Although the Internet of Things can bring enormous benefits to society as a whole, the path of progress is never smooth and there can be a dark side; as demonstrated recently by the Mirai attack on major US websites hijacking the IoT.
I have often expounded on the benefits that the Internet of Things can bring to society and how the IoT can provide answers to some of the most pressing problems we are facing today; be it overuse of global resources, natural disaster control or even the pressing issue of wildlife extinction. Therefore this attack - and our response - is of incredible importance.
The IoT is one of the greatest – if not the greatest - integration project in the history of the mankind. Sometimes we forget how far we have come and how embedded the IoT is in our daily lives.
One down-to-earth example is that every day the combination and integration of thousands of data sources makes our travel easier. Mobile data sources such as cars provide precise weather forecasts to airports, airlines and the individual traveler. They send instant notification of delays and travel alternatives to any mobile device, offer more knowledge about suitable places to eat, shop, sleep, visit, events than a traditional travel agent ever has – all at your fingertips and all personalized.
They can send real-time alerts to travelers known to be in a particular area if a natural disaster or political unrest is occurring. The list is endless and the services available increase daily as new, innovative IoT business models are brought to market. Remember travel planning just ten years ago?
The benefits of IoT, from just plain convenience to addressing game-changing global issues, all depend on digital sensors or chips. It was just these everyday devices that were hijacked in the recent Internet attacks. Possibly hundreds of thousands of TV boxes, DVRs, CCTV cameras, possibly fridges too, were infiltrated to form Mirai’s botnet and used to launch what are called DDos attacks.
What was unusual about this attack is that it was IoT devices that were infected and not PCs or laptops. The level of security on these devices is minimal to non-existent and they are easy targets for the botnets of the future.
Most devices still use the factory-installed usernames and passwords and this is what makes them so vulnerable. Although, after the initial Mirai panic, the scale of the attack and the number of possible target devices was talked down, it was still a huge wake-up call for the IT industry. One company, Xiongmai, (and I am not singling this company out, this is an industry issue) is already taking steps to ensure a more secure future.
There are also calls for international legislation, with Europe hopefully taking the lead. The Mirai attack also highlights an issue I raised in a previous blog. How do organizations design a digital sensor for the as-yet-unknown software upgrades, specifically security upgrades, of the future? Does the regular Microsoft or Apple security upgrade process need to be extended to all devices? And who pays?
As I said: “If someone pays €300 for a dumb water pump today how much will they pay for a smart pump tomorrow? What pricing model will support the further development of software that will be used on the pump? What pricing model will pay for the data connectivity over the life cycle of the pump? Will the pump be given away for free and a subscription payment model for the added services introduced”?
Add to that, what happens if the water pump company goes bankrupt and the existing devices become ever more vulnerable over time?
I am not picking on water pumps, by the way, and none have been implicated in the recent attacks -but they are an example of the mundane being used for malicious purposes.
I would just like to highlight the complexity of the new digital age we are entering and how industry, manufacturers and governments all have a part to play in realizing the immense benefits of the Internet of Things. There are many steps we can take such as putting analytics on the IoT edge reducing dependency on cloud availability and some protection from future attacks. Every contribution helps.
There is no turning back. The benefits to mankind are too great. But we must all be aware of the dark side.
What are your thoughts and comments?