By Kelly Vlahos, Security Industry Association
The thought of a computer hacker miles away taking over an Internet-connected vehicle while someone else is driving seems far-fetched, but this foreboding vision is likely keeping carmakers and dealers awake at night.
Security researchers Charlie Miller and Chris Valasek recently demonstrated that above scenario isn’t some dystopian fantasy. Cars with online technology – including sensors that control dashboard components, the entertainment system and even the engine – can be hacked and manipulated.
The two men revealed this with a Jeep Cherokee driven by a Wired reporter, who later published the account. After messing with the radio stations and engaging the wipers, Miller and Valasek, who were sitting in a basement with their laptop, cut the Jeep’s transmission. The reporter was on the highway.
It’s for reasons like this that the IoT has been described as a “ticking time bomb,” if developers cannot find a way to secure it, says Deepak Taneja, founder at Aveska Inc. But despite the clear risks, the advantages of IoT for a myriad of industries, as well as consumers, are immense.
In the vast IoT future, Web-enabled sensors connected to products could identify changes in supply chains down to the smallest detail and then communicate that knowledge to distributors and stores via mobile applications. Traffic signals can adapt to volume on the roads, which would also be embedded with sensors that gauge physical integrity and provide that data to both engineers and drivers in their cars. With new wearable technology, health care specialists could monitor a patient’s chronic respiratory illnesses without a stethoscope and without even being in the same room.
According to Gartner research, 4.9 billion devices will be connected in this way by the end of 2015, up 30% from 2014, and will reach 25 billion by 2020.
As members of the Security Industry Association (SIA) are discovering, the nexus of IoT and security systems will serve as the next revolution in their field. Just as physical building security – controllers, card access, alarms, video surveillance and emergency systems – embraced wireless communication, it will soon see devices sharing critical intelligence data in the Cloud. Providers, meanwhile, will be taking advantage of lower-cost solutions in universal applications and standards.
The industry can either wait for this to happen or actively anticipate where IoT is going, says Jeremy Brecher, chair of the SIA Standards Committee Cloud and Mobility Working Group and vice president of electronic security technology for Diebold.
His working group is tackling the “time bomb” challenge before it puts security providers on the defensive. The working group knows that IoT is not only next generation, but also the natural nexus of cloud and mobility. He says you can’t talk about one without the other two.
“A lot of things in the IoT are starting to encroach into the security space, and it is important to get on it, and move it forward,” says Brecher. The group’s first step is to define terms and sketch out the initial impact of this new “mega trend” on the security industry.
“You have this proliferation of new devices that are online and communicating, as well as producing data and awaiting commands. What we have to do is determine how they will interact with security systems and become part of it,” Brecher explains. “We’re looking at what the movement does, what it means for standards and improving the overall security posture.”
SIA members need to pay attention to the IoT or face the prospect of their systems being left behind. Steve Van Till is the president and CEO at Brivo Systems and chair of the SIA Standards Committee. He calls IoT one of four megatrends – the others being cloud, mobility and social media – that have vast implications for the industry.
Security industry companies need to pay attention to the IoT or face the prospect of their systems being left behind
Van Till breaks down IoT’s pros and cons.
On the plus side, he says IoT will bring more devices online, more data and better analytics, new standards and earlier warnings. Negatively, the expansion of IoT makes current systems more vulnerable to hacking, encroaches on personal privacy and invites compatibility risks.
“The security industry is about five years behind any major trend that is out there. They are late to the party – a lot,” Van Till says. “What I am trying to do as chairman is make things more relevant to get the industry caught up so they can do what’s best for their customers.”
As Van Till describes, the cloud is “the sum total of all the online computing in the universe,” and the security industry has just begun operating in the realm of delivering hosted services over the Internet.
Mobility, on the other hand, is the application of these hosted services over different platforms and devices. According to the working group, practitioners estimate that 75% of all security video, for example, will soon be accessed via mobile devices like smart phones and tablets.
IoT will incorporate all of that, taking security product capabilities to the next level. Devices will be talking to each other, setting up algorithms for generating data, and then aggregating, sharing and storing that data across networks. All this will occur with very little human intervention.
On one end, the industry can benefit from intelligence and greater efficiency gleaned from its own devices, but it will eventually exploit data produced by other, seemingly disconnected devices like residential utilities, cars and even household appliances.
Van Till gives the example of a Web-embedded electric toothbrush, whose sensors determine that’s its been dropped in the middle of the night. Putting that together with other indicators in the house, a break-in could be detected, setting out early warnings and serving as a sort of electronic trail of footprints in what might later become a criminal investigation.
“Almost every device has the capability, like that toothbrush, to report environmental information and can provide data that is relevant to security,” Van Till explains.
That is why the committee wants to explore standards of communication, in other words how devices will talk to each other via Internet protocols.
Right now, there are a myriad of protocols for the IoT, and universal standards have not yet congealed. Experts say the standards will be necessary for critical functions across industries, such as collecting device data and communicating it to servers, connecting devices to people, integrating intelligent machines and connecting servers to each other.
“Clearly there are a bunch of standards that are starting to emerge in the IoT space,” says Brecher. “As we look at common protocols, it is important to look at this from a security industry perspective.”
A number of major tech consortiums are already working on interoperability standards, so he believes there is no need to reinvent this wheel. Instead, the working group wants to examine trends and perhaps make recommendations to SIA members. In the near future, the panel might suggest SIA work directly with the consortiums in their quest for universal protocols and keep members educated about developments and security-specific frameworks.
Meanwhile, anticipating the security risks that networks and devices face in the IoT is just as important as compatibility, said Brecher. Which takes us right back to the hackers and the Jeep Cherokee.
“One of things left wanting in the IoT space is security,” he acknowledges. “You open up a whole new level of risk if there is a breach.”
He says the subcommittee will be exploring key cybersecurity technologies and practices as they relate to IoT in the security space, including encryption, network security, authentication and architecture. Here, too, they will look at the rest of the IT universe as a guide. “We want to pull together the bare essentials that could eventually enter into standards and highlight very specific things that are important to integrators, manufacturers, and customers,” Brecher says.
Steve Van Till will discuss his outlook on megatrends in the security industry at the upcoming SIA Securing New Ground conference, an executive gathering in New York City on Oct. 28-29. He plans to outline how these megatrends are transforming the physical security industry much faster and more deeply than in any previous era, with profound implications for market dynamics, channel structure and the knowledge base required for practitioners.
For more information and registration, visit the conference website at http://www.securingnewground.com.