IOT Security Risks Begin With Supply Chains
The explosion of network-enabled devices embodied in the Internet of Things (IoT) promises amazing advances in convenience, efficiency and even security. But every promising new device generates new seams and potential opportunities for hackers to worm their way into networks and exploit network weaknesses.
Figuring out which IoT devices are safe – and which aren’t – and how to safely leverage the promise of that technology will require looking beyond traditional supply chain and organizational boundaries and developing new ways to approve, monitor and review products that until recently weren’t even on the radar of information security officials.
Conventional product definitions have fundamentally changed, said Dean Souleles, chief technology officer at the National Counterintelligence & Security Center, part of the Office of the Director of National Intelligence. To illustrate his point, he held up a light bulb during the recent Institute for Critical Infrastructure Technology Forum, noting that looks can be deceiving.
“This is not a light bulb,” he said. “It does produce light – it has an LED in it. But what controls the LED is a microcircuit at the base.” That microcircuit is controlled by software code that can be accessed and executed, via a local WiFi network, by another device. In the wrong hands – and without the proper controls –that light bulb becomes a medium through which bad actors can access and exploit a network and any system or device connected to it. Read more…