In 2016, we saw some cyber attacks that were first threatened by the Internet of Things, including an attack that caused widespread Internet smashing in October. As we enter the new year, security will become a sharp problem for the young Internet of Things industry, and the lack of IoT security experts will make it difficult to keep up with the hackers.
1. Embedded security will be taken seriouslyAlthough embedded security topics often pop up, it is much easier to perfuse the concept verbally than it actually puts security into the hardware. Robert Vamosi, Synopsys' Security Strategy Officer, said: "The situation is changing." “Those devices that are too small to accommodate their own security will undergo an in-depth security analysis starting with firmware testing,†he said. "The software inside the chip is as important as the application that controls it. They all require security and quality testing. Some of the early IoT botnets exploited the flaws and features of the device itself."
2. Checking the network supply chain will become a priorityThird-party software is constantly emerging but often not fully tested. "Some early IoT botnets took advantage of the flaws and features in third-party chips inside the device," Robert Vamosi said. "It will become important to figure out the bill of materials for the software components in each chip, because IoT vendors often want to avoid expensive recalls."
3. Distributed denial of service attacks based on the Internet of Things will still be a problemCurrently, there is still no way to prevent distributed denial of service attacks such as the Mirai botnet that has been implanted in most of the Internet in October. However, if this problem really occurs, Internet users will have different consequences in terms of security and privacy concerns. Todd Inskip, a member of the Advisory Board of the Information Security Conference, said. “In the long run, we may consider the security needs of all Internet-enabled devices, but this is going to be done with its own series of questions: what is the need and who will verify compliance. This may lead to different regions and countries. Conflicts in security considerations," said Inskip. “Under the assumption that all participants are selfish at least initially, the purpose of the Internet design is to be open and resilient. Instead, we will continue to look for individuals, organizations and nation states with malicious intentions.â€
At the same time, companies and individuals can take steps to reduce the power of botnets. According to Trevor Hawthorne, CTO of Wombat Security, people can take three major steps to avoid botnet problems. First, put an end to exposing IoT devices to the open Internet. "This is probably the most important consideration," he said. Second, ensure that IoT devices are constantly updated. Again, change the initial password on all devices.
4. Companies with IoT projects will learn to think like hackersIn 1993, "Saturday Night Live" staged a burlesque, mocking the car industry's strategy of relying solely on alarms and steering wheel locks to protect the car.
"In the 1990s, you no longer need a car to tell the world how rich you are. But you really need a car to tell the world that you are smart." The answer is a Chameleon XLE (Chameleon XLE) car, it looks outside It's worth nothing but the interior is luxuriously decorated and has a super engine under the hood. "A car thief looks at it and then continues to move right and forward" mocking the lines as explained.
Despite being a joke, the "Saturday Night Live" comic tells us to think like a criminal. Cybercriminals and car thieves are often attracted to targets that are valuable but easily accessible. Organizations with IoT devices should not only focus on ensuring product security, but also understand why hackers focus on their products at the outset, and must understand what steps to take to make these devices no longer a target for hackers. .
In the field of technology, many people have been fighting security issues, even though the same basic threats have persisted for decades. “The IoT threat is fundamentally the same kind of threat we've been trying to deal with in the last 20 years: unscrupulous participants (individuals, organizations, and nation states) are trying to disrupt the confidentiality, integrity, and effectiveness of data and services. "Preemptive advantage," said Todd Inskip, a member of the Advisory Board of the Information Security Conference.
However, when it comes to information and services, IoT devices have indeed opened up new areas. “These new devices can handle a variety of information and can affect real life more than previous devices,†says Inskip. “When the IoT device in the production line is disordered, the proportion of the agitated chemicals may be out of balance. When the IoT device in the home is invaded, it is possible to open the door, or the video inside the company may be shared by outsiders. The threat is the same, but the risks can be quite different."
5. Recruiting IoT security talents is still difficultSecurity experts across the technology industry are still in short supply. The Internet of Things industry is no exception, said Todd Inskip, a member of the Advisory Board of the Information Security Conference. “It’s a challenge for all industries to recruit security talent,†said Trevor Hawthorne, CTO of Wombat Security.
“Ample capital and well-known suppliers will be easier in this regard. The problem is that small, cheap products flooding are often produced by offshore manufacturers, and the safety tracking records of these manufacturers are worrying. As we have seen, offshore IoT device manufacturers did not focus on security at the outset, so if they need to recruit talent, it will be difficult."
At the same time, the product safety industry will also make full use of existing security models. "We have seen a new type of security talent emerging - chief product safety officer, and their support staff, product safety officer and product safety engineer. But people in these roles will say they are unique." Insquip said. There are a variety of requirements documents related to these professionals, including the Federal Information Processing Standards 140 of the National Institute of Standards and Technology for Hardware and the common global guidelines for software and systems. Another example is to focus more on software to build a security maturity model.
6. Situational awareness will become a bigger security goalIt can be predicted that hundreds of millions of IoT devices will cover the entire planet in the future, and it is important to track which devices should be placed. "As IoT devices are deployed in IPv4 networks, these organizations should be able to scan or 'see' what IoT devices are deployed in their networks," said Trevor Hawthorne, CTO Security Chief Technology Officer. . “With IPv6, the presence of numerous IPv6 addresses can be difficult to scan to the border. These organizations may need to focus on other models to maintain control over the devices they own and the devices they expose.â€
Kinetic Energy Materials,Friction Kinetic Energy,Gravitational Kinetic Energy,Materials That Absorb Kinetic Energy
Shaanxi Xinlong Metal Electro-mechanical Co., Ltd. , https://www.cnxlalloys.com