The Bleeding Edge: The Dog Days of IoT

Journal Volume 6
Author: Dustin Brewer, Senior Director, Emerging Technology and Innovation, ISACA
Date Published: 30 October 2020
Related: ITAF, 4th Edition | Digital | Japanese

When humans first domesticated wolves, the implications of the symbiotic relationships could not have been foreseen. We (humans) were slowly able to somewhat let down our guards while sleeping with our trusty companions on guard and place some of our hunting burdens on our furry friends. Because of these new dynamics, our ancestors were able to attain more restful sleep and find food in an expedited fashion and in more quantity, aiding brain development. This helped humanity free up time to focus on other tasks. Fast-forward 10 to 30 thousand years: Our lazy, lovable companions have somehow flipped the script on us. Now, we protect and feed them for the most part. But how do we continue to sleep at night without worrying about threats? What new wild creature have we domesticated to track and find our food and make sure it is safe to eat? The wily electron in his natural habitat flying through a microprocessor in the form of an Internet of Things (IoT) device, of course!

You Can Teach Old Devices New Tricks

Okay, IoT devices cannot really hunt for us or find us food...yet. But, we do utilize IoT devices for everything from modern alarm systems to supply chains and medical diagnostics. However, seeing how the industry has had a hard time agreeing on a definition of IoT, I will provide a basic one for this article: An IoT device consists of a microprocessor, sensors and actuators that have network connectivity with a specific function. These devices come in the form of wearables, smart home controllers, medical monitoring devices and everything in between. IoT changed the way we interact with our physical world and monitor ourselves and our surroundings. Home automation and voice recognition provided by IoT devices are changing the way we interact with technology. In a given moment, we might look around in amazement at the great many people talking to (and sometimes screaming at) their devices. The change in user input techniques is rapidly evolving and preferences are shifting to hands-free/voice recognition input. We can attribute this change in large part to machine learning (ML) and artificial intelligence (AI) algorithms that can map our vocal patterns and change them into digital results; however, it is IoT that provides access to this functionality.

Although IoT is still an emerging technology, the tech behind the tech is relatively simple. Manufacturers sometimes use old hardware and software to run these devices, and that can be a cause for concern.

Biting the Hand That Feeds

This leads us to the inevitable discussion of IoT security, or lack thereof. Adding a device to a production network (or your home network) on which you do not have administrative rights, which may contain outdated or end-of-life (EOL) hardware and software, and that is talking to unvetted servers is concerning, to say the least. Extra care and possible attestation should be applied to these devices and their back-end servers before implementation. Our old friend, defense in depth (DiD), should be applied where applicable with IoT implementations. Physical and proximal access also need to be attended to since IoT devices have some form of local connectivity utilizing bluetooth, WiFi, or other forms of low power communications.

Privacy and data protection are also concerns for IoT. Depending on the functionality, IoT devices are continuously monitoring and sending data back to some server somewhere. Special care should be taken with these communications. Even if the back-end servers and manufactures are trustworthy, outdated libraries and protocols could lead to data leakage and privacy violations.

“Cognitive offloading” is a term used to describe the ability humans have to rely on external things to relieve our brains from having to process and remember everything all the time.1 This can be adaptive as, in the example of the domestication of dogs, it can free our cognitive capabilities up for more demanding tasks and processes. The new external “things” we are offloading are on devices, most of them on the Internet. They set our thermostats in our houses, detect health issues early on, and can allow us to automate and perform job functionalities remotely. However, these changes may also contribute to complacency and loss of confidence, two outcomes that are detrimental to cybersecurity and probably not great for the human brain either.

Every IoT Device Has Its Day

Regardless of the security concerns with IoT devices, they will continue to evolve in an attempt to make our work less tedious, our lives easier and, perhaps, even keep us alive (during the COVID-19 pandemic, wearables with oxygen [O2] sensors could be used to help identify when/if a person needs immediate medical care2). Some projections speculate that by 2022, the IoT market will reach US$561 billion, and that is before the COVID-19 pandemic that is necessitating more automation and remote capabilities in all industries.3

EVEN IF THE BACK-END SERVERS AND MANUFACTURES ARE TRUSTWORTHY, OUTDATED LIBRARIES AND PROTOCOLS COULD LEAD TO DATA LEAKAGE AND PRIVACY VIOLATIONS.

With 5G technology offering faster speeds and better connectivity, lower power components, and improved power supplies, IoT devices will continue to get smaller, faster and more power efficient. This may pave the way for IoT and nanorobotics to meet somewhere in the middle and “gravity assist” each other in innovational milestones. Whatever the future may bring for IoT, we should appreciate the benefits of this emerging technology while remaining vigilant in secure practices.

Endnotes

1 Hu, X.; L. Luo; S. M. Fleming; “A Role for Metamemory in Cognitive Offloading,” Cognition, vol. 193, December 2019, http://www.sciencedirect.com/science/article/pii/S0010027719301854#:~:text=Cognitive%20offloading%20refers%20to%20our,shopping%20lists%20or%20upcoming%20appointments
2 Seshadri, D. R.; E. Davies; E. R. Harlow; J. J. Hsu; S. C. Knighton; T. A. Walker; J. E. Voos; C. K. Drummond; “Wearable Sensors for COVID-19: A Call to Action to Harness Our Digital Infrastructure for Remote Patient Monitoring and Virtual Assessments,” Frontiers in Digital Health, 23 June 2020, http://www.frontiersin.org/articles/10.3389/fdgth.2020.00008/full
3 MarketsandMarkets, Internet of Things (IoT) Market, http://www.marketsandmarkets.com/Market-Reports/internet-of-things-market-573.html#:~:text=%5B162%20Pages%20Report%5D%20MarketsandMarkets%20forecasts,26.9%25%20during%20the%20forecast%20period

Dustin Brewer, CISM, CSX-P, CDPSE, CEH

Is ISACA’s principal futurist, a role in which he explores and produces content for the ISACA® community on the utilization benefits and possible threats to current infrastructure posed by emerging technologies. He has 17 years of experience in the IT field, beginning with networks, programming and hardware specialization. He excelled in cybersecurity while serving in the US military and, later, as an independent contractor and lead developer for defense contract agencies, he specialized in computer networking security, penetration testing, and training for various US Department of Defense (DoD) and commercial entities. Brewer can be reached at futures@v6pu.com.