Our machines are vulnerable, and I hope it doesn’t take a cataclysmic event before someone really takes notice. There certainly is no shortage of talk around the topic of device security these days. It’s hard to avoid the subject when talking about the future of connected devices and M2M. But as more events threaten the security of our connected world, I start to truly wonder just how far along we are with efforts for protecting the billions of devices set to come online.
It seems more people these days have a story as it relates to device security. So far, the stories I have heard have been “small” in nature. There have been stories about hackers tapping into digital road signs and changing traffic information to instead display some random message like “Zombies Ahead.” I even heard an obscure story of someone being able to access the Internet connection from a street light. On the surface both instances seem harmless enough, but end up could really have wreaked great havoc on traffic systems.
Of course you now have the news here in Illinois a few weeks back that claimed a foreign hacker tapped into the computer system of a rural water utility right outside Springfield and proceeded to turn a water pump on and off repeatedly until it eventually burned out.
Some are even referencing the “Stuxnet” worm when talking about this latest event. As you recall, Stuxnet was essentially a two-part computer worm that some experts deemed a deliberate attack on PLC (programmable logic controllers) within nuclear research facilities throughout Iran that had some definite damaging effects.
The event in Illinois seems a bit more disturbing to me than, say someone hacking into a road sign, but nevertheless each should be taken seriously and opens our eyes to the fact that devices can indeed be vulnerable.
Naturally this has an effect on the M2M value chain, where device security needs to become one of the top priorities. I think it’s fair to say the industry is taking notice, as evidenced by the fact companies like Intel have invested in brands such as McAfee for the purposes of device security; while other well-known brands in security like Symantec are taking a strong stand on M2M. In fact, we had a good conversation with Symantec’s senior manager, development technology, standards & research at the recent 4G World event in Chicago, where he addressed how protection is imperative in such things as the smart grid.
As we always say, it’s good when big companies get involved in M2M. With regards to device security, I think it’s even more important. When some of the most well-known names in computer security are dropping their hat in the M2M world, it speaks volumes for just how far this industry has come—but more so, how important it is to protect our next generation of devices. Of course, traditional members of the M2M value chain have a strong stake in the device security game as well, and many are doing their part too.
The topic has become a bit more near and dear to me lately, as I have been following the debates in my city around the installation of smart meters. While my city was set to install these meters in our homes this month, that plan has been delayed as the town council seemingly fights a weekly battle with protest groups around such complaints as the meters compromising personal security (among other complaints).
Consumer education is essential. But at the same time, we cannot sweep to the side the legitimate concerns people have around new technology. The news of the water pump hacking here in Illinois obviously made headlines, but I wonder just how much attention it received at the national level. I hope it’s not because some people are afraid this might cause even more protest. The issues are real, and therefore so too must be the solutions. To me, I think it’s important that our nation continue to invest in technology innovation—and that means more device security too.