The world is more and more driven by networked computer systems. They dominate almost all aspects of our lives. These systems are connected to the Internet, resulting in a high threat potential. Marc-Oliver Pahl, chairholder of the cybersecurity chair Cyber CNI at IMT Atlantique, talks about what is at stakes when it comes to IoT security.
What is the importance of securing the Internet of things (IoT)?
Marc-Oliver Pahl: Securing the IoT is one of the, or even the most important challenge I see for computer systems at the moment. The IoT is ubiquitous. Most of us interact with it many times every day – only we are not aware of it as it surrounds us in the background. An example is the water supply system that brings drinking water to our houses. Other examples are the electricity grid, transportation, finance, or health care. The list is long. My examples are critical to our society. They are so-called "critical infrastructures". If the IoT is not sufficiently protected, critical things can happen, such as water or power outages, or even worse, manipulated processes leading to bacteria in the water, faulty products that cause safety risks such as cars, and many more.
This strong need for security, combined with the fact that IoT devices are often not sufficiently secured, and at the same time connected to the Internet with all its threat potential, illustrates the importance of the subject. The sheer number of devices, with 41.6 billion of connected IoT devices expected by 2025, shows the urgent need for action: the IoT needs the highest security standards possible to protect our society.
Why are IoT networks so vulnerable?
MOP: I want to focus on two aspects here, the “Internet”, and the “Things”. As the name Internet of Things says, IoT devices are often connected to the Internet. This makes them connected to every single user of the Internet, including bad guys. Through the Internet, the bad guys can comfortably attack an IoT system at the other side of the planet without leaving their sofa. If an attacked IoT system is not sufficiently secured, attackers can succeed and compromise the system with potentially severe consequences to security, safety, and privacy.
The term "Thing" implies a broad range of entities and applications. Consequently, IoT systems are heterogeneous. This heterogeneity includes vendors, communication technology, hardware, or software. The IoT is a mash-up of such Things, making the resulting systems complex. Securing the IoT is a big challenge. Together with our partners at the chaire Cyber CNI, in our research we contribute every day to making the IoT more secure. Our upcoming digital PhD school from October 5-9, 2020 is a wonderful opportunity to get more insights.
Read more: « The IoT needs dedicated security – now »
by Pierre-Hervé VAILLANT