Compliance Management, Network Security, Privacy

RSA Conference 2015: Prepare for the IoT before it’s too late, Sorebo warns

The law of unintended consequences on the Internet will only get worse with the explosion in the number of connected devices. That's according to Gib Sorebo, chief cyber-security technologist at Leidos, who addressed a session at the RSA conference session, "Managing the Unmanageable: A Risk Model for the Internet of Things."

This is partly due to the sheer number of devices that will be able to connect to the Internet and partly due to the number of these IP devices that will be able to interact with the physical world.

He said that it was imperative that organisations sort out their policies regarding connected devices as soon as possible. “And you need to understand the use cases as well,” Sorebo told SCMagazineUK.com.

One of the side effects of the Internet of Things (IoT) will be an increase in the amount of data collected on individuals, which will lead to privacy concerns. 

“It may be perfectly okay to have thousands or millions of sensors that can gather weather information ­– that may be purely innocuous – but as soon as you say we are going to gather video and sound with those same devices, it becomes a privacy concern,” he said.

As physical devices are given IP addresses, interaction between the cyber-world and the physical world will become normal. 

“Some industries like manufacturing and control systems have been doing it for decades but we are adding these new industries – Amazon wants to do it with drones – so there's a lot of new industries that have not been involved in the cyber-physical world that are now getting more involved,” he said.

There is a danger that people will put too much trust in their IP enabled physical devices, Sorebo warned.

The devices and systems to which they are attached should be built with the assumption that they can – and probably will be – hacked. Physical overrides like the brakes in a car should be able to work independently of the network.

The people who operate complex systems like power stations should understand how it works independently of the applications that have been created to run it. 

“With engineers retiring at rapid rates in utility industries… we won't have people that understand the basics behind it,” he said. “They will know how to enter into a computer program and do this or that, but they may not understand how things are put together and what to do if there's a problem.”

But his is not a counsel of despair. “I don't think it's intractable, but there are always going to be unintended consequences to everything we do.”

One solution is to limit the allowable uses to which devices can be put because one of the causes of unintended consequences is when something created for one purpose is used for another.

Many of the issues faced by the Internet of Things are the same as those faced by the Internet itself.

“It's the same issues we see at the Internet but we are seeing it in the physical world now and I think that is the biggest challenge," he said. "I mean not everything in the IoT is interacting with the world but I think that's the biggest challenge we see with that."

This article originally appeared on SC Magazine UK.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.