Smart Enterprise Magazine

Volume 8, Number 1, 2014

Issue link: http://www.smartenterpriseapp.com/i/255571

Contents of this Issue

Navigation

Page 16 of 23

O ver the last couple of months, a casual observer could have noticed a variety of security scares related to "connected things"—from hacked baby monitors to hacked cars. In August, a colleague, Matthew McLarty wrote about the security vulnerabilities of the Tesla Model S automobile. Regulators also started to take notice and felt compelled to act by implementing sanctions in one particular case. Given that the problems appear to be systemic, what can companies do to mitigate the risks for connected devices? Rather than looking for yet another technological solution, my advice would be to apply common sense. It's an industry-wide problem, not because of a lack of technology but because security and privacy are afterthoughts in the product design process. Yet these problems did not start with the internet of things (IoT ). For instance, Siemens was shipping industrial controllers with hardcoded passwords before the dawn of the IoT—enabling the now infamous Stuxnet attack. Despite all the publicity, there are still vulnerabilities in industrial control systems, earlier this year, a security researcher unleashed a brute-force password-cracking tool that captures passwords for Siemens S7 programmable logic controllers, that runs machinery in power plants and manufacturing sites, as noted in a Dark Reading article from the beginning of the year. All the best practices and technologies needed to address these problems exist and can be applied today. But it is a people (designer, developer and consumer) problem and a (product design) process problem, not a technology problem. Designing fail- close (rather than fail-open) systems, using meaningful authentication, authorization and encryption settings and so on—all of this can be done today with little or no additional effort. Application Programming Interfaces (APIs ) will form the glue that will hold the IoT together. Layer 7, a CA Technologies company, offers an API Academy that provides a vendor neutral way to disseminate the information product designers need to include best practices for privacy and security in the product design system, not as an afterthought. Essentially, our legal process has not caught up with technology. And it may not for as long as the lack of security merely inconveniences us rather than threatening us with loss of property—or even life! We are pretty good at applying security best practices in aviation because most serious problems with an aircraft in flight are inherently catastrophic. So, let's hope that the recent news of hackers accessing airplane flight control systems acts as a wake-up call for the industry. HOLGER REINHARDT is Product Architect and Business Developer at Layer 7, a CA Technologies company. & the Internet of Vulnerable Things | By Holger Reinhardt 201 4 • SMART ENTERPRISE 17

Articles in this issue

Links on this page

Archives of this issue

view archives of Smart Enterprise Magazine - Volume 8, Number 1, 2014