Welcome to the age of inter-trustability

September 2016 News

The concept of the Internet of Things (IoT) is getting a lot of airtime right now. The IoT is the global network of the future where everything is connected to everything. It’s not a future technology or idea, however, if you have a smart home or even a portion of a smart home, you’re already in an IoT world.

If you have a smart watch or fitness band, you’re also in this world and you probably have no idea who is able to access your information. In security speak, if your security systems are talking to each other, building management systems and human beings via a centralised platform, you’re already ‘IoTing’.

The real IoT, however, goes far beyond the above. In a smart city, for example, street lights, traffic lights (or robots in South Africa), manhole covers and highway gantries (if used competently for the benefit of the users, like that will ever happen) are all examples of ‘things’ that are going to be on the network, sending and receiving information. More than simply sending or receiving information, the things will be acting on information: a simple example would be switching on the heater when the temperature falls below a set level.

My belief is that the key to the IoT, its very foundation if it is to be successful, is security. Yes, IoT will require IT security skills, but IT security doesn’t cut it and IT security people don’t have the ability to handle IoT – they would pick it up easily, but it will be a learning curve. Physical security doesn’t have it either, we can’t even secure an IP camera. Can you imagine asking your financial director for more budget to firewall the air conditioner, or encrypt the controller that waters the garden at certain times of the day?

One of the key areas in which IoT differs from traditional information security is in scale. You are looking at a best-case scenario of having 10 times the number of devices than we currently have online, with more reasonable estimates 20 to 50 times the number. Your free antivirus package is not going to do you much good. For one, the daily updates will crash the Internet.

Another key area is the diversity in the IoT. A plane normally used to fly you overseas is a thing, as is an electronic component in your toaster, and these things aren’t always polite enough to speak IP. Especially in the industrial world, installations are designed to last for many years, not be replaced every three years, meaning you will face a variety of protocols. And doesn’t the security industry have enough issues with IP alone?

What we will require is a security foundation built into the IoT, with standard protocols that deliver ‘inter-trustability’ between devices. To gain our trust, IoT systems will have to build a chain of trust across a variety of devices, using hardware and software security solutions that form part of the core of each device, each platform they are connected to, and every other device.

The bolt-on security we try to use in today’s information-rich environment can’t manage that task. Simply consider your Windows operating system and the apparent ease with which almost anyone with a bit of technical knowledge can get the better of you. When running a nuclear power plant, you don’t want that type of risk – or at least I think most people in the developed world have realised this; a certain family that wants to build nuclear power stations in South Africa probably doesn’t care as long as their cut makes it to Panama.

Andrew Seldon



Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Online fleet management system
Issue 1 2020 , News
Fleet Domain’s online Fleet Management Information System is reducing operating costs and improving safety for South African logistics firms.

Digital insurance bundle for assets and devices
Issue 1 2020 , News
My CyberCare is a specialist provider of personal, and SMME online cyber insurance, cyber detection and cyber monitoring solutions for both local and global consumption.

IDEMIA to supply Morocco’s national electronic ID cards
Issue 1 2020, IDEMIA , News
IDEMIA will supply Morocco with national electronic ID cards and introduce a secured digital identity online services platform.

Rockwell Automation to acquire Avnet
Issue 1 2020, Rockwell Automation , News
Rockwell Automation announced it has signed an agreement to acquire privately held Avnet Data Security, an Israeli-based cybersecurity provider with over 20 years’ experience providing cybersecurity services.

The instruments for investigation
Issue 1 2020, Technews Publishing , Security Services & Risk Management
Regardless of the reason for investigation, the investigation is only as good as the investigators.

Do we really want simplicity?
Issue 1 2020, Technews Publishing , News
Everything today has to be simple, easy and fast. Even access to your bank account has to fit these adjectives and banks spend significant time and money trying to ensure their web and mobile interfaces ...

Longse Distribution to become LD Africa
Issue 1 2020, LD Africa , News
Brendon Whelan, sales manager for Longse Distribution, announced that the company officially changed its name to LD Africa as of 20 January 2020.

Three expos in one
Issue 1 2020 , News
Looking ahead to 2020 Vision: combined Securex South Africa, A-OSH EXPO and Facilities Management Expo 2020 promises to be even bigger and better.

Security events you can’t miss in 2020
Issue 1 2020, Technews Publishing , News
Hi-Tech Security Solutions will host a number of focused events in 2020 to highlight the latest in security technology and the operational benefits they deliver.

David Shapiro to chair ESDA
Issue 1 2020, ESDA (Electronic Security Distributors Association , News
The Electronic Security Distributors’ Association (ESDA), established in 1989, has elected David Shapiro as its chairperson for 2020.