firewall—or whether devices are communicating on their own through unsecured links. Connect that with a health monitor of some sort, which is connected to patient records at a hospital or doctor’s office, and you get a different picture of security.

In the era of the IoT, more connectivity means more doors to the outside world and more value in the data behind those doors. The big question is how to make sure all the doors are locked and all the locks are all updated with the latest security schemes. At this point, you’d be lucky to find any doors in some places, and where doors do exist many of them are sorely in need of repair or replacement.