Let’s face the M2M security challenges

hackersInitially technical innovators focus all they have on making it do whatever they want their innovation to do. Shortly after the breaking news about their brand new product, solution or service we use to receive the follow-on news about problems with things like security, health impact, integrity or fair trade. The scope of the problems obviously relates to what the new thing actually is.

Lets face it, it has always been like this. Telephone systems, microwave ovens, TV set-top boxes, ATM:s, door locks, PCs and Wi-Fi networks are all examples of things that quite easily were possible to manipulate, at least initially. But when we connected people and businesses to the Internet the magnitude of the problem increased many times. Having almost everything using the same communication protocols and even the same network gained us a lot of efficiency but also raised the security bets drastically. Most attacks are not reported publicly but the ones we hear about are serious enough. Fire Eye claims one security attack to enterprises every third second, based on analysis of information on more than 89 million security related attacks reported. Some specific examples since last summer, picked up from Network World: 450.000 stolen passwords from Yahoo, 5,8 million passwords from LinkedIn, 1,5 million from eHarmony, 8 million online credentials from Gamigo and about 3.6 million Social Security numbers and 387,000 credit and debit card numbers from South Carolina. And we all remember the series of password thefts at Sony some two years ago. We’re already at the point where this belongs to the daily news feed and is business as usual.

Now we are connecting also things to the Internet and we will inevitably enter a new era of security and integrity issues, yet on another scale. Imagine hackers manipulating traffic lights, road signs, railroad control systems, power grids, nuclear plants, TV broadcasts, elections, pacemakers, airplanes, stock exchanges or hospitals. Media is quite frequently presenting examples along those lines and even if it is hard to differ between urban legends and real life cases it is safe to say that security will be a very important part of the M2M industry.

Recent examples from media include the Techspot.com story about a security consultant and pilot who claims he can hijack a commercial airplane remotely with his Android app, a story about a hacked pacemaker in the US where almost five million pacemakers and implantable defibrillators have been sold the last five years and several stories about hacked cars including the most recent research from Rutger University and University of South Carolina where they manipulated cars in motion via the TPMS system. At the Hack in the Box conference in Amsterdam the other day electrical vehicle charging stations were identified as potential targets for hackers to cripple parts of the electricity grid.

If the issues of security, safety and integrity aren’t taken seriously by the industry they will slow down or even prevent deployment of M2M solutions. Since perception is reality we need to go beyond just fixing the issue – we also have to make people believe it is taken care of seriously.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: