Fishy Affairs of IOT

Dr G P Tripathi

The Washington Post of 21st July, 2017 had a news titled: “How a fish tank helped hack a casino”. It is said that Alchemy originated to purify and trans mutate the base metals into noble metals particularly gold and to create an elixir of immortality. Similarly, hardcore cyber criminals’ choicest targets are large banks (treasury) and perhaps the second rank on their list would be casinos. Not that it’s any secret that banks or casinos don’t already know, hence they are generally well prepared with all kinds of firewalls and anti-cyber-attack shields including incidence response teams waiting in the wings. Indeed, a sad situation from Hackers point of view.

But Thieves have to be lucky only once. According to quoted WP report: there was a fish tank in the lobby of the casino, which had sensors connected to a PC that regulated the temperature, food and cleanliness of the tank (perhaps basic innocent IOT application). Somebody got into the fish tank IOT sensors and used it to move around into other areas (of the network) and sent out data. The casino’s name and the type of data stolen were not disclosed in the report for security reasons, while report said 10 GB of data were sent out to a device in Finland. This one is the most entertaining and clever thinking by hackers.

Clever thinking for sure but most entertaining? Must ask the Casino owner!!

The Challenge

While the potential of Industry 4.0 and IOT is so huge for the World, it needs carefully laying its foundation. Google’s Chief Data Scientist Cassie Krozykov puts it so well. The new possibilities offered by IOT, AI and DI (Decision Intelligence) is so immense that it’s like a large magic lamp handed over to us by the Genie. This puts huge responsibility on us the wishers, because those who suffer indecision or wrong decision, would go down the drain at much faster technologically accelerated rate now. This wrong decision must now be appended with: not carefully planning and securing the IOT components and the network, as well. In other words, taking care of fish ponds in the system.

The problem is these magic lamps are going to see a massive proliferation due to IOT & AI. If not planned well, it can cause disaster, on the other hand if a well-structured system of skilling and scaling is designed and put into practice, we are then poised towards at a new dawn of technological renaissance.

The Size of Fish Pond?

Its estimated that by the year 2020 there could be possibility of over 20 billion such fishy-affairs, what I meant is that over 20 billion devices could be connected under internet of things (IOT) umbrella. While the losses due to such breaches in cyber security depend on what is attacked and what is stolen, however, even the cost of incidence response alone will put the hacked entity by few million dollars. Most, companies and the regions of the World have not even opened their account with IOT yet those who have been the early adopters, its estimated that over 80% of them have already faced security breaches.

According to AT&T’s Karthik Swarnam: Cyber-crime damages are expected to rise to US$6 trillion annually by 2021. With enough successful attacks, our trust in the internet will crumble. So, lets avoid making IOT as a new entry point for cyber invaders for their costly fishy affairs.

Each use case needs a different treatment recipe. Protecting IOT devices alone will not suffice, the whole new secure ecosystem needs to be established around it. Your cyber security consultants, incident response and security designers must envisage all possible security risks from such deluge of connected devices specifically considering the ecosystem in which they shall operate in its entirety with peculiarities of specific use case. This is why when decision to involve security team right from the conception stage is taken, most of the security features could be embedded in the design itself, avoiding costly patch work later. While the sensors and devices measure designated parameters, they are to transmitted across the networks to processing unit and cloud systems as well as display various outcomes on dashboards and displays locally on shop floors, in the control room and may be in various monitoring centres and even at a central surveillance HQ. All these information flow has to be fully secured from prying eyes of competitions, Enemies, spies and other interests or evil eyes.

Integrated Approach

The new era of IOT shall require integrated approach to avoid the fish pond kind weak links of the security chain. Thus, plugging all possible gateways, specially the new ones that could be caused by IOT (if left un-checkmated) for the prying invaders, must be the goal. Integrated approach will also involve the techno economics of the application which of course must comply to new principles of “Outcome Economics” on which I shall write separately.

The first thing that IOT shuns is isolation. The smart outcomes of Internet of things are enabled by optimal combination and mutually reinforcing configuration of devices, sensors, connectivity, data science, analytics, cloud, Algorithms, cyber security and technology.

Conclusion

The aim of this article is to caution as we press the acceleration pedal for the pace of IOT adoption across industries, to realize the tremendous opportunities of increasing visibility across the processes and extracting intelligence beyond present horizon. Having filtered through the plan & strategy for IOT guided by Decision Intelligence (DI), the teams must first ensure that before Even an “IOTa” of IOT gets implemented™ it must undergo a full review by cyber security experts to in-build and built-around all aspects of cyber protection made available by contemporary cyber technologies, preferably planned and aided by those who have been there and done that.

Notes:

1.      The views expressed are personal and do not reflect that of any organization or positions held by me anywhere.

2.      Image of fishpond is from the same report by Washington Post quoted in the article.