Achieving this Eldorado involving connecting tens of thousands of objects, and addressing the following questions: To guarantee the long-term success of this new ecosystem, how can we protect data security, integrity and confidentiality? And how can we ensure it is not used for malicious purposes? We examine some answers.
After the first two Internet revolutions (the online publication of content pages and then the participative web or web 2.0), the Internet of Things take snot just the Internet, but the whole ecosystem of computers and Big Data, to a new dimension. Up until now, connection to the web has been via a fairly limited number of terminal types: computers, smartphones and tablets. Now, any object with an electronic component has the potential to be connected: fridges, cars, watches, hospital equipment, coffee machines, houses or buildings, etc. This is change on an unprecedented scale.
This glittering array of object will emerge with the ability to change our lives, at all levels, from working more effectively, to consuming less energy, optimizing travel, improving management of health, facilitating daily tasks, etc. In fact, all sectors are likely to be disrupted by the connection of machines and objects to communication networks. The promise of the Internet of Things in terms of services appears unlimited and the third revolution is under way, with no turning back.
This will rapidly transform the web. And will become denser, with previously unimaginable links being created. Whether they are connected to a human or another machine, 50 billion objects are set to be connected to the internet by 2020. All these new connections to the network raise innumerable technological, ethical and security questions.
Machines out of control
But with smart fridges already being hijacked by hackers to send spam, the Internet of Things generates as much anxiety as it does excitement. Excitement firstly because of the benefits promised to consumers: personal assistance, connected and smart homes, autonomous cars, remote healthcare, connected clothes and accessories, the quantified self, etc. But also fear, since anything which is connected is theoretically accessible. And anything which is accessible to hackers can be hijacked for malicious purposes.
Lax security for objects
The question of the security of the Internet of Things poses an immense challenge. While security for the Internet of PCs, servers and Smartphones has been built up using antivirus software, firewalls and encryption, these weapons are unsuitable for a world of objects which are too disparate, too numerous and often lack the computing power required for their own protection. The Internet of Things is overflowing with electronic gadgets designed to provide services to consumers, but whose development has often not focused sufficiently on security issues. Due to a lack of investment, connected things are vulnerable to computer hackers.
And although opportunities in terms of consumer services are infinite, the door is also open to all sorts of malicious actions linked to the hacking of private and confidential data. If a fridge or electricity meter can be transformed into a spam server, it is easy to imagine the potential harm caused by taking over control of a car, a bus, a hospital scanner, a house, etc. Finally, the question of the right to privacy and the protection of hacked data remain paramount. How can we protect ourselves against the hacking of transmitted data for the purpose of unlawful marketing, when our inboxes are already inundated with spam? And how can we ensure that the objects around us will not escape our control and be fraudulently used by third parties at our expense, if only for price discrimination?
Security – three major challenges to tackle
In order to ensure the security of the Internet of Things and improve consumer confidence, industrial companies and service providers must tackle three major challenges.
The first is authentication. “It is vital to be able to ensure that an energy supplier knows that it is my meter sending data, not somebody else’s. Otherwise, hackers will be given an easily accessible way of committing fraud. It is therefore necessary, firstly, for connected objects to use strong authentication before sending or receiving data. That becomes more complex when no human is involved,” says Pirjo Ojala, head of the M2M Product Line within OT’s Solutions Business Unit.
The second challenge is confidentiality. Data sent by a connected object is very varied and can be highly personal. Data concerning health (e.g. heart rate measured by a connected watch, change in weight recorded by scales, sporting performance, etc.), food preferences, driving style, etc. Whatever the subject, this data is and must remain the property of the objects’ owners, unless they agree otherwise.
Pirjo Ojala says, “Whatever the type of information, no-one wants lifestyle or personal data falling into the wrong hands. This data has a value, and its protection must be guaranteed. If we take the example of a connected vehicle, while an owner could look favorably on engine maintenance information being sent to its garage, he could feel very differently about his insurance company having access to information about how he drives, particularly if this is used to increase his insurance premium, judge his driving risk, etc.”
The final challenge is to ensure the integrity of personal data, whether it is stored within a connected object or at the time of its transmission. “When a healthcare player wants to connect highly confidential data, we must ensure that nobody can access or modify it,” adds Pirjo Ojala.
Nothing can stop the Internet of Things
The Internet of Things is in motion. The fears it arouses will no doubt we swept aside by huge industrial investments, the enthusiasm of start-ups inventing innovative solutions, and above all the profits they promise consumers: more effective healthcare, energy savings, home automation, traffic management, etc. Nonetheless, because the Internet of Things opens a network with a whole new dimension and because it may have an impact on the physical world, it is urgent to consider better ways of addressing the question of data security and the whole of the connected ecosystem.