Tag Archives: IoT

The Face of Cyber Security

Conceptual image of a closed padlock on a digital field.A New Form of Hacking

The WannaCry malware attack has me thinking about cyber security and my exposure. I have at least one system in my home that is vulnerable to this attack and still needs to be patched. Fortunately it has been turned off for the last few weeks. Aside from my personal exposure, I have been researching efforts to fight and predict attacks. This blog post is dedicated to the security community and the fine work they do to stay in front of attacks like WannaCry.

Spy Vs. Spy

The latest attack was an example of ransomware, which promises to release the hold on a particular computer in return for compensation. In this case the ransom was the equivalent of $300 in bitcoins. The malware spread to computers in Europe and Asia until an analyst known as MalwareTech discovered a kill switch and disabled the attack, at least temporarily. MalwareTech and other analysts are constantly evaluating new threats and disabling them often before they propagate and cause widespread damage.

Vigilante Hacking

With the proliferation of Internet of Things (IoT) devices, hacking has gone beyond traditional computers and spread to unsecured devices. Since IoT devices are by default connected to the internet and come with their own address, they are vulnerable to attack. Hackers attempt (and sometimes succeed) to control a device through security holes. To combat this, applications such as Mirai were designed to act like malware but actually close security holes, at least temporarily. Technically, since the virus is spread without prior notification, it is still an example of hacking and therefore illegal. This is an example of “white hat” hackers versus “black hat.”

Predictive Cyber Security

I have written before about predictive analysis in conjunction with machine learning and AI. Using advanced algorithms, researchers are developing applications that can predict attacks based on patterns and previous system activity. With this information they can sometimes stop an attack before it breaches an organization’s defenses. Ideally this would stop every attack before it starts, but the algorithms are imperfect. With experience, these programs should combat most threats in the future.

Thoughts

Cyber security is complicated and as quickly as analysts spot vulnerabilities, hackers are there to exploit those holes. There is a need for trained security analysts to build and maintain defenses in our automated world. It is hard to turn over control to robots and automated manufacturing systems and self-driving cars when a security breach could leave us helpless. Certified security experts are needed to watch over our increasingly sophisticated computing ecosystem, as the recent attacks have shown. Do you think your organization is doing all it can to protect itself? Let me know your thoughts.

Author Kelly BrownAbout Kelly Brown

Kelly Brown is an IT professional and assistant professor of practice for the UO Applied Information Management Master’s Degree Program. He writes about IT and business topics that keep him up at night.

Powering the Internet of Things with Clean Energy

Image of the planet imbedded with an electrical socket and a cord plugged into it.Internet of Things (IoT) continues to grow as emerging technologies and devices are constantly being developed and added to the internet. I’ve looked at how information produced by IoT is communicated and considered how to process the data. But what powers all those devices and sensors? In some situations, such as agricultural technologies, extension cords are out of the question as is regularly changing batteries. In response, researchers are working to harvest energy to power these devices.

Mechanical Energy

A 2015 IEEE article highlighted three promising areas for harvesting energy—mechanical energy, heat, and electromagnetic emissions. In terms of mechanical energy, they highlighted a small conformable piezoelectric device developed at the University of Illinois to power a pacemaker from a heartbeat. The heart’s own contractions would power a device that helps keep itself beating regularly. This would eliminate the need to surgically replace batteries.

The article also highlighted a small device that harvests energy from the vibration of trains, created by Perpetuum. The harvester is installed near the wheels and captures energy from the travel motion to power sensors that can monitor wheel bearings and wheel travel on the rail. This is in production now and helps to prevent rail accidents by detecting problems early. The harvester has a 100 year life expectancy.

Heat

South Korea’s KAIST university has developed a thermoelectric generator that is embedded in glass fabric and generates power from body heat. This could power wearable devices or be embedded in the device itself, thus providing its own power source.

Here is what I am thinking: what if we can print these thermoelectric materials on our 3-D printers and create our own generators? I may be on to something. I probably create enough heat while riding my bicycle to power my smart phone and computer.

Electromagnetic Emissions

In Ayn Rand’s 1957 novel “Atlas Shrugged,” the hero invented a method for harvesting electrostatic energy from the atmosphere and eventually powered a small village. I suspect that we have been thinking about it even longer than that, but our efforts are still in their infancy. Researchers at the University of Waterloo have been working to improve collection antennas and hope to be able to capture emissions on a large scale. They are working on materials to more efficiently capture energy.

Thoughts

It is an exciting time for research in this area with breakthroughs in physics, material science, and microelectronics all converging on the singular problem of how to replace fossil fuels with clean energy capture. We have a lot of new devices coming that will need to be powered, hopefully with a sustainable energy source. Are we close to solving this mystery? Let me know your thoughts.

Author Kelly BrownAbout Kelly Brown

Kelly Brown is an IT professional and assistant professor of practice for the UO Applied Information Management Master’s Degree Program. He writes about IT and business topics that keep him up at night.

The Risk and Security of Connected Healthcare Devices

Photo of a pile of pills and medical devices.A recent Forrester Research report highlighted the security risks of connected healthcare devices and some of the implications of lax policies of manufacturers and care providers. This brings to mind for me all kinds of doomsday scenarios so I want to highlight some of the best practices in the report. These apply to the healthcare industry and other businesses.

Internet of Things

Part of the allure of the internet of things (IoT) is that many devices can be connected, including medical devices. In a recent article, author Yash Mehta highlighted some connected and potentially connected devices. On the list are monitoring devices which allow patients to be at home instead of a hospital. He also mentions companies that are developing edible IoT “smart” pills that will help monitor health issues and medication. This is an area where I would want the tightest security.

Steps for Security Planning

Start from the inside when thinking about security. Is everyone in your organization following best practices? Are you requiring passwords be changed regularly? Is everyone following this requirement or have they developed a workaround? Are there any shared accounts with a shared password? One of the biggest security holes has to do with social engineering. A hacker will pretend to be someone trustworthy to secure passwords or entrance into secure systems, then launch a widespread attack. Make sure everyone in your organization is educated and prepared for such an attempt.

Verify that the new devices have security built in from the manufacturer. This applies to health care IoT and other connected devices. It is hard to build security with no foundation. Push manufacturers to install a minimum level of threat protection in every device.

It is necessary to separate device information from actual customer details. In the case of health care, that means storing data collected from the connected device in a separate data structure than the patient data. In a retail establishment this means storing credit card information away from personally identifiable information such as customer name and address. The two can be linked via a separate ID but it should be difficult for a hacker to connect the two sources of information.

Thoughts

It is exciting to think of all of the possibilities with IoT devices but it is sobering to contemplate the security risks. All of us must consider and mitigate the risks, either as consumers or as part of an IT team building the tightest security possible. IoT devices are coming. Are you ready?

Author Kelly BrownAbout Kelly Brown

Kelly Brown is an IT professional and assistant professor of practice for the UO Applied Information Management Master’s Degree Program. He writes about IT and business topics that keep him up at night.

Internet of Things: How Will They Communicate?

Smart home concept sketchI have talked before about the coming Internet of Things and the changes it will bring. The Internet of Things or IoT is a term coined by Cisco to describe the interconnected nature of devices that are linked to each other and to the Internet or an intranet. Imagine a future where your car communicates with your refrigerator and your oven and your home heating, security, and entertainment systems. On your way home from work your car automatically detects your intended destination and communicates with your refrigerator to release your dinner to the oven. By the time you arrive home the lights are on, your security system has unlocked the door, and dinner is on the table, with soft music playing to soothe you after your hectic day. This is all well and good but it will require a lot of work in the background to embed all of these things with devices and to build the infrastructure to be able to connect everything. This is no trivial task and provides opportunities for both entrepreneurial and tech minds.

IPv4 vs. IPv6

If you think about how many items are produced every day worldwide and then consider that if even a small portion of those items are connected to the Internet you realize that adds up to a lot of unique Internet identifiers or addresses. In the early days of the Internet, a system was developed which provided for unique Internet protocol or IP addresses for every computer. Currently, version 4 or IPv4 allows for a maximum of 232 or 2.4 trillion addresses. IANA, the world body assigned to distribute those addresses, reported that the last block had been given out in February 2011 and the remaining addresses are now in the hands of five regional distributors.

Internet Protocol version 6 (IPv6) allows for a maximum of 2128 unique addresses. In theory, it should be enough to cover all computers, tablets, smart devices, and “things” for the foreseeable future. Even though IPv6 was introduced in 1995, it is not yet widely used because of the complexity of conversion and the manpower needed for the task. This provides a huge opportunity for  individuals who understand the conversion process and implementation procedures of the new addressing scheme. However, much work needs to be done, and it is not just a matter of flipping a switch.

Embedded devices

There are ample opportunities for entrepreneurs who can not only come up with a way to embed devices in everyday things but also those who can develop the interconnection between devices and who can do a deep dive in to the data to create meaning. There are three important steps that need to take place to make the Internet of Things a reality:

  1. Devices need to collect various data points such as a manufacturing process or a patient status or the geospatial position of a package.
  2. Those data points need to be collected, probably in the cloud, and/or shared with other devices, smart or otherwise.
  3. The collected data needs to be analyzed to affect improvements to the whole cycle. Without this deep analysis, the data will be useless to decision makers.

In all three of these areas, I see opportunities for enterprising minds that already have these skills or are willing to develop them to be out in front of the Internet of Things.

Thoughts

Do you have ideas for everyday things that you wish could communicate, such as your car keys when they are lost, or your car in the mall parking lot during the Christmas shopping season? Some of these are already becoming a reality. It’s your turn to develop the next connected device or help develop the back end infrastructure that will collect and process all of the new data points to improve our work and our lives.

About Kelly BrownAuthor Kelly Brown

Kelly Brown is an IT professional, adjunct faculty for the University of Oregon, and academic director of the UO Applied Information Management Master’s Degree Program . He writes about IT and business topics that keep him up at night.