“We no longer have things with computers embedded in them. We have computers with things attached to them”, says Bruce Schneier an American cryptographer, computer security professional, privacy specialist and writer. “We wear computers: fitness trackers and computer-enabled medical devices and, of course, we carry our smartphones everywhere. Our homes have smart thermostats, smart appliances, smart door locks, and even smart light bulbs”[i].
At work, many of those same smart devices are networked together with CCTV cameras, sensors that detect customer movements, and everything else. Cities are starting to embed smart sensors in roads, streetlights, and sidewalk squares, also smart energy grids and smart transportation networks. A nuclear power plant is just a computer that produces electricity, and like everything else we've just listed, it's on the internet.
The internet is no longer a web that we connect to. Instead, it's a computerised, networked, and interconnected world that we live in. This is the future, and what we're calling “The Internet of Things.”
Most experts agree, that despite well-founded concerns about cyber-attacks, privacy violations and outages, the Internet of things (IoT) will continue to expand for the foreseeable future. Today, 49% of the world’s population is connected online with an estimated 8.5 billion connected things are in use worldwide.
This scaffold of embedded electronic measuring devices, probe and monitor our world and are like the eyes and ears of the internet. You could say that the actuators are the hands and feet and the processors on these devices (and now increasingly in the cloud) are the brains that figure out what the data means and what to do about it. The point of a thermostat is not to log temperature data but to adjust the temperature of an air conditioner accordingly.
The rapid growth of the (IoT) is changing the contours of the medical profession and the Internet of Medical Things (IoMT) in healthcare market size is expected to reach USD $534.3 billion by 2025.
We can now swallow pills containing microscopic sensors, have our blood pressure, oxygen, blood sugar taken, ECG data monitored in real time and the data stored in the cloud, ready to be shared with a physician, our insurance company, a participating health firm or an external consultant, who can access data regardless of their place, time or device.
With the integration of radio-frequency identification (RFID) the IoMT aids in the production, distribution and tracking of medicine and medical devices, even the tracking of medical staff within a large hospital can be performed. It has already had an enormous impact on the prevalence of counterfeit medicine. With the addition of 3G video and medical imaging equipment in ambulances, this enables the emergency room to be introduced to the patient’s condition so they can effectively prepare, long before they’ve even arrived.
As incredibly useful and almost magical as the IoT appears to be, unfortunately, the very connectedness of it leaves it open to security and safety vulnerabilities. Every connected thing is susceptible to attack or misuse.
2016 saw the introduction of a new species of ransomware – aptly named "Locky" in the wild. The Hollywood Presbyterian Medical Centre paid a $17,000 ransom in the form of bitcoins for the decryption key to regain patient data. Hospitals and other healthcare organisations are favourite targets for ransomware attacks because they are often willing to pay. Losing access to data is a life-or-death matter for them.
That same year, there was a massive Distributed Denial of Service (DDoS) attack against Dyn, an internet performance management company. Attackers used tens of millions of IoT connected devices like printers, DVRs, cable set-top boxes, and webcams to block Dyn’s ability to connect internet users to many websites such as Twitter, Amazon, PayPal, Spotify, Netflix and The Wall St Journal. Following this attack, The New York Times called the IoT “a potential weapon of mass disruption.” While that assault amounted to nothing more than a temporary slowdown of a large portion of the internet, it showed how vulnerable connected devices are to hacking and exploitation. The bad news is; we won’t be seeing an end to this type of cyber-crime any time soon.
The connection is inevitable, humans crave connectivity, and we will seek more of it due to its convenience and also out of necessity because manufacturers and developers will simply embed these components in more and more devices. We count on this convenience to conquer chaos and; who doesn’t enjoy experimenting with magical new tools. Our desire for new gadgetry often outweighs any perceived risks. The IoT is here to stay and in time, just as the FAA has by and large, successfully regulated the US airline industry, so too will Governments and regulators around the world remediate the safety issues facing the application of IoT technologies.
Bruce Schneier says, "We need to rebuild confidence in our collective governance institutions. Law and policy may not seem as cool as a digital tech, but they're also places of critical innovation. They're where we collectively bring about the world we want to live in. Our society has tackled bigger problems than this one. The world-size robot we're building will be managed responsibly when we start making real choices about the interconnected world we live in. Yes, we need security systems as robust as the threat landscape. However, we also need laws that effectively regulate these dangerous technologies. Also, more generally, we need to make moral, ethical, and political decisions on how those systems should work".
Attacks against IoT devices will always be a hot topic. It is difficult for organisations to drive manufacturers to develop 100% secure products. How organisations deploy these tools in the networks they serve is also key to protecting the functions these tools provide to organisations. Proving a defence-in-depth model to protect these devices and other systems is the critical attribute for the environment.
Until now, we've left the internet alone. We gave programmers a special right to code cyberspace as they saw fit. Offering this special right was okay because cyberspace was separate and relatively unimportant: That is, it didn't matter. Now that that's changed, we can no longer give programmers and the companies they work for this power. Those moral, ethical, and political decisions need, somehow, to be made by everybody. We need to link people with the same zeal that we are currently linking machines. "Connect it all" must be countered with "connect us all.”
[i] Bruce Schneier Security and the Internet of Things” referenced at https://www.schneier.com/blog/archives/2017/02/security_and_th.html, 2017