{"id":4732,"date":"2015-04-09T04:09:38","date_gmt":"2015-04-09T08:09:38","guid":{"rendered":"http:\/\/me-en.kaspersky.com\/blog\/?p=4732"},"modified":"2020-02-26T18:59:41","modified_gmt":"2020-02-26T14:59:41","slug":"internet-of-things-and-cybersecurity-of-infrastructure","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/internet-of-things-and-cybersecurity-of-infrastructure\/4732\/","title":{"rendered":"Internet of things and cybersecurity of infrastructure"},"content":{"rendered":"<p>The word \u201cIoT\u201d (Internet of Things) has been a buzz word for several years now. It has become the era when more home electronics and cars are connected to the Internet, and many businesses see great opportunities here. At the same time, as you may already know, people have started asking whether those devices and cars are safe from online threats.<\/p>\n<p>Eugene Kaspersky\u00a0<a href=\"http:\/\/www.usatoday.com\/story\/tech\/2014\/11\/06\/eugene-kaspersky-lab-antivirus-internet-threats-dublin-web-summit\/18580303\/\" target=\"_blank\" rel=\"noopener nofollow\">rephrased IoT as \u201cInternet of Threats\u201d in his interview by USA TODAY<\/a>. It corresponds with the\u00a0<a href=\"https:\/\/www.ftc.gov\/system\/files\/documents\/public_statements\/617191\/150106cesspeech.pdf\" target=\"_blank\" rel=\"noopener nofollow\">comments by Edith Ramirez<\/a>, the Chair Woman of Federal Trade Commission at CES 2015 in Las Vegas. Truly, the thing has no way out from a cyber security aspect. No one has ever found the best solution to answer this BIG security issue, just like other typical cyber security issues we are facing now.<\/p>\n<p>In actuality, IoT has been recognized as a \u201cNew Market\u201d with its huge potential.\u00a0<a href=\"http:\/\/www.forbes.com\/sites\/gilpress\/2014\/08\/22\/internet-of-things-by-the-numbers-market-estimates-and-forecasts\/\" target=\"_blank\" rel=\"noopener nofollow\">According to this article in FORBES<\/a>, Cisco stated its economic value would increase to $19 trillion by 2020, calling it \u201cInternet of Everything.\u201d Gartner estimates that IoT product\/service suppliers will reach $300 billion revenue by 2020. IDC forecasts the market of IoT solutions will be expanded from $1.9 trillion in 2013 to $7.1 trillion in 2020, making it 3.7 times larger.<\/p>\n<p>Gadgets which record personal biometric, health, and location information \u2014 such as globally-trending wearable devices \u2014 are also in the category of IoT. However, in terms of the degree, the risk they pose is not overwhelming.<\/p>\n<p>Such devices are personal, but they are not consisting infrastructures for our lives and societies. In other words, you may effectively reduce the risk of data leakage on your own by stopping using a wearable device or a cloud service while you are working out. It\u2019s totally up to you.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Hacking car washes &amp; fitness bands, the future of the Internet of Things? Good <a href=\"https:\/\/twitter.com\/hashtag\/security?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#security<\/a> review from <a href=\"https:\/\/twitter.com\/kaspersky?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">@kaspersky<\/a> <a href=\"https:\/\/t.co\/2sNeGw0gei\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/2sNeGw0gei<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/IoT?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#IoT<\/a><\/p>\n<p>\u2014 Tom Gillis (@_TomGillis) <a href=\"https:\/\/twitter.com\/_TomGillis\/status\/573949675700551680?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">March 6, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>On the other hand, real IoT mostly consists of systems or services traditionally called \u201cM2M\u201d (Machine to Machine). Those are the ones closely integrated (or expected to be integrated) with environmental\/social infrastructure, thus cybersecurity is as highly critical as the critical infrastructure in question is.<\/p>\n<p>For example, some of you might have heard about\u00a0<a href=\"http:\/\/en.wikipedia.org\/wiki\/Smart_grid\" target=\"_blank\" rel=\"noopener nofollow\">smart grids<\/a>\u00a0or microgrids. These are systems that manage the regional power consumption by balancing the electric power consumption at home and the electric power generation by wind\/solar energy, or gas cogeneration systems. Smart meters are set to each home for this monitoring purpose. It is reported that\u00a0<a href=\"http:\/\/www.tepco.co.jp\/smartmeter\/index-j.html\" target=\"_blank\" rel=\"noopener nofollow\">Tokyo Electric Power Company has already installed thousands of smart meters<\/a>. It would be possible to say that this is the very first step for deployment of a smart grid in the near future.<\/p>\n<p>\u00a0<\/p>\n<p><span class=\"embed-youtube\" style=\"text-align:center; display: block;\"><iframe class=\"youtube-player\" type=\"text\/html\" width=\"640\" height=\"390\" src=\"https:\/\/www.youtube.com\/embed\/Aemrq6mHstM?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent\" frameborder=\"0\" allowfullscreen=\"true\"><\/iframe><\/span><\/p>\n<p>\u00a0<\/p>\n<p>What can a cybercriminal do by abusing the mechanism? They could, for example, reduce or increase payment by giving wrong data of power consumption and\/or generation to a smart meter.<\/p>\n<p>It\u2019s not hard to discover other possible scenarios of attacks on critical infrastructure. By taking over traffic control systems, one can panic traffic, intentionally trigger a car accident, or even disrupt public transportation systems. Those might affect our daily lives and economy as well.<\/p>\n<p>There used to be some list of service-disruptions causes, including a bug\/disorder in a software\/system or a natural disaster. Now, we have added cyberattack on the list.<\/p>\n<blockquote class=\"twitter-pullquote\"><p>How to deal with #IoT and #sybersecurity of critical infrastructure<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2F3JHH&amp;text=How+to+deal+with+%23IoT+and+%23sybersecurity+of+critical+infrastructure\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<p>We need to learn from incidents, then implement much safer mechanisms to IoT systems that operated as parts of social\/life infrastructures. To be more precise, operators and developers of IoT systems should ask the following questions to themselves:<\/p>\n<p><strong>1. Do I prioritize ease of use rather than security?<\/strong><br>\nIt is important to decrease usability for attackers in order to increase system security. Ease of use for users means the same to attackers. Last year, it was reported that\u00a0<a href=\"https:\/\/www.kaspersky.com\/blog\/massive-webcam-breach\/\" target=\"_blank\" rel=\"noopener nofollow\">webcams used with default setting had posed a privacy violation<\/a>. The incident tells us that device makers should keep security in mind. Please don\u2019t forget to encrypt data and communication.<\/p>\n<p><strong>2. Do I believe that \u201cread-only\u201d systems are secure?<\/strong><br>\nThey are not secure. Applications are running in the memory regardless, so an attacker can find the way of intrusion. Networking devices are usually developed with Linux OS, and it is known that Linux OS has\u00a0<a href=\"https:\/\/www.kaspersky.com\/blog\/how-i-hacked-my-home\/\" target=\"_blank\" rel=\"noopener nofollow\">a lot of exploitable vulnerabilities<\/a>. Once an attacker can hold control of the device, he can hack into the entire IoT system.<\/p>\n<p><strong>3. Do I believe that my devices will never be hijacked?<\/strong><br>\nAny device is able to be hijacked. So, it\u2019s highly important to monitor the health of the entire system, including connected nodes. It is also important to have any measure to detect anomalies with every node. Remember how\u00a0<a href=\"https:\/\/www.kaspersky.com\/blog\/stuxnet-victims-zero\/\" target=\"_blank\" rel=\"noopener nofollow\">Stuxnet penetrated into the Iranian facilities<\/a>\u00a0which should have been well-protected?<\/p>\n<p><strong>4. Did I cut testing cost?<\/strong><br>\nPenetration tests are very important. Tests should be carefully organized in accordance with your system\u2019s security requirements. It is strongly recommended to implement these tests in your normal development process.<\/p>\n<p><strong>5. Do I believe that security is not a requirement?<\/strong><br>\nSecurity is one of the crucial requirements. Let\u2019s think about it from the very start of planning\/developing your system or service. Without sufficient security measures in place, IoT cannot be a part of secure life\/social infrastructures.<\/p>\n<p>If one\u2019s answer for any of these questions is positive, it may become a really big problem not only for the man or company itself, but also for lots of other people.<\/p>\n<p>\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The word \u201cIoT\u201d (Internet of Things) has been a buzz word for several years now. It has become the era when more home electronics and cars are connected to the<\/p>\n","protected":false},"author":591,"featured_media":4733,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5],"tags":[969,628,765],"class_list":{"0":"post-4732","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"tag-connected-devices","9":"tag-internet-of-things","10":"tag-iot"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/internet-of-things-and-cybersecurity-of-infrastructure\/4732\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/internet-of-things-and-cybersecurity-of-infrastructure\/5631\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/internet-of-things-and-cybersecurity-of-infrastructure\/5726\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/internet-of-things-and-cybersecurity-of-infrastructure\/5823\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/internet-of-things-and-cybersecurity-of-infrastructure\/7394\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/internet-of-things-and-cybersecurity-of-infrastructure\/8088\/"},{"hreflang":"zh","url":"https:\/\/www.kaspersky.com.cn\/blog\/internet-of-things-and-cybersecurity-of-infrastructure\/2822\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/internet-of-things-and-cybersecurity-of-infrastructure\/7191\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/internet-of-things-and-cybersecurity-of-infrastructure\/7394\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/internet-of-things-and-cybersecurity-of-infrastructure\/8088\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/internet-of-things-and-cybersecurity-of-infrastructure\/8088\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/connected-devices\/","name":"connected devices"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/4732","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/591"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=4732"}],"version-history":[{"count":3,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/4732\/revisions"}],"predecessor-version":[{"id":15994,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/4732\/revisions\/15994"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/4733"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=4732"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=4732"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=4732"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}