Securing The IoT

Experts at the table, part 3: What happens when the Internet goes down; who protects the Internet itself when more devices are connected to it?

popularity

Semiconductor Engineering sat down to discuss whether the Internet of Things will be secure enough, or whether it will create new security issues, with Sami Nassar, general manager of NXP Semiconductor; Oleg Logvinov, director for special assignments at STMicroelectronics; and Lawrence Loh, application engineering group director at Cadence. What follow are excerpt of that conversation, which was held in front of a live audience at the IEEE Standards Association IoT Workshop.

SE: The IoT’s big markets at this point are home, automotive, industrial, medical, but they’re independent at this point. Will they really blur together?

Logvinov: The companies that figure out how to make security available on multi-stakeholder platforms will be the most successful ones. That is the Holy Grail for technology right now, which is how to build systems with enough security—not 100% protection right now—from a unified platform point of view for multiple applications.

Nassar: Ultimately these services will be very valuable for consumers, being able to merge these different markets so a person driving home has a cell phone that can talk to other devices. This will come first for consumers. On the industrial side, we have to figure out how to serve that market.

Loh: Figuring out a secure platform is important, but having different levels of security is still important. Different uses have different bars. When I first got into the semiconductor industry I was looking at different test equipment for the government and I felt like they were two generations behind because they wanted to make sure everything was very secure. We will get to the point where some compromises will need to happen. There was a joke circulating that if your car could improve as fast as Microsoft Windows it would be able to fly by now, to which Ford replied, ‘Will you allow your car to crash every so often?’ There’s a different bar. Software security is important, but it’s a different bar because you can patch it. Hardware security is a lot harder because it may require new chips or a redesign of an entire system. The consequences are different. Having a platform with enough flexibility to let people determine how much security they want to put in will be very important.

Logvinov: Security is a self-regulating system to some extent because it is supply and demand. If someone demands features of certain kinds with certain levels of protection, we will deliver it. That would be a selling feature for a product, for a system, for a technology. If the constituency says they don’t care and they’re not willing to pay for it, those security concepts will never move forward. Part of it will be an education because consumers of this technology have to become aware of what is needed. Part of it is openness about what kind of threats can be exposed if the security is not implemented. And part of it about all of us learning how far to turn the dial to adjust it to the right level so it is secure enough, not too costly, and so it can be verified.

SE: There’s another piece to this, which is the Internet itself. There is the Internet we use, the deep Internet, which goes underneath that, and then the ‘dark Internet,’ which goes around that and which no one wants to talk about. But what happens if the Internet goes down or gets compromised?

Nassar: The consequence will be bigger with more IoT on it. This is where a lot of effort is going today at the government level. They’re not thinking about whether the Internet goes down. They’re worried about what happens if the Internet gets compromised. At this point the infrastructure is a government responsibility to protect against failures. It’s like the power grid. It’s not something you want to entrust only one corporation to make sure it’s running all the time. It’s physical security, and it’s a nightmare scenario for the government.

Logvinov: What we’re opening up is a whole new subject not just of security but of safety. That safety depends on devices to be constantly connected to the Internet the same way they’re connected to the power grid. That’s a whole new area that deserves its own consideration.

Nassar: If the power goes off there are consequences.

SE: And if you have self-driving cars, you may have a giant parking lot, right?

Nassar: Yes, but even today if you don’t have light, you don’t have other services. It will be as impactful as power. We are depending on services that come out of this the same way we are dependent on the power. It will be disruptive and extremely dangerous. There are studies that were done, which is why we are doing the smart grid, that show how many days society can sustain itself before we have breakdown if you shut down the power. If the Internet goes out we won’t have that problem today, but it is something that we will rely upon more and more as we move into the future. Eventually it will pose a similar risk if it goes down.

SE: A lot depends on GPS, cell towers and location. You can move cars from one side of the highway to another or change time stamps on banking transactions. What can be done about this?

Logvinov: I’m optimistic about this area. We have learned how to build drive-by-wire or fly-by-wire systems. Many of the concerns we’re discussing here are related to autonomous systems connected to the Internet, and those are similar to the concerns at the beginning of the fly-by-wire era. If you rely solely on GPS, then it will be a very vulnerable system. That’s where we need to learn how to design systems. We’ve learned how to design them for stability. This is the same kind of level of stability, but from a functional point of view. It’s not just relying on GPS. It’s also relying on accelerometers so you detect a change in your course that is appropriate for that particular application, and certain safeguards need to be deployed. It’s being able to validate the data from the point of view of whether this data makes sense in that particular data context. That type of self-check is very complex, but it’s what we need to do. And by the way, that kind of fly-by-wire or drive-by-wire self-check is already implemented. We do have a base of security on which to draw upon.

Loh: I agree with that. Individual devices can get hacked, but all systems have some way of self-checking and redundancy. More than 15 years ago, when we were first designing base stations, we had full redundancy. There were two systems doing exactly the same thing. Any time there was a fault there was instant switching. Today, there are fail-safe mechanisms. Cars are very complicated. It’s possible that people have missed something, but this kind of redundancy is designed in so that you don’t rely on a single point of failure. That can cause catastrophic problems. We have come a long way. With more devices it gets harder, but this isn’t new. People have been working on it for a long time.

Nassar: As we move from cyberspace with IoT into the physical space, we also have to think about the physical security moving into cyber security. With physical security we have armies, alarms, doors, locks. Similarly, when we go into cyberspace, we need to think about all the things that can go wrong and invest in those technologies. There are some cyber services today that are extremely valuable for communities, such as financial systems and passport systems, which built all these defenses. We can use them for newly created markets and be able to protect ourselves as we do in the physical world.