Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
02:08 PM
Steve Grobman
Steve Grobman
Partner Perspectives

Internet Of Things: 50 Billion Connected Targets

We must work to minimize attackers' incentive and opportunity while maximizing their risk.

With the growth of the Internet of Things (IoT), we are rapidly approaching 50 billion connected devices (with varying degrees of security) that are becoming more and more valuable to attackers. We have already seen the beginnings of this shift, as cyberattacks against physical assets -- from cars to electric power stations -- move from science fiction to reality.

Cyberattackers, like anyone, are driven by incentives, and the greater the incentive, the more likely someone is to attack a particular target. We can express the probability of an attack against any particular target as the incentive times the opportunity, divided by the risk. 

Over the past few years, we have watched the variables in this equation change in value. Credit card data was an early opportunity, stolen and then quickly utilized before the numbers were cancelled. As companies increased their protection efforts, the incentive and opportunity decreased. Attackers explored other types of data theft, trying to find a new and valuable resource, with varying success.

This year, ransomware has been on the rise, delivering the promise of an even bigger payout. Instead of stealing credit card data and being burdened with figuring out how to monetize the asset, attackers have moved to a system where they can charge an immediate fee directly.  Through ransomware, cybercriminals encrypt data on a user’s device and simply make it unusable until the owner pays a ransom. The advent of Bitcoin and other crypto-currencies that support anonymous transactions further lowered the attackers’ risk.

Fueled by meaningful incentives and minimal risk, attackers looked for greater opportunities with larger payouts. We see ransomware actively moving from the consumer space -- charging a few hundred dollars to retrieve one’s photos or personal files -- to larger soft targets such as hospitals and universities. In recent news, we saw attackers charging these organizations (and being paid) thousands of dollars to get access back to critical business data. With this trend growing, large enterprises and IoT are just over the horizon as targets for ransomware attacks.

Incentive And Opportunity

The number and diversity of IoT devices rapidly becoming connected create an intriguing opportunity in the cyberactivity equation. We’ll soon have tens or hundreds of millions of potential targets, connected to physical assets such as water, energy, automobiles, and machinery, with many times the value of digital records. Incentive and opportunity both increase substantially. And the outcome of successful cyberattacks can literally be life-threatening.

Strategically, we need to approach IoT differently than we do the PC. In PC security, we work aggressively to prevent an attack, and fall back to quickly detecting an infiltration and remediating when necessary. With IoT, once an attacker perpetrates a successful exploit, it may be too late. Detecting an intrusion after your car has been driven off a cliff, electricity shut off, or factory machinery damaged is only so useful.

IoT requires a different approach than is used to defend traditional business systems. The current model, where the security industry is separated from the solutions industry (in the case of business, OSVs, ISVs etc.), does not scale to the diverse architectures that exist in the IoT landscape. Additionally, network opacity (most network traffic is becoming encrypted) restricts a network security approach to focus on only a small subset of threats. A new model is required where the security industry and IoT industry recast solutions architecture to enable both to contribute elements that they have expertise in.

We need to be forward-looking and purposeful with how we architect security in the burgeoning world of IoT. There are four steps we can take to affect the IoT cyberattack equation:

  1. Design with security in mind. All devices and solutions built around IoT have to be designed thinking about security from the outset. One example is using the concept of least privilege to minimize attackers’ opportunity: Devices, systems, and applications should have access to the bare minimum capabilities required to perform their function. Developers must understand the full lifecycle from shipping to decommissioning, follow coding best practices, and leverage the many hardware and software security capabilities available (hardware separation, ASLR etc.).
  2. Look at security from different levels of zoom. Valuable data is vulnerable and security breaches possible at all levels, from an individual sensor to a connected device to the overall system. System-level infiltrations may deliver the highest incentive to attackers, but breaches are possible at the sensor or device level. IoT security means understanding the full context of the system, as well as the individual components.
  3. Support the academic industry in producing more cybersecurity professionals. Ultimately, the security and IoT industries need to evolve and collaborate, from education to deployment. Cybersecurity should become a core discipline of engineering, alongside calculus, physics, and chemistry. Development lifecycles must include a security component, similar to the quality component. All of this must be researched, taught, and reinforced, from undergraduate programs to professional continuing education. 
  4. Think like the adversary to anticipate exploits and address them in advance. Finally, we need to continue to think like our adversaries, refining threat-agent profiles, identifying digital assets, and assessing weaknesses. Deployment processes must evaluate how to minimize the incentive and opportunity for attackers, while maximizing their risk.

We have adapted in the past as we learned about new threats, and we will have to again. But this adaptation is a big one for IoT because without it, a major evolution of our technology infrastructure is at serious risk of failure. 

Steve Grobman is the chief technology officer for Intel Security Group at Intel Corporation. In this role, Grobman sets the technical strategy and direction for the company's security business across hardware and software platforms, including McAfee and Intel's other security ... View Full Bio
Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
How SolarWinds Busted Up Our Assumptions About Code Signing
Dr. Jethro Beekman, Technical Director,  3/3/2021
'ObliqueRAT' Now Hides Behind Images on Compromised Websites
Jai Vijayan, Contributing Writer,  3/2/2021
Attackers Turn Struggling Software Projects Into Trojan Horses
Robert Lemos, Contributing Writer,  2/26/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-03-05
A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to A vulnerability in the AirWave web-based management interface could allow an unauthenticated remote attacker to conduct a CSRF attack against a ...
PUBLISHED: 2021-03-05
A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to Vulnerabilities in the AirWave CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could a...
PUBLISHED: 2021-03-05
TOTVS Fluig Luke platform allows directory traversal via a base64 encoded file=../ to a volume/stream/ URI. This affects: Fluig Lake 1.7.0-210217 Fluig Lake 1.7.0-210112 Fluig Lake 1.7.0-201215 Fluig Lake 1.7.0-201124 Fluig Lake 1.7.0-200915
PUBLISHED: 2021-03-05
A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to A vulnerability in the AirWave web-based management interface could allow an unauthenticated remote attacker to conduct a CSRF attack against a ...
PUBLISHED: 2021-03-05
jpeg-xl v0.3.2 is affected by a heap buffer overflow in /lib/jxl/coeff_order.cc ReadPermutation. When decoding a malicous jxl file using djxl, an attacker can trigger arbitrary code execution or a denial of service.