IoT Noir: Instruments of Death

He does not abide by all the rules, but he does remain steadfast to his core protective principle. He cares about the young lady with the insulin pump who almost died.

There is a dynamic tension between autonomic systems following Self-* principles of design and the proposed IoT management systems which receive aggregated information streams and push control streams to millions of end node devices. Ironically, the introduction of control software into devices itself becomes a potential opportunity for new attacks. Connected device controls can be usurped; streaming of data from the edge to central clouds can be intercepted. Traditional top-down control models will not suffice.  The principle of localization must be used in the development and deployment of global IoT. 

Our gumshoe PI in this cyber Noir tale, as with his famous peers, lives in a ‘steaming city by the shore’. Commercial system models such as Cisco’s Fog computing sit at the shoreline between the sea of devices and the networks and clouds of the interior.  This shoreline forms a local management and control interface to a specific offshore ‘school’ of devices.  It filters and aggregates data shipment upstream to cloud analytics.  It provides a Policy Management Point for events occurring in the device school.  Geoff Brown, CEO Founder of M2Mi, explains another approach to this security landscape:

"Machine to Machine (M2M) interactions in the IoT demand much higher levels of security than previously achieved. M2Mi choose to follow the architecture design of 'highly secure, mission critical infrastructure' often found in the Intelligence Community (IC). Corporate Enterprises and Intelligence Community approaches to security and privacy are vastly different… M2Mi's approach uses powerful security and privacy constructs such as "lockboxes" with whitelists to block all unauthorized communications. Friendly access requires strong verification and validation. This approach hides assets from threats. The security and privacy of Intelligence Community architectures are vastly superior to commercial enterprise approaches in the mission critical infrastructure of IoT ."

Offshore, the device subnets must also behave like a school of fish.  Any individual fish can be eaten, but the school maneuvers to confuse and distract predators – the collective continues.  Security systems must develop swarm algorithms that identify an attack and then themselves launch overwhelming counters.  These systems embody the altruistic traits of social systems, but the collective behavior of African bee hives swarming on a predator. Security Clouds will be created; ready to react to notifications from analytic clouds which identify the existence and source of an attack.  These counter-attack clouds will launch blocking swarm agents on the attacker.  I expect that even botnets will be used as friendly security antibodies. Built into devices and systems as they are distributed, they wait for an Operations command to launch counter strikes against security attacks.

Confronting the Guilty

Our gumshoe PI is not a pretty guy. He does not abide by all the rules, but he does remain steadfast to his core protective principle. He cares about the young lady with the insulin pump who almost died. Sweat is needed to find the bad guy.  Violence is a tool to be used to curb violence.  Yet he lives in a world where authority and order also exist; he packages his findings and provides it to the courts for dispensing justice. 

Unfortunately, his bureau of cyber enforcement and court of justice does not currently exist in our world. There is no agency that effectively enforces international law on cybercrime. Bilateral cyber treaties have no teeth.  These laws and systems need development. This means growing the collaborative consortia where standard’s business gets done today. The ITU has dozens of security standards and guidelines. The web consortia have the Open Web Application Security Project (OWASP). So also security groups exist in the TeleManagement Forum (TMForum) and the Industrial Internet Consortium (IIC). This is a start: security frameworks are scrubbed out but not fleshed out (aka Industrial Internet Reference Architecture.) Test-beds are being proposed and some are being enabled. Alan Sill of the NSF center for Cloud and Autonomic Computing (CAC) is recommending the academic and standards community implement CloudLab for very-large research tests. Yet each of these approaches is a specialist in a finite organization.

So no sharp international court room thrillers are expected in our eReader inbox. Returning to our prediction, these times are getting darker. Storm Clouds are developing. Our Noir cyber tale is still about a gumshoe pounding dirty alleys and this is just the beginning.

[1] This fictional scenario was adapted from [A Review of the Security of Insulin Pump Infusion Systems; J Diabetes Sci Technol. 2011 Nov; 5(6): 1557–1562. Published online 2011 Nov 1] and [Insulin Pumps Vulnerable to Hacking; Published August 04, 2011; Associated Press].

[2] The Internet of Everything (IoE) Value Index. Cisco web site.


Latest Updates

Subscribe to our YouTube Channel