Cybersecurity involves protecting information systems, their components and contents, and the networks that connect them from intrusions or attacks involving theft, disruption, damage, or other unauthorized or wrongful actions. IoT objects are potentially vulnerable targets for hackers. Economic and other factors may reduce the degree to which such objects are designed with adequate cybersecurity capabilities built in. IoT devices are small, are often built to be disposable, and may have limited capacity for software updates to address vulnerabilities that come to light after deployment..
Access could also be used for destruction, such as by modifying the operation of industrial control systems, as with the Stuxnet malware that caused centrifuges to self-destruct at Iranian nuclear plants. Among other things, Stuxnet showed that smart objects can be hacked even if they are not connected to the Internet. The growth of smart weapons and other connected objects within DOD has led to growing concerns about their vulnerabilities to cyberattack and increasing attempts to prevent and mitigate such attacks, including improved design of IoT objects.
IoT cybersecurity will also likely vary among economic sectors and subsectors, given their different characteristics and requirements. Each sector will have a role in developing cybersecurity best practices, unique to its needs. The federal government has a role in securing federal information systems, as well as assisting with security of nonfederal systems, especially critical infrastructure. Cybersecurity legislation considered in the 114th Congress, while not focusing specifically on the IoT, would address several issues that are potentially relevant to IoT applications, such as information sharing and notification of data breaches.....
Since the days decades ago when some 'bright' people thought that connecting SCADA systems to the internet would be a good idea, right up to the modern connection of IoT devices to the internet, the realisation that there are bad people out there who are happy exploit the inherent weaknesses this brings to all such systems, including often highly robust corporate systems, is a very serious concern. This myopic approach to doing business is extremely short-sighted, leading to potentially catastrophic problems for all such users. The idea that connecting SCADA systems to the internet to save sending out two men in a van to check and adjust a valve would be a great money saver, completely ignores the fact that there is nothing to prevent bad people from taking over the SCADA systems themselves, leading to potentially catastrophic, and horrendously expensive, consequences. Just as, with modern IoT devices, the use of cheaply build IoT devices which do not have the resources to ensure proper security and privacy has led to terrible problems for society. Who realised when they connected simple video surveillance cameras to the internet that somebody would come along with the Mirai virus, and with a mere 125,000 live cameras under their control, create such a devastating impact on society as a whole?
The lax approach to security and privacy of some companies who should know better also beggars belief. A fellow researcher in another EU country decided to carry out some security and privacy research on smart homes recently. He expected it might be a challenge to find information on the subject. In the course of a day, he identified the leading installer of such systems in his region, in which the installer guaranteed the highest level of security for all their installed systems. He also identified all the users of such systems within a 30 minute radius of his office. He also was able to drive by a number of these installations, and from the privacy of his car, was able to connect to every one of these systems, open and close windows and doors, and could have carried out a host of other functions. All within the course of a single day. Worst of all, the 'high security' installations were all mis-configured, offering full access rights to the system, along with a 'highly robust' password of 'password'!! He and his team were alos able to take control of a smart car, which one of the team were driving, in order to take control of the vehicle, accellerating and braking at will. Frightening. However, perhaps not quite as frightening as the researchers who took control of a pacemaker fitted to a dummy. Just imaging the terror you would feel if you had a pacemaker fitted and a hacker took it over, or stopped it!
It is time for society to 'wake up and smell the coffee'. We all need to be a lot more thoughtful of the potential for disaster, and fully think through any new 'money saving' technology. Some bad people will always try to exploit it for their own ends.