Two Solutions Key to Future IoX Security

February 2, 2017

By Ernest Worthman

Executive Editor, Applied Wireless Technology

One thing that anybody seriously involved in the Internet of Everything/Everyone knows is that security will be the hottest topic of this platform. There are many other issues around it, but without resolving the security aspect, the IoX will go nowhere.

There has been a lot of posturing, and some real and practical approaches, but much of this is still being tossed around the traditional who, what and where ring. The who being who is going to pay for it, the what is what types of security will really be required and the where is where along the IoX chain the security will be implemented.

There is a lot of discussion around these issues and there is not a “one size fits all” answer, nor a single point of focus. That means there is a plethora of opportunity for discussing such a deep and wide subject. A couple of salient topics, for example, are embedded devices and machine learning.

Embedded devices are going to be a real challenge. Mainly because many of them will be in the infrastructure or will be mobile. And much of the infrastructure is aging with inadequate security systems to begin with. Pretty much, adding an internet-connected embedded component to a critical network, or infrastructure opens a vector for miscreants to burrow in, especially if the network is poorly secured.

There is an argument for building in security at the design stage with the end application in mind. In other words, embed security, preferably at the hardware layers, of the devices intended to be embedded in these networks.

IoX has grown to include everything from dust motes to sensors to “smart” devices, cities, infrastructures, vehicles and more. Connecting the traditionally “dumb” embedded devices to smart networks is just asking for trouble. The biggest challenge is getting often specialized or specific embedded devices to have a broad range of security capabilities – no easy task – remember Stuxnet, the malicious computer worm, back in 2009? And hackers have come a long way since then.

Because embedded devices are often resource-light, attempting to run traditional antivirus programs on such devices isn’t realistic. Trying to do that will at worst, render it non-functional or make its functionality too slow to be of any real use. In many cases, embedded devices are designed to be optimally efficient, which means minimal processing cycles and low memory resources, making any type of threat scanning all but impossible. And they also often run proprietary or specialized operating systems. With such limited design resources, security is difficult to implement.

In the end, for embedded devices, security is challenging. So other methods are being looked at and one that holds promise is larger and wider scale protection of the mother networks. And the next topic, machine learning is seeing some serious consideration as one solution for the embedded dilemma, especially for already existing IoX embedded devices.

Machine Learning, AI and Internet Security

Machine learning is an interesting concept but rather limited on its own. But add some artificial intelligence (AI) and the game changes. Automation is the magic word. By combining the two, and integrating some deep learning, Big Data analytics and other tricks such as pattern detection, machine learning can become a viable solution for embedded device security because, if implemented properly, it can catch a lot of what is often called zero-day or hour attacks.

Why it can do this is because, and this is only due to the vast computing power available today, it can monitor thousands or more variables and process the vast amounts of data the IoX will produce. This data can now be analyzed and compiled into a variety of statistics, patterns and other recognizable data. Couple this with skilled security architects and the defenses become somewhat formidable.

But there are some challenges. One of which is the limited bandwidth of AI expertise. We are just at the real edge of advanced AI and until that happens, we humans will still be required. Plus, the investment in hardware can be formidable.

Nevertheless, the players one expects are getting on board. Apple, Microsoft, Google, some of the social media companies and mega corporations are starting to dabble in advanced machine learning. No doubt economies of scale will be realized and it will be within the reach of a wider audience, eventually. The question is, will it be as prolific as the promise it shows.

These two topics are a couple of ways the world is trying to sort out the complexities of cybersecurity. There really are no easy, or ubiquitous answers and there likely will never be. But ingenious people continue to develop novel solutions and eventually there should be a decent layer of solutions in place. Assuming of course that, eventually, everyone gets the importance of security.