By Corey Moss
This is Why People Fear the ‘Internet of Things’
Imagine buying an internet-enabled surveillance camera, network attached storage device, or home automation gizmo, only to find that it secretly and constantly phones home to a vast peer-to-peer (P2P) network run by the Chinese manufacturer of the hardware. Now imagine that the geek gear you bought doesn’t actually let you block this P2P communication without some serious networking expertise or hardware surgery that few users would attempt.
This is the first paragraph of a blog written by Brian Krebs, preeminent expert on security with his KrebsonSecurity: in-depth security news and information reporting on all important security-related incidents. He is my go to many times, and I’d advise yours too when wanting up to date information. You’ll see his reporting on the Equifax breach on the home page, and while I have written on this as well (focused more on the credit agency CEO’s mistake of hiring a music major as its CSO), I would highly recommend seeking out Krebs’ perspectives. He is the expert.
Why do I write this? I have read enough blogs and articles, and watched enough presentations in the AV industry to know that there are people, like Brian Krebs, who are the knowledge-base experts, it’s their bread and butter, they live it. They are not reporting potential oncoming dangers without defining the known situation. There is no conjecture, there is only fact-based reporting.
Who in the AV industry are true knowledge-base experts like Brian Krebs, or others whose careers are based in security research and discussion as well as IoT – that which is at times perceived as a “fear factor” technology in AV?
In April 2016, InfoComm International (now AVIXA) posted on their website Pro AV and the Internet of Things: An InfoComm International White Paper with the following description:
The Internet of Things (IoT) is one of the most talked-about technologies influencing organizations today. But the pro AV industry has a special relationship with the IoT, dating back decades to when network ports started appearing on AV devices and enabling a new paradigm of management, control and insight. Pro AV and the Internet of Things acknowledges the AV industry’s roots in the evolution of the IoT and offers a primer for AV professionals seeking to capitalize on new IoT opportunities going forward.
It goes on to specify contents, as well as acknowledgements to certain individuals involved.
Here are passages from the Executive Summary:
The capabilities provided by the IoT are essentially limited only by the imagination of those applying them. But in order for AV professionals to take advantage of these capabilities, they must understand several networking and data concepts, including IPv6, wireless networking, Power over Ethernet (PoE) and industry standards for capabilities such as video transport, data compression and connectivity, which are key to the flow of information that fuels the IoT. Mastery of these supporting technologies isn’t essential, but AV pros need a basic knowledge of them.
Further, attention to security is imperative. As the number of networked devices increases, so do the security threats that AV deployments face. The encryption of all traffic on an AV network is essential, and AV systems also must be capable of authenticating the identity of authorized users. Many experts see security as the biggest impediment to widespread adoption of IoT technologies. For the AV industry, unlocking the value of the IoT depends on mitigating the risks that it presents.
In the whitepaper after What Does the IoT Mean for Pro AV? comes Challenges Incorporating the IoT in Pro AV and the categories are:
- Distributed Control
- Strategy and Planning
Privacy is discussed as an important consideration for AV professionals concerning IoT deployments, as it of course should be. As it is addressed, part of the problem is that end users may not understand they’re being monitored, how this monitoring takes place or what the information it yields is used for. And that some organizations may want to offer end users some control over how they are tracked or even the choice to opt out of monitoring.
Distributed monitoring and control, while of great benefit, is also presented as a challenge for AV professionals here, as the challenge relates to the exponential number of connected devices. It discussed middleware as the “software glue” that holds an IoT deployment together, linking sensors and applications to ensure effective communications among the different connected devices.
Security, in essence, becomes the show stopper where it states that many of the products being connected to networks as part of the IoT historically have not been manufactured with security in mind. Which is the truth, or worse – refer to the opening paragraph. Where items as stand-alone don’t present the problem, once connected though, that’s where they potentially present the danger – that being the cyberattack.
Where it continues that every party needs to take responsibility, that is true – the integrator and the manufacturer, that is of course if the manufacturer is one that’s known to be reliable in all ways. Take the manufacturers of the products addressed by Brian Krebs, and that’s again where the danger may present itself. Where it states that hackers shouldn’t be able to consider devices in an IoT system as an easy target for attacks, I believe that’s a bit erroneous as a statement, as hackers will consider any point of entry to be viable.
The end statement that users should be aware of the role they play in maintaining “an effective security posture” is certainly true. Where it states that they should receive regular training so they understand an organization’s security policies as well as the kinds of threats they face, that’s of course a matter of business for the organization itself, though the company doing the implementation can certainly advise them of that.
Finally strategy and planning should come in every type of implementation, a no question here. One specification here includes objectives for how data will be used, where command-and-control capabilities of the IoT are considered attractive to many organizations. If a project doesn’t also make use of the data it collects though, according to the objectives, it isn’t delivering its full value.
The power situation, where it addresses PoE, should be self-explanatory.
So where to next? In KPMG: AI, IoT and Robotics Key Drivers of Business Transformation In Next 3 Years it’s stated that The Fourth Industrial Revolution is upon us – that at least according to KPMG‘s 2017 edition of The Changing Landscape of Disruptive Technologies where IoT heads up the three. The following facts are stated in the report: estimates that there will be 20.4 billion things connected to the IoT by 2020 and $1.4 trillion spent on the IoT by 2021, as well as IoT receiving particularly high interest among executives in Asia – namely India, Korea, China, and Japan.
Where’s the fear factor there?
I had a conversation about the recent Almo E4 AV Tour and the AVIXA partnered IoT discussions there, with some revealing results to the conversation. Give it a listen.
To be continued.
Note: Here is the page where you can find the InfoComm IoT whitepaper.
With over 20 years in audio visual integration and IT/computer sales and consulting, Corey Moss is the owner of Convergent AV. Corey writes for the publication and hosts/produces podcasts – The AV Life, Convergent Tech Talk and Making a Marketer. He has written for numerous industry publications about AV, IT, unified communications and collaboration (UCC), cloud and software, IoT, cybersecurity and more. He has also conducted interviews with AV and IT executives and global influencers.