Weaponized Internet of Things

How will cyber wars have an affect on privacy, disinformation, extortion, malware, and propaganda in a world where everything is interconnected?

Businesses love the idea of the Internet of Things (IoT). It opens up new markets while providing more information on customer buying habits. I, however, sit back in my chair and look at the darker side of IoT. How will cyber wars have an affect on privacy, disinformation, extortion, malware, and propaganda in a world where everything is interconnected? Could an individual face physical harm or even death? These are all issues that will need to be dealt with sooner rather than later.

In the complex domain of our current cyberspace there currently stands no international agreement on what constitutes an act of cyber war, yet hundreds of nations leverage the current Internet for political, military, and economic espionage activities. The laws of armed conflict are intended to prevent unnecessary suffering and destruction in war. However, cyber conflict doesn't fit neatly within current laws. These laws generally consist of the United Nations Charter, the North Atlantic Treaty and the Geneva and Hague Conventions, which were created on the basis of traditional warfare. What will the future of warfare look like?

Dawn Meyerriecks, the deputy director of the Central Intelligence Agency’s directorate of science and technology, said “today’s concerns about cyber war don’t address the looming geo-security threats posed by the Internet of Things, the embedding of computers, sensors, and Internet capabilities into more and more physical objects”. Can you imagine how nervous the CIA must be about the problem of smart clothing? The same technology that will allow millions to better monitor and manage their health could easily create security breaches into private networks. Have cyber weapons transformed from laptops and cellphones into smart t-shirts and necklaces?

Worse, these compromised home smart devices provide a mechanism where employees can unknowingly expose their work environment to such cyber attacks. All an employee has to do is use a remote RDP connection, or conceivably simply take an action like checking their smart fridge from their work PC. If a classic drive-by or even a redirect has been installed, the work PC is now compromised (though this is arguably more farfetched). Clearly, as the trend towards smart devices increases, the risk of enterprise exposure increases correspondingly, exponentially.

Some decision-makers believe IoT solutions are one-off solutions requiring expensive customization, leading to concerns regarding cost overruns, scope creep, and implementation delays. Privacy and security concerns are one of the top five challenges for internal stakeholders today. Securing hundreds of thousands or even millions of interconnected smart devices is significantly different from completing these processes for hundreds or thousands of laptops and cellphones, for which there are far more established tools and processes. This serves as further reiteration that the traditional enterprise security approach to blocking entry of attacks solely at the email gateway or firewall won’t work.

The focus should rather be on protecting the users at point of click and providing insight into user actions and attacker targeting. Shifting focus from gateway and firewall like boarder-patrols, networks should utilize the same IoT technology for security. The same way our immune system helps us to defend against foreign viruses, we can install smart devices that self monitor their own behavior, traffic, vulnerabilities and even detect when a neighboring device has been compromised. A swarm-like behavior for our security protocol can provide proactive protection against cyber attacks.

What would be the result of cyber warfare in tomorrow’s Internet? With the threat of cyber attack on an ever-connected world, it is vital that corporations and governments take the proper security measures to prepare for the Internet of Things.