SAN FRANCISCO -- Explosive growth in the number and diversity of devices connected to the Internet demands wholesale changes to the IT security industry, security experts told an audience of IT professionals at the Amphion Forum in San Francisco on Thursday.
“And, with the Industrial Internet and Internet of Things, the numbers are just staggering.”
With the Internet of Things is predicted to swell to some 50 billion connected endpoints by the end of the decade, device makers, corporations, regulators and the security industry need to cooperate to make sure smart devices don’t become prey to hackers and organized cyber crime syndicates, experts said.
“In terms of the threats we face, the problem is set to become far larger,” said James Isaacs, CEO of mobile application security vendor Mocana. “And, with the Industrial Internet and Internet of Things, the numbers are just staggering.”
Invoking Ben Franklin’s famous maxim, Isaacs told the assembled that the technology industry has to “hang together” against cyber criminals and other malicious actors “or we’ll surely hang separately.”
Too often, however, organizations affected by cyber incidents are reluctant to share valuable information that could protect others, Isaacs said.
His words were echoed by other speakers at the Forum, as well. Nitesh Dhanjani, an independent security researcher said that the security industry and device makers have to pay more attention to fundamental security issues like authorization and authentication, especially when the device in question could affect security in the physical world.
In the not-distant future, malicious programs that now scan networks for vulnerable Microsoft Windows machines will search for vulnerable Internet of Things devices like surveillance cameras, lights and other intelligent endpoints. “Botnet herders won’t just have access to the machines in an office, but physical devices that could number in the hundreds of thousands or millions,” he said.
Still, many of the lessons learned fighting PC viruses, worms and cyber attacks translate to the Internet of Things. Speaking Thursday morning, AJ Shipley, the Senior Director of Security Solutions at Wind River, a division of Intel, predicted the convergence of traditional “IT” (information technology) with “OT” (operational technology) more common in traditional industries. Companies will look for ways to adapt to the challenges posed by the Internet of Things in a way that builds on investments and best practices developed during the PC era, he said. “There’s no silver bullet,” Shipley said. “There’s no revolutionary approach to securing the Internet of Things.” Instead, we need to address and augment the security controls that are already in use on corporate networks.