In mid-December, shortly before the end of the year, IBM announced another real sensation: The Watson IoT Center is coming to Munich, and with it around 1,000 new jobs that will be created in the Bavarian capital. That was naturally reason enough for me to (a) accept IBM’s invitation to the 16th floor and (b) do a video interview with Bret Greenstein, who said that the Internet of Things (IoT) is bigger than all of us.
And today, yes, today I ask myself the question: Is that really so? Is the Internet of Things (IoT) really bigger than all of us? And what opportunities and challenges does it offer? An inventory.
Internet Of Things: A Small Review
When Mark Weiser first wrote about the Internet of Things (IoT) in 1991 in his article “The Computer for the 21st Century”, he probably had only a small idea of the possibilities and challenges that IoT would bring. With the current and increasing degree of networking, “things” can be linked to the Internet at will, with all its opportunities and risks.
About eight years later, Kevin Ashton addressed the topic of IoT in the RFID Journal and concluded that the Internet of Things has the potential to change the world, just as the Internet itself has done. Or maybe even a little more.
In April 2010 ETH Zurich dealt extensively with the topic of IoT in the context of the IT spectrum and stated that the Internet of Things stands for a vision “in which the Internet is extended into the real world and many everyday objects become part of the Internet.
Internet of Things with all its possibilities
So the Internet of Things (IoT) is nothing more than a fusion of real existing things with the Internet. That sounds very simple. But are there also the application examples?
Package Tracking And Automated Ink Cartridge Ordering
The simplest example is parcel tracking, which is based on the recording of parcels using barcodes and offers the recipient the possibility of determining the current location of his shipment via the Internet. Or networked printers that are connected to the Internet and automatically order new ink cartridges based on the running out of ink. In both cases, however, human interaction is required, which is not entirely in the sense of an automated Internet-of-things connection.
It only becomes interesting when the physical components can interact with each other via the Internet and make their own decisions on this basis. Just like the office chair, the optimum settings of which are made by the manufacturer himself via the Internet by determining the best possible parameters based on the user characteristics – and automatically.
Connected Cars, Bluetooth Toothbrushes And Industry 4.0
The IoT is also interesting for car manufacturers, as the Connected Car example shows. This makes it possible, for example, to determine the current position using GPS and transfer it via app to the car owner’s smartphone. Or Oral’s Bluetooth toothbrush, which uses a pressure point to determine whether the user brushes his teeth correctly and transfers the result to the corresponding smartphone app.
The IoT is also interesting for industry, which is why the Internet of Things is called Industry 4.0 or M2M (Machine to Machine) in this case. The idea behind it is clear: entire industrial plants are connected to each other via the Internet or network and can exchange their data as required. This allows complete wind turbines to be monitored and the current energy output determined. Or sensors on an assembly line determine the current workload in order to determine the optimum production quantity. And mostly via the cloud, which is an important building block in these scenarios.
IoT And Its Numerous Challenges
With all these possible scenarios, one central question naturally arises: How secure is the Internet of Things anyway? In general one can say: Not really, unless one does something for this security.
With the increasing number of IoT participants (things) including the increasing number of channels (the Internet, but also local channels) and the lack of standards, the risk of compromise also increases. That’s why the same rules of conduct apply to the Internet of Things as those known from the networked world – only a little more complex.
Secure Authentication And Encryption A Must
These include strong authentication and secure web interfaces such as HTTPS. In addition, data must be backed up even more than usual, especially during transport. In any case, this includes tap-proof encryption between devices and mobile apps and between the devices and the cloud. You should also encrypt the software updates of the devices.
Protect Firewalls And Other Security Measures
In addition, all IoT devices should be included in risk management and monitoring. This means, for example, that IoT devices should be treated in the same way as networks and mobile devices. Create an inventory and a segmented network for all IoT devices that is monitored and protected by a firewall. Also ensure the highest possible level of protection for the IoT components. This includes strong passwords and WLAN encryption.
IPS- Or DPI-based Firewall: What Should It Be?
Many traditional firewalls can handle IPS (Intrusion Prevention System), which primarily analyzes the incoming data stream using specific filters and signatures. Conversely, this means that an attacker can only be recognized and fended off if he appears in the pattern database. This means that an IPS-based firewall always fails when a hacker is smarter than the known firewall databases.
Especially in the context of IoT, it is imperative that the enormous data streams that occur are constantly monitored for possible attacks. This applies to all incoming and outgoing data, as data espionage will increase, especially in the field of industrial IoT. This requires more intelligent defense mechanisms such as DPI (Deep Packet Inspection), which go much further than IPS-based firewalls. This means that only the data that may be transmitted is actually allowed through.
With Deep Packet Inspection, incoming and outgoing data streams can be monitored much better and blocked if necessary, as the analysis is context-based. Although this requires much more reliable algorithms and more “precision work” than in the case of IPS, it is also much more effective, which is particularly important in the case of IoT, since enormous amounts of data are sent and received here within a very short time.
In this context, so-called Next Generation Firewalls are often referred to, which do not rely exclusively on sample databases, but analyze the data traffic based on context – and take the right measures if necessary. However, not all firewall appliances on the market keep their promises, since they only analyze and monitor incoming data traffic, but not outgoing data traffic.