Illustration: Mengxin Li
Connecting physical infrastructure to the Internet makes systems vulnerable to new security threats. What keeps executives awake at night varies by industry, but cybersecurity problems are worsening everywhere.
Security officers in manufacturing worry about employees inserting infected USB drives into machines, while hospital administrators fear that malware will wipe out an unpatched MRI machine, or that a hacker will direct an infusion pump to administer a lethal dose of medicine.
Josh Corman, chief security officer at PTC, a computer software firm based in Massachusetts, has codified six reasons why security for the Internet of Things (IoT) is different from—and more difficult to tackle than—traditional IT security.
The first is that the consequences of failure are more dire. We’ve raised the stakes by connecting more physical systems and facilities to wireless networks. When cars or infusion pumps are hacked, people can die.
Which brings us to Corman’s second reason that IoT security is a special challenge: The adversaries are unlike any we’ve seen before. No longer are they lone hackers trying to make money or cause mischief. Today’s adversaries are nation states hacking systems in an all-out cyberwar.
Stuxnet, the virus that brought down Iranian centrifuges in 2010, may be the earliest example. Then in August 2017, a Saudi chemical plant was hit by a hack designed to cause an explosion and disrupt petrochemical manufacturing. Experts believe the attack was state sponsored and intended to send a political message.
Two more of Corman’s reasons come from timing and economics. When a firm buys a traditional IT system, it can count on the software company’s support for a set amount of time. Only in the last few months have some chipmakers and software vendors offered 7- and 10-year support for IoT products. Some still don’t provide any specified support contracts, or they limit the term to 2 or 3 years.
In some cases, that’s because the economics don’t yet make sense. A connected product that generates a small profit may require years of updates, patches, and security evaluations. In the future, the cost of goods sold may need to include annual security updates and patches.
Corman’s fifth reason has to do with the scary reality that many connected devices are built with software, hardware, and firmware that are created by different companies and pieced together at the end. It takes only one weak link to create a vulnerability, so if the company that created the telematics system for a car doesn’t update its software, the entire car becomes vulnerable. The IT world has a similar challenge, but through years of working together, manufacturers have agreed on systems to keep everything patched.
Finally, many connected devices live in environments unlike any IT system. In a home, there’s no IT manager to push patches to a connected fridge. And in an industrial setting, patching one machine might cause it to stop working with other equipment on the line. Here, the risk of a hack may seem low compared with the risk of stopping a process that produces hundreds of thousands of dollars of revenue a day.
In the IT world, there’s an entire industry of life-cycle-management software that tracks patches and rolls back buggy software. In the IoT world, we just aren’t there yet.
This article appears in the July 2018 print issue as “6 Ways IoT Is Vulnerable.”