Page 61 - FCW, September 15, 2016
P. 61

New Threats and Old Infrastructure
Part of the challenge with IoT security is that it requires strategies and architectures unlike those used to protect other IT and telecom systems. Sure, traditional safeguards such as firewalls are still useful for keeping hackers from accessing IoT data. But the data itself isn’t always the target. Instead, attacks could focus on, say, disabling radiation sensors or deploying airbags at highways speeds.
“That defensive technology of an airbag is now an offensive weapon,” says Cisco’s Hall. “So it’s not just about compromising data. It’s creating serious problems if we don’t do it right.
“It’s not appropriate to just put a firewall in place between your network and everything else and call it a day. You
have to take an integrated, end-to-end approach to threat defense that allows you to protect every level: device, application, network, cloud.”
The Postal Service is among the agencies pondering these challenges.
“Each sensor becomes a point of access to the postal infrastructure that needs to be protected,” Piscioneri says. “Any device connected to the Internet or equipped with
any kind of connectivity is a security risk. This has to be addressed with effective IoT network access polices — users and machines should be identified and verified — and network isolation measures.”
Another challenge is that some IoT devices are not government-owned, but wind up on agency networks anyway — with or without approval. Examples include HVAC
sensors and wearables that employees want to use at work. “Hackers specifically target these potential vulnerabilities
and use them as points of entry for nefarious activities like Media Access Control spoofing,” says ForeScout’s Sann. “This entails changing a computer’s identity to appear as something innocuous such as a printer, while in reality
it is masking a hacker that has gained access to critical information on your network.”
Legacy infrastructure creates yet another challenge because IoT often rides atop it.
“For example, the world’s most widely used real-time OS, VxWorks, was built in the late 1980s,” Sann says. “It’s currently deployed in over 1.5 billion devices, including processors that run our utility grids, nuclear facilities,
the Mars Rover and other areas of our nation’s critical infrastructure. They were built before present-day threats, yet are the foundation on which newer technology systems are built upon.”
One new type of technology could help: software-defined networking (SDN). It has a variety of benefits beyond IoT, which is why it’s poised to be widely used in government and enterprise alike. That foundation creates opportunities to secure IoT systems.
“SDN allows networks to process updates and respond to application needs in real time, informed by the network’s immediate conditions,” says Judson Walker, Brocade systems engineering director, special programs. “As a result, agencies can react more nimbly to difficult-to- predict threats.”
$8.8 billion
Federal spending on IoT in fiscal year 2015, up 20% from $7.4 billion in fiscal year 20141
Source: 1Govini, “The Internet of Things: Sensors & Data Collectors,” 2016

   59   60   61   62   63