The light bulb has become the symbol for an idea. But when ADI’s Doug Gardner sees a light bulb he thinks, “security breach.”
Gardner told attendees at EmTech Asia in Singapore earlier this year that the Smart City and the overall Internet of Things can’t realize their full potential without security that is rearchitected for connected things. (The Analog Garage was a sponsor for EmTech Asia, a MIT Technology Review-hosted event).
Machine-to-machine communication will drive decision-making by intelligent systems, without human intervention. So each node in the system must be secure.
That will be more challenging with connected devices deployed in public buildings and city streets, where hackers can manually tamper with them. In contrast, corporate datacenters are physically out of reach for most cyberthieves. In fact, Verizon just released its annual Data Breach Investigations Report and found that only eight percent of computer hacks last year involved physical attacks such as breaking into a datacenter or stealing a smartphone or laptop.
The potential for those numbers to be far higher for the Internet of Things is a scary prospect, Gardner said. He pointed out that five million lightbulbs are replaced each day. And as municipalities increasingly turn to smart bulbs to manage lighting more economically, each of those bulbs becomes a potential source of vulnerability.
Today’s assigned identity security constructs like public key infrastructure, or PKI, are ill-equipped to manage access for Smart Cities, Gardner said. A security framework for the IoT’s systems of systems must begin at the edge, with identity rooted in the silicon. A so-called hardware root of trust sits below applications, drivers and the real-time operating system, monitoring activity. That puts it in a better position to identify rootkits and spot out-of-character activities.
And for human interaction – such as for maintenance workers replacing lightbulbs – adopting multi-factor authentication that incorporates biometrics will be critical to controlling access.
Multi-factor authentication will be vital for putting a lid on existing cyberattacks by requiring more proof points than simply passwords to gain access to computer networks. According to the Verizon report, 81 percent of the breaches in 2016 leveraged stolen and/or weak passwords.
There are many obstacles on the road to the Smart City that must be cleared before we can realize the vision of cleaner, safer and more efficient municipalities. And the Analog Garage is busy clearing the path in many ways, from developing sensors tailored for Smart City applications to exploring new techniques to keep those sensors powered and secured.
"...with identity rooted in the silicon".
It will be interesting to see how legacy IoT devices can be wrapped in a new security blanket, and co-exist with a new hardware security paradigm. Great blog post....