The Need for Better IoT Security

The next wave of technological improvement for consumers, and for retail and industrial applications is expected to be the Internet of Things (IoT). Some early IoT applications have shown promise. Some have created noteworthy problems such as security failures. IoT devices and software are seldom equipped with adequate safeguards that prevent hackers from taking control of the IoT networks in perverse ways.

For example, in October 2016, hackers seized control of 100,000 remote cameras intended for tasks such as baby crib monitoring. The hackers created a botnet from the cameras and used that botnet to conduct a distributed denial of service (DDoS) on commercial sites providing important Internet services. The resulting mayhem caused sites such as Twitter and Netflix to disappear temporarily.

Hackers were able to seize control of the cameras, because the manufacturers left those devices with weak or no intrusion security, and usually with no way to upgrade the camera’s security. Much of today’s IoT security has similar vulnerabilities. Although firms are estimate to have spent $235 billion on IoT applications in 2016, just one-third of them have an IoT security strategy in place.

Senate lawmakers introduced a bill that would set government-wide cybersecurity standards for Internet-connected devices acquired by federal vendors. The bill bans devices that include hidden hard-coded passwords and requires that devices must also be free of any known vulnerabilities. Federal standards are often adopted by the commercial sector, so we can hope for improvements in IoT security if the bill passes. The enactment of the bill could be a big step forward, especially if there are strong motivators for government compliance.

IoT is expected to have billions of wirelessly connected devices. Each local IoT community will consist of clusters of sensors and actuators, communications gear, and computing processor devices. The clusters will have software embedded into them to deliver applications, such as home physical environment management, home security, factory floor management, chemical process control and the like.

The spectrum that IoT communities will use is called millimeter frequency and it will be reliable only over distances of less than a mile. High frequency signals such as 38GHz suffer attenuation increases due to absorption and scattering by oxygen, water vapor, fog and rain. Communicating beyond the local IoT community will be accomplished by fiber optic or lower frequency wireless links. The combination of millimeter frequencies for small cells and high capacity fiber for backhaul will be part of the 5th generation (5G) wireless evolution.

The FCC is carefully identifying “mid-band” spectrum (3.5GHz to 24GHz) that can be allocated for commercial use. When the millimeter band spectrum is allocated, we can expect it to be available for public use – much as the Wi-Fi channels are. Charter, Verizon, AT&T and others are already using mid-band spectrum in technical preparations for their move to 5G.
It is reassuring to see the Senate focused on topics that will improve security. IOT and 5G will be a meaningful economic stimulus. We can hope that security standards enforcement is assigned to a technically savvy agency.