In today’s market, segments of the broader IoT ecosystem have been underserved, especially small-to-medium businesses and mid-sized cities. However, this oversight will change over the next several years as these entities seek to embrace the efficiencies and cost reductions that enterprises and government agencies are achieving through IoT implementations.
In addition to their high-priority issues of affordability and seamless IT integration, a key requirement we’ve seen for IoT adoption by SMBs and municipalities is assurances of fail-safe security measures. While current solutions can ensure effective security today, there is a looming long-term threat to security as the IoT ecosystem proliferates – the Domain Naming System registry.
The current DNS registry is used to ensure websites can be accessed simply by typing in their name rather than the series of numbers of the site’s IP address – 220.127.116.11. In a world in which just about any device you can name will have an IP address, however, it’s time for a new registry dedicated to IoT devices.
A stark example of the ineffective security of current DNS protocols in the IoT age was seen recently in the Mirai botnet attack that brought down much of the internet, including CNN, Netflix, Reddit, Twitter, and many other sites.
The main target of the distributed denial of service attack was the servers of Dyn, a company that controls much of the DNS for internet infrastructure. However, unlike other DDoS botnets, which take advantage of computers, Mirai was able to gather strength from IoT devices such as DVR players and IP cameras with little security protection and then throw junk traffic at Dyn’s servers until they could no longer support valid users.
The current DNS registry was never intended for the IoT era, especially as the IoT ecosystem becomes inseparable from fog computing. Fog computing is a new paradigm for analyzing and acting on the most time-sensitive data at the network edge, close to where it is generated instead of sending vast amounts of IoT data to the cloud. It helps machines, on their own, act on IoT data in milliseconds based on human-set policies.
In smart cities, this can mean landscape sensors noting the deluge of a recent rainstorm and shutting off irrigation systems. Or it could mean a connected trash receptacle sending a message to an autonomous trash truck that it should be included in the day’s pick-up schedule. This immediate, machine-to-machine communication can also be a major target for disruption by hackers, especially in mission-critical industries such as energy and transportation.
At a time when cyberattacks can be launched via the most innocuous connection, the industry should focus on building a registry for every single IoT device, ensuring the legitimacy of the device and that the device can be easily monitored to stop and capture perpetrators of an attack.
As every cybersecurity professional knows, any system’s security is only as effective as its weakest link. With disparate organizations implementing IoT systems throughout the world, we face a huge but urgent task to create a new registry of IP addresses for IoT devices.
There are precedents and organizations capable of achieving this type of undertaking. For example, oneM2M, a global initiative to create standards for IoT security and interoperability, might be one answer. Formed in 2012, the body is composed of eight of the world’s top telecommunications and IT standards body and has more than 200 member organizations, including Cisco Systems, General Electric, Intel, MediaTek, and Samsung.
With the assistance of telecommunications services firm iconectiv, oneM2M has already started an App-ID registry for IoT software installations. With its role in enabling mobile phone number portability and maintaining mobile device registries to protect against fraud and theft, it’s not a huge leap to see iconectiv or similar organization, with the support of standards bodies like oneM2M, creating a dedicated IP address registry for IoT devices as well.
Bob Bilbruck is CEO of B2 Group/Directed IoT/Captjur (www.b2groupglobal.com).
Edited by Ken Briodagh