Internet of So Much Stuff: Don't wanna be a security id-IoT

IoT is not the same as IT... normal infosec does not pply


Michael Dell, chairman and CEO of Dell Technologies, last month announced a $1bn investment in IoT R&D over the next three years.

What does $1bn buy you in IoT? A new IoT division, to be run by VMware’s CTO Ray O'Farrell, a bunch of new IoT-focussed projects including Project Iris - an under wraps RSA security development - and some collaborations for things like processor accelerators to “increase the velocity of analytics closer to the edge.”

Dell talked a lot about the edge during its event - citing autonomous vehicles, factory automation and drones as examples of how computing is going back to the old distributed model again. In truth, Dell’s happy hunting ground. Nothing new here of course.

There are already plenty of examples from Dell, GE Digital and others showcasing the value of sensors and connected devices in making predictive analytics possible, for improving maintenance and support and keeping industry machines whirring for longer. Everything is connected.

Dell's money comes as Gartner has forecasted that 8.4 billion connected things will be in use worldwide in 2017, up 31 per cent from last year, and will reach 20.4 billion by 2020. Total spending on endpoints and services will reach almost $2 trillion in 2017. This is a huge market for vendors and typically they want to capture market share early – but at what cost to the longer term security of the technology?

Yes, security.

Fear the reaper...

Daily, it seems, we receive reminders of the vulnerability of connecting so many disparate devices – currently around 20 billion, according to Statista. Claims by a number of security firms that the Reaper Botnet is already compromising IoT devices in readiness for an attack on internet hardware and services, are hard to ignore, although as yet unproven. It follows a number of high profile IoT-related security breaches over the past couple of years including the Mirai botnet attack last year and there is clearly concern.

So how much of the $1bn is Dell pumping into security? O'Farrell will not be drawn on specific figures or percentages, saying “security will definitely be a priority area for investment." It would be mad if it wasn’t.

O’Farrell talked up Project Iris, using IoT operational and security analytics to profile devices, while baselining normal behaviour and detecting and alerting on anomalous activities and compromised devices. The aim, according to O’Farrell, is to: “Leverage machine learning and with no requirement to changing the edge devices, Iris can secure large deployments of sensors and actuators.”

Hey, IoT vendors. When a paediatric nurse tells you to fix security, you definitely screwed up

READ MORE

Er, OK, but what about something tangible and cross-industry like IoT security standards?

John Moor, managing director of the IoT Security Foundation - an organisation born out of a Bletchley Park security summit in 2015 - reckons there’s a lot of confusion when it comes to standards in IoT. What we currently have is a lot of “suggestion and solutions, some useful, some not, some bewildering,” he tells The Reg.

You gotta have standards... do you, though? Do you really?

“As we’ve seen the Gold Rush towards IoT, many have made the comparison to the Wild West,” says Moor. “This then usually translates to a call for regulation – but we need to be careful we do not over-compensate. The scale and scope of IoT, together with the basic observation that ‘security is context dependent’ and therefore ‘no universal security solutions exist’– means that ‘IoT security is a wicked challenge’.”

The call for standards is not surprising. We are faced with a barrage of IoT marketing at the moment but it’s surely built on sand. Do we have to rely on vendor-specific ecosystems to get any sort of security ‘guarantee’ or will we ever reach a point at which the marketing actually delivers viable products with recognised security standards?

O’Farrell seems to echo this need for solid standards.

“However, we believe that the true potential of IoT can only be unlocked when IoT is a complete, interdependent ecosystem, one in which connected things, infrastructure, artificial intelligence and machine learning will all come together to make things smarter,” he told The Reg.

Naturally, of course, Dell Technologies is that ecosystem as far as O’Farrell is concerned although GE Digital among others would argue otherwise.

Similar topics


Other stories you might like

  • Dell unveils new XPS 13 devices with Alder Lake CPUs
    Best hedge against a slowing PC market? Take some design tips from Apple

    Dell has pulled the lid off the latest pair of laptops in its XPS 13 line, in the hopes the new designs, refreshed internals, and an unmistakably Apple-like aesthetic of its 2-in-1 approach can give them a boost in a sputtering PC market. 

    Both new machines are total redesigns, which is in line with Dell's plans to revamp its XPS series. Dell users considering an upgrade will want to take note, especially those interested in the XPS 13 2-in-1: There is quite a bit of difference, for both enterprise and consumer folks. 

    The XPS 13 maintains its form factor – for the most part – but gets a new smooth aluminum chassis that makes it look more like a MacBook Air than ever. Not that that's necessarily a bad thing: the new design is reportedly lighter and thinner, too. 

    Continue reading
  • AMD refreshes Ryzen Embedded line with R2000 series
    The target? Thin clients and industrial devices – with new SoC family running up to 4 independent displays

    Embedded World AMD is bringing to market a new generation of Ryzen chips for embedded apps promising more CPU cores, enhanced built-in graphics and expanded I/O connectivity to drive kit such as IoT devices and thin clients.

    Crucially, AMD plans to make the R2000 Series available for up to 10 years, providing OEM customers with a long-lifecycle support roadmap. This is an important aspect for components in embedded systems, which may be operating in situ for longer periods than the typical three to five-year lifecycle of corporate laptops and servers.

    The Ryzen Embedded R2000 Series is AMD's second-generation of mid-range system-on-chip (SoC) processors that combine CPU cores plus Radeon graphics, and target a range of embedded systems such as industrial and robotic hardware, machine vision, IoT and thin client devices. The first, R1000, came out in 2019.

    Continue reading
  • DeadBolt ransomware takes another shot at QNAP storage
    Keep boxes updated and protected to avoid a NAS-ty shock

    QNAP is warning users about another wave of DeadBolt ransomware attacks against its network-attached storage (NAS) devices – and urged customers to update their devices' QTS or QuTS hero operating systems to the latest versions.

    The latest outbreak – detailed in a Friday advisory – is at least the fourth campaign by the DeadBolt gang against the vendor's users this year. According to QNAP officials, this particular run is encrypting files on NAS devices running outdated versions of Linux-based QTS 4.x, which presumably have some sort of exploitable weakness.

    The previous attacks occurred in January, March, and May.

    Continue reading

Biting the hand that feeds IT © 1998–2022