background preloader

IoT

Facebook Twitter

Untitled. In my last post, I discussed the need for infosec professionals to reach out to engineering to help bridge the cultural divide and be seen as partners in IoT project success.

untitled

We need to be humble and help them realize how good security practices are as vital as making sure the switches work. Otherwise, their projects eventually will fail. In a follow-up post this week, I’d like to address the fundamental security flaws that are all too common in many IoT implementations. Fundamental Processes to Improve IoT Security As we engage engineering and manufacturing, we can help by educating folks on the fundamental security needs that often are lacking in today’s industrial and consumer IoT technology. We can and must help non-security folks understand some basics, including the need for the following: Use encryption.

Build the device with firmware that can be updated to address security events. Deploy and manage certificates properly. Value security. Uniting for a Better Future. The Internet of Things 2014 [Slideshare]  Responding to her Friday morning alarm, Stacey gets out of bed.

The Internet of Things 2014 [Slideshare] 

Simultaneously, items throughout her house begin preparing for the day. Although it is cloudy outside, the interior is lighted with tones of a beautiful sunrise, per Stacey's personalized lighting scheme. The water heater makes sure the shower will be to her preference. When she enters the bathroom, her motion starts coffee brewing and breakfast cooking in the microwave.

As Stacey eats breakfast, her caloric intake is monitored. Before she leaves, Stacey thinks about dinner. Stacey gets in her car which has already been brought to her ideal interior temperature. When Stacey arrives at work, she glances at her large office display and sees that all plant processes are functioning normally. With the exception of the autonomous car, all the underlying capabilities described above exist today and are part of the Internet of Things. Defining the Internet of Things. PKI's Role(s) in Securing the IoT. It seems you can't go a day without hearing about the Internet of Things (IoT).

PKI's Role(s) in Securing the IoT

While there's no questioning the scale and impact it's going to have on our life as we know it, there is one major outstanding question (okay, more than one, but we'll stick to this one for now) - how are we going to secure this explosion of connected devices and services? Contradictions of Big Data. We’ve been told that Big Data is the greatest thing since sliced bread, and that its major characteristics are massive volumes (so great are they that mainstream relational products and technologies such as Oracle, DB2 and Teradata just can’t hack it), high variety (not only structured data, but also the whole range of digital data), and high velocity (the speed at which data is generated and transmitted).

Contradictions of Big Data

Also, from time to time, much to the chagrin of some Big Data disciples, a whole slew of new identifying Vs are produced, touted and then dismissed (check out my LinkedIn Pulse article on Big Data and the Vs). So, beware. Things in Big Data may not be as they may seem. It’s not about big I have been waging an uphill battle against the nonsensical and unsubstantiated idea that more data is better data, but now this view is getting some additional support, and from some surprising corners. Can we call that ‘strike one’ for Big Data Vs? It’s not about variety Strike two! Last year Thomas C. A Strategist’s Guide to the Internet of Things. Humanity has arrived at a critical threshold in the evolution of computing.

A Strategist’s Guide to the Internet of Things

By 2020, an estimated 50 billion devices around the globe will be connected to the Internet. Perhaps a third of them will be computers, smartphones, tablets, and TVs. The remaining two-thirds will be other kinds of “things”: sensors, actuators, and newly invented intelligent devices that monitor, control, analyze, and optimize our world. This seemingly sudden trend has been decades in the making, but is just now hitting a tipping point. The arrival of the “Internet of Things” (IoT) represents a transformative shift for the economy, similar to the introduction of the PC itself. Hadoop. Foundational IoT Messaging Protocol, MQTT, Becomes International OASIS Standard. BlackBerry, Cisco, IBM, Kaazing, LogMeIn, M2Mi, MachineShop, PTC, Red Hat, Software AG, TIBCO, and Others Ratify Enhanced Version of Widely Adopted IoT Standard 13 November 2014 –The first version of the Message Queuing Telemetry Transport (MQTT) to be advanced within the OASIS open standards process has now been ratified as an international standard.

Foundational IoT Messaging Protocol, MQTT, Becomes International OASIS Standard

MQTT 3.1.1 defines an extremely lightweight publish/subscribe messaging transport protocol. Because it requires significantly less bandwidth and is so easy to implement, MQTT is already broadly used in Machine-to-Machine (M2M) and Internet of Things (IoT) applications where resources such as battery power and bandwidth are at a premium. OASIS’ standardization of MQTT makes the specification more explicit and ubiquitous, enabling almost any networked device, operating system, or programming language to communicate seamlessly and consistently.

"MQTT 3.1.1 allows even more efficient communication between the client and broker," added Cohn. Internet of Things - ThingSpeak. DeviceHive - M2M, Machine-to-Machine Communication Framework. Open Source Framework for the Internet of Things. IoT_public_whitepaper_v1.0.pdf.