YAIOTSB Yet another IoT Security Blog

Bryan Davis

Security of the Internet of Things (IoT) has been the hot press  topic in recent times.  It’s if that we the collective users and technologists had the epiphany and mass realization that our “things” are not necessarily secure.

IoT is a broad collection, from a device and hardware perspective  it is a collection including everything from the homeowners NEST thermostat, to the control systems used in industry, from the lowly NodeMCU  to large control systems like Honeywell’s Experion® Process Knowledge System (PKS) or Allen Bradley systems.   IoT is also a collection of data, stored locally and in the cloud, concatenation of the data collected from individuals or corporate systems all with the intent of providing relative, accurate data for decision making.  Therein lays the real issue, securing IoT devices and data is not and in the foreseeable future will not be a one size fits all model.  Good news…. It need not be!

Meetings and groups and consortiums will over time develop agreed upon standards on security and interoperability all with direction towards a panacea which we know will be part of an ongoing war between the user community and the nefarious (defined as unethical) hackers who we all feel could better spend their time productively within our community.  These efforts will be ongoing,  in a fledgling industry (not really but the buzz indicates so) there will be many interim steps as well as many publicized events of breaches.

Knowing the vulnerabilities and wide net that IoT has and will encompass lets us categorize and address security issues in a logical manner beginning with the cliché low hanging fruit, working towards the nirvana of encapsulated secure interaction of devices and controlled accessibility to collected data.

From that wide net  view of IoT we have to secure the following elements, each which will need to be addressed in both separate and combined fashion as elements become part of larger and growing systems and networks of collected data and useful output.

Sensors – the simplest core units may not need any special attention, for instance the 2N3906 transistor used as a temperature reading device  has no individual method or need for securing its data, however the system to which it is connected, Arduino, Raspberry Pi, or an Edge server with 1000’s of connected sensors will need to be addressed  and addressed at many levels.  Data collection devices – this includes smart phones, the microcontroller, microcomputers including those mentioned previously to large specialized devices that are both storage and network enabled passing data to larger repositories

User Devices – from smart phones,  dedicated displays, tablets, laptops to most any computing device as a point of entry.  These devices are the portals to entry,  the link to the network.  We all know the ongoing issues with phone security as well as the security of devices when left to the induvial user  (not accounting here for corporate policies)  With more sensors and data collection, remnants of that data is left behind in memory and files all with varying degrees of sensitivity and

Network – including  Ethernet, Wifi, Bluetooth, xbee, zigbee and a plethora of developing low voltage – long distance protocols and hardware.  Each of these presents it’s own unique vulnerability and course of action.  The network arena with various IPSEC strategies and specialists is well known well addressed and constantly on alert.  There will certainly be ongoing work and the continuing war between the white and black hats, but we are not starting from a position of ignorance here.

Storage – public storage,  in that last media darling buzz word, cloud and cloud storage, past the network component challenges of  secure backup, archival, physical and network security rolled into one.  We all assume cloud datacenters to be secure, but those assumptions often are where  we experience learning in the future.  Current issues surrounding the integrity, backup, replication and longevity (archival) are ongoing, addressable and preparatory for the future growth and onslaught of data.

Reporting – tools and people using the collected data, this  is where the real useful nature of IoT lays, taking all of that collected data and developing the trends, truths and evidence to assist personkind with improving life , business and condition.  The integrity, accuracy and controlled accessibility  of both people and connected tools are the primary concerns.  It can be viewed as we view HIPAA, who should have access and are there specific privacy concerns of this aggregated data.  We have many frameworks for datasets that can be applied to reporting and the eyes which view the reports,  now is the time to segregate and apply the appropriate measure.

 

Consumer devices are combining and crossing the elemental lines described above from smart home devices,  smart TV and phones to the explosion within the makerspace community and the popularity of cheap microcomputers and controllers, all of which in similar fashion to the user devices above leave security in the hands of the end user.  Which creates a range of user applied security, from those who take it seriously, know the latest vulnerabilities diligently addressing and patching, to those who never change the default password.   Education and training, along with some harshly learned lessons are all that can be systemically addressed at the individual level.

Our data must be considered in similar vein to small  children, never leave it unattended, watch it carefully and be a diligent caretaker / caregiver.

We will long be hearing about security issues with the IoT and IIoT ( industrial internet of things) , there will be events , there will be news and there will be times of panic.  Vast is the foreseeable landscape of profit, benefit and knowledge,  we will together forge ahead, knowing those people and the issues they create, we will be both proactive and sometimes reactive.  Nothing about data security is easy,  the effort is active and underway on many fronts,  IoT  and all it contains has a bright future as long as we continue the work and the hard work of staying a step ahead.

As with security, there will be an ongoing blog… to be continuous. lab

12 thoughts on “YAIOTSB Yet another IoT Security Blog”

  1. Did you just create your new Facebook page? Do you want your page to look a little more “established”? I found a service that can help you with that. They can send organic and 100% real likes and followers to your social pages and you can try before you buy with their free trial. Their service is completely safe and they send all likes to your page naturally and over time so nobody will suspect that you bought them. Try their service for free here: http://garye.co/10x

  2. I was just looking at your YAIOTSB Yet Another IoT Security Blog | Things And Of Things #IoT website and see that your site has the potential to get a lot of visitors. I just want to tell you, In case you didn’t already know… There is a website network which already has more than 16 million users, and most of the users are interested in topics like yours. By getting your site on this service you have a chance to get your site more visitors than you can imagine. It is free to sign up and you can find out more about it here: http://goovernow.com/1v – Now, let me ask you… Do you need your website to be successful to maintain your business? Do you need targeted traffic who are interested in the services and products you offer? Are looking for exposure, to increase sales, and to quickly develop awareness for your website? If your answer is YES, you can achieve these things only if you get your website on the network I am talking about. This traffic network advertises you to thousands, while also giving you a chance to test the network before paying anything. All the popular blogs are using this service to boost their traffic and ad revenue! Why aren’t you? And what is better than traffic? It’s recurring traffic! That’s how running a successful site works… Here’s to your success! Read more here: http://hud.sn/2fkg

  3. Hello my name is Rebecca and I just wanted to send you a quick message here instead of calling you. I came to your YAIOTSB Yet Another IoT Security Blog | Things And Of Things #IoT website and noticed you could have a lot more visitors. I have found that the key to running a popular website is making sure the visitors you are getting are interested in your subject matter. There is a company that you can get keyword targeted visitors from and they let you try their service for free for 7 days. I managed to get over 300 targeted visitors to day to my site. http://5e2.ru/dfdz

  4. I see you don’t monetize your site, i know how to make good passive income using one simple method, just search in gogle for: Coisin’s tricks

  5. I see you don’t monetize your site, i know how to make good passive income using one simple method,
    just search in gogle for; Coisin’s tricks

  6. I decided to leave a message here on your YAIOTSB Yet Another IoT Security Blog | Things And Of Things #IoT page instead of calling you. Do you need more likes for your Facebook Fan Page? The more people that LIKE your website and fanpage on Facebook, the more credibility you will have with new visitors. It works the same for Twitter, Instagram and Youtube. When people visit your page and see that you have a lot of followers, they now want to follow you too. They too want to know what all the hype is and why all those people are following you. Get some free likes, followers, and views just for trying this service I found: http://spotapp.mobi/8aes

  7. I was just looking at your YAIOTSB Yet Another IoT Security Blog | Things And Of Things #IoT site and see that your website has the potential to get a lot of visitors. I just want to tell you, In case you don’t already know… There is a website network which already has more than 16 million users, and the majority of the users are looking for websites like yours. By getting your website on this service you have a chance to get your site more visitors than you can imagine. It is free to sign up and you can read more about it here: http://go.byross.net/1S – Now, let me ask you… Do you need your site to be successful to maintain your business? Do you need targeted traffic who are interested in the services and products you offer? Are looking for exposure, to increase sales, and to quickly develop awareness for your site? If your answer is YES, you can achieve these things only if you get your site on the service I am talking about. This traffic service advertises you to thousands, while also giving you a chance to test the service before paying anything at all. All the popular sites are using this service to boost their readership and ad revenue! Why aren’t you? And what is better than traffic? It’s recurring traffic! That’s how running a successful site works… Here’s to your success! Find out more here: http://v-doc.co/nm/txxrz

  8. I was wondering if you ever thought of changing the
    structure of your site? Its very well written; I love what youve got to say.
    But maybe you could a little more in the way of content so people could connect
    with it better. Youve got an awful lot of text for only having 1 or two pictures.
    Maybe you could space it out better?

  9. Hello, i read your blog occasionally and i own a similar one and i was just curious if
    you get a lot of spam responses? If so how do you reduce it, any plugin or anything
    you can recommend? I get so much lately it’s driving me crazy so any assistance is very
    much appreciated.

Leave a Reply

Your email address will not be published. Required fields are marked *