Internet of Things (IoT) is Transforming Internet Security

21 April 2014 Internet, IT & e-Discovery Blog Blog
Authors: Peter Vogel

IoT  means “potentially billions of devices will report data about themselves, making it possible to create new applications in areas as diverse as factory optimization, car maintenance, or simply keeping track of your stuff online” as reported in MIT Technology Review.  The IoT allows Internet communications with unique objects using Radio-frequency identification (RFID), QR codes, barcodes, and GPS in cells and tablets.

Computerworld identified the following 6 ways IoT will transform enterprise security:

1. The IoT will create billions of new (insecure) end points. Analyst firms have differing takes on the number of devices or “things” that will connect to the Internet by 2020. Estimates range from Gartner’s 26 billion devices to IDC’s somewhat dystopian projection of 212 billion installed devices. Regardless of which is right, the one thing that is certain is that a lot of IP-enabled devices will one day find a home inside enterprises. Examples include smart heating and lighting systems, intelligent meters, equipment monitoring and maintenance sensors, industrial robots, asset tracking systems, smart retail shelves, plant control systems and personal devices such as smart watches, digital glasses and fitness monitoring products.

2. The IoT will inevitably intersect with the enterprise network. Just as there are no truly standalone industrial control networks and air traffic control networks anymore, there won’t be a truly standalone enterprise network in an IoT world, says Amit Yoran, general manager at RSA and former director of the National Cyber Security Division at the U.S. Department of Homeland Security.

3. The IoT will be a world of heterogeneous, embedded devices. Most “things” in an IoT world will be appliances or devices with applications embedded in the operating system and wrapped tightly around the hardware, said John Pescatore, director of research at the SANS Institute in Bethesda, Md.

4. The IoT will enable physical and physiological damage. While online threats mainly affect data, in an IoT world there will be physical and physiological risks as well, said Michael Sutton, vice president of security research at Zscaler.

5. The IoT will create a new supply chain. In a majority of cases, enterprises will have to either rely on device manufacturers for patching, firmware and operating system support or find a way to support the technologies on their own. Many of the devices that connect to the enterprise network in the not-too-distant future will be from companies that traditional IT security organizations are not familiar with.

6. The IoT will exacerbate the volume, stealth and persistence of online attacks. In theory at least, the threats posed by a completely interconnected world are not very different from the threats faced by most IT organizations today. Many companies are already intimately familiar with the challenges posed by smartphones, tablets and other wireless-enabled devices. What is different with the IoT is the sheer scale and scope of the challenge.

IoT has been discussed since about 1991, particularly with the use of RFID, but as the Internet grows IoT will become more important to security for all business and individuals.

This blog is made available by Foley & Lardner LLP (“Foley” or “the Firm”) for informational purposes only. It is not meant to convey the Firm’s legal position on behalf of any client, nor is it intended to convey specific legal advice. Any opinions expressed in this article do not necessarily reflect the views of Foley & Lardner LLP, its partners, or its clients. Accordingly, do not act upon this information without seeking counsel from a licensed attorney. This blog is not intended to create, and receipt of it does not constitute, an attorney-client relationship. Communicating with Foley through this website by email, blog post, or otherwise, does not create an attorney-client relationship for any legal matter. Therefore, any communication or material you transmit to Foley through this blog, whether by email, blog post or any other manner, will not be treated as confidential or proprietary. The information on this blog is published “AS IS” and is not guaranteed to be complete, accurate, and or up-to-date. Foley makes no representations or warranties of any kind, express or implied, as to the operation or content of the site. Foley expressly disclaims all other guarantees, warranties, conditions and representations of any kind, either express or implied, whether arising under any statute, law, commercial use or otherwise, including implied warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Foley or any of its partners, officers, employees, agents or affiliates be liable, directly or indirectly, under any theory of law (contract, tort, negligence or otherwise), to you or anyone else, for any claims, losses or damages, direct, indirect special, incidental, punitive or consequential, resulting from or occasioned by the creation, use of or reliance on this site (including information and other content) or any third party websites or the information, resources or material accessed through any such websites. In some jurisdictions, the contents of this blog may be considered Attorney Advertising. If applicable, please note that prior results do not guarantee a similar outcome. Photographs are for dramatization purposes only and may include models. Likenesses do not necessarily imply current client, partnership or employee status.

Authors

Related Services

Insights

Bad Holiday Season News! Estimates of an increase of Cyberattacks 20%!
13 December 2019
Internet, IT & e-Discovery Blog
Driving the Future of Automotive Technology
12 December 2019
Manufacturing Industry Advisor
Massachusetts Governor Proposes Facility Fee Ban
12 December 2019
Health Care Law Today
American Rule Prevails; PTO May Not Collect In-House Attorneys' Fees as "Expenses"
12 December 2019
IP Litigation Current
ACCC 46th Annual Meeting & Cancer Center Business Summit
04-05 March 2020
Washington, D.C.
Foley/Deloitte Compliance and Privacy Officer Roundtable
27 February 2020
Boston, MA
Let’s Talk Compliance
24 January 2020
Orlando, FL
New England Alliance Annual Meeting
15-17 January 2020
Woodstock, VT