A Connected World
The following is based on an original eye-opening article from Andy Marken. “So, You’re Going to Solve the DDoS, Hacker Problem”. This is a sobering good read about our connected world and a realistic, objective look at the Internet of Things. The following is our take on the subject with quotes from the original article. Let us know your thoughts in the comments below.
Back in 2014, John Chambers, then the CEO of Cisco, pitched the connected world to an eager audience at CES – He listed; home, airport, hotel, car, office, products, individuals – and called it the Internet of Everything (IoE). He described it as a business of 50B+ things worth $20+ that will change our lives forever … It has.
Distributed Denial-of-Service (DDoS)
Not too long ago there was a rather big Distributed Denial-of-Service (DDoS) in the U.S. It may have interrupted your work or play online. A fact is that there are so many of these. Unless it’s really big; we won’t even notice them. So why be concerned? Well if you bought into the idea of connecting everything in your life to the Internet you may want to ponder this and keep reading.
As Andy Marken tells us “Security and privacy are tough to get right”. After all, these are the least sexy features in connected devices and are not something people generally ask or care about.
“Constant Growth – More people want more devices to use with more apps to be connected with more people who are all creating (and consuming) more content that produces more money. We just can’t get enough of everything.”
Opportunity In A Connected World
“According to HIS Markit, folks in North America have an average of 13 internet-connected devices”. Then, there’s the business side of the connected world and Internet of Things. Sounds like an opportunity which is why Venture Capitalists are pouring money into everything that falls into the category of IoT.
“Cooling Slightly – While VCs are slowing up on their investments on new IoT start-ups, there are still a lot of ideas being funded as everyone tries to figure out where they (and the other guy) fit into the global connected things world.”
Good Ole Days
Remember the days when only our computers were connected to the Internet. We kept our software updated, developed a strategy for using and storing tough passwords. We would think twice before opening attachments we had a backup strategy just in case.
A New World
Then smartphones came along followed by tablets and handhelds of every stripe. Then security cameras got connected. As our connected world grew, companies got more and more creative about what can be connected to the Internet.
“Connect your baby monitor so you can check on the kid when you’re in the next room, in the office, across the country. Give your little girl a Barbie that talks to her and Mattel so they can plan the next great offering.
Let your car connect to the insurance company so they can monitor your safe driving and give you a big discount. Or connect to the car company so they can tell you when you need a tune-up or oil change.
How about an intelligent thermostat that can be told to heat/cool the house because you’re coming home and want it comfortable when you arrive; or a home alarm system that opens the garage door as you approach so you don’t have to hit the button.
The music system can be connected to several streaming services and your OTT (over the top) 4K TV for even more streaming and feedback to the service so the systems can “learn” your listening/viewing taste.
Then there’s the sensor that monitors the performance of a drill press that says when it is being overused and needs a rest. Or the inventory sensor that tells shipping how many cases of soda are on hand and where they’re located so they can be quickly shipped to your grocer. It’s also automatically connected to their inventory system so they know how quickly they’re turning goods.”
“Puzzle Pieces – In the not too distant future, it’s projected that there will be more than 50B things that are connected to each other sending tons of data back and forth so things can be done better and more economically.”
All of the personal, home and business gadgets we buy in the IoT category have some level of security designed into the product to protect itself and provide the user some level of privacy and peace of mind. That is of course if you take the time to read the instructions and actually follow them.
We all take precautions like changing the default username and password on a new device, right? I don’t think many of us do, why because that stuff is boring. Most of us don’t even read the documentation. That is if it’s even included with the product. Instead, we plug-n-play.
Most IoT experts will agree that the IoT is a good thing. Good for business, beneficial in our daily lives, etc. The number of new units seems to support this thinking, “more than five million new devices are being added every day”.
In order to bring devices to market and into your home or business before the competition, companies include some type of security solution. It’s tested a few times and then they ship it. As soon as it’s connected Big Data begins collecting data to improve your life.
“Big Data – The smart home, car, company, city, state etc. will be capturing and sending petabytes of data to storage in the cloud so it can be processed, analyzed and used. The devices and cloud storage are inviting opportunities for hackers/thieves to harvest and use them against you.”
Big Data gets a lot in return for your participation in the Internet of Things.
Let’s look at some common things Andy Marken tells us we and our families do every day:
- YouTubers upload 600 hours of video, which is an increase from 300 hours just a year ago
- Netflix subscribers stream nearly 180,000 hours of video
- Vine users view more than 1 million videos
- BuzzFeed users watch more than 34,000 videos
- Instagram users like more than 1.7 million photos
- Snapchat users share nearly 600,000 snaps
- Pinterest pinners pin nearly 30,000 images, up from 8,400 a year ago
- Facebook users Like more than 8.1 million posts
- Twitter users tweet more than 500,000 times, up from 277,000 a year ago
- Apple users download 120,000 apps, up from 48,000 a year ago
- Amazon sees more than 10,000 unique visitors
- Uber passengers take nearly 1,000 rides
Remember these are daily numbers. These companies promise to keep your data private…until it’s not.
Facing the Threat
Generally, governments insist that their citizen’s privacy in the services, websites and the devices they use is respected by the companies that provide consumer technology. The expectations are that they deal with it. And to some degree they do. But in this new age, we apparently offer up tons of personal information voluntarily.
“Privacy – Governments are demanding that individuals’ information remain private and not distributed/used. However, people gleefully post information and activities on social media and will trade information with companies for “special considerations.”
Savvy marketers know that if you offer something special, like a discount, a coupon or something for free, you will reel them in. The consumer just provides basic innocuous information like; your name and email address and then they have you on big data. It’s so easy for marketers and seemly harmless to the consumer. For the most part, it is. That is…until it isn’t.
The problem with a big Distributed Denial-of-Service (DDoS)-and all intrusions for that matter, is that everyone in the chain was part of the problem.
“Duncan Brown, IDC’s research director said, “As soon as you connect something to the Internet, it’s hackable and it’s a target,””
John Chambers said it best.
“It’s True – Those who are most knowledgeable about the world online know that it’s a dangerous place with hackers and cyber criminals seeking to take over systems and devices for their own use. The bad guys/gals look for people who don’t think about it much.”
IT folks and Chief Security Officers (CSOs) and leading IT media have been talking about this problem for years. Senior management’s response in recent years has been to put it all in the cloud and let the cloud service worry about security. An added benefit for companies is that this allowed them to reduce their IT staff.
Passing the buck may seem like the solution but it doesn’t really work for companies.
“Cost of Doing Business – Data breaches have almost become a cost of doing business by organizations globally. Even as IT experts work to shore up the company’s network to protect vital data, individual employees accidentally, purposefully or naively make the job of penetration very easy for hackers and criminals.”
The Threats In A Connected World
The threats are real and they come from multiple sources:
- Current employees
- Suppliers and business partners
- Current service providers
- Hackers and cyber criminals
The vulnerabilities are true for every connected device you buy for personal use, your home or business. It can cost you if someone takes control of your smartphone, or home and security system. Even more, danger can come from a connected car. This scenario can really hurt.
“Driving a Hack – The increasingly connected car represents a new playground for hackers because of people’s desire to have WiFi and streaming infotainment as they sit in traffic. With more and more of the automobile being controlled by sensors and processors, hacking a car can be a nuisance, expensive and downright dangerous.”
Hackers can access the connected car as was done with Chrysler / Jeep and cause a crash. If they’re not that vicious, they can access the car through its many data points. The connected car is constantly chatting with the manufacturer or the infotainment cloud leaving your personal data vulnerable and you would never know it until you find weird purchases you never made.
Assessing the Risk and Solutions
In earthquake terms, Dyn’s DDoS was equivalent to a 2.5 but it gives us some insight of what lies ahead.
“Today’s Internet was never designed to be secure and robust. It’s a network of networks so more than a few have recommended the building of Internet 2.0 and do it right given today’s technical expertise and how mission critical it is for banking, health care, the power grid, etc.; and, I suppose, the other non-critical stuff like spam, email and social media posting,”
We would normally blame the weakest link, but in this case, it seems like the entire security chain is busted.
- Eventually, everything and everyone will be connected. Personal data will still be personal but can be easily shared or used by others.
- Every person will have a unique digital identifier to ensure an accurate and precise digital identity to eliminate cyber crime.
A number of rulings and recommendations by governments and standards groups have been put forth to ensure it doesn’t happen again … until the next time!
Manufacturers need to address the fundamental issues:
- Security and privacy must be the first priority in the design criteria and not an afterthought.
- Extensive testing must be performed with a broad base of users as well as the technically elite.
- Develop and maintain advanced formal plans on how to upgrade and enhance security when it is hacked because it’s inevitable.
- Keep detailed records on your customers so they can be contacted directly and immediately in the event of a breach. You cannot expect channel partners to be responsible or bear this burden.
Customers or end users need to share most of the responsibility in the connected world
Perhaps a solution for the connected world is to implement a concept that has been used in Europe for years. In Europe that would be the identity card that includes all of your unique information. Rather than a physical ID card, a personal identity code issued at birth and retroactively issued to the rest of us may be the answer. Think of it like the DNS (domain name system) that is used throughout the Internet. Every node on the Internet has a unique identifier, the IP address. Evey device has a unique identifier, the Mac address. But the unique ID I’m speaking of would be for the individual only, not a device or service.
I’m sure there are drawbacks that I haven’t thought of as of this writing but the identity would be unique, non-transferable and identifiable for every man, woman, and child that goes online directly or indirectly. There would be no memorizing identity codes, account numbers or complex passwords.
It may not be the best solution, but even Pogo knows…
# # #
Let us know your thoughts on the connected world in the comments below and remember to Subscribe to CupertinoTimes.com