Are warnings by experts about impending IoT security catastrophe stemming from unsecure and unsupported devices becoming a reality? From reading recent cybersecurity related publications, it does appear so.
Recalls May Become The Norm For IoT Devices If Security Doesn’t Improve Significantly[1] is the title of an article that describes a recent cybersecurity breach caused by lax security practices of a Chinese company, Hangzhou Xiongmai, which sells components for surveillance cameras and other gadgets in the U.S. Xiongmai’s IoT devices, the article has it, were part of a large botnet that caused a massive distributed denial of service (DDoS) resulting in major websites such as Twitter, Reddit, CNN, and others, becoming inaccessible to users. The hackers seem to have gained access to Xiongmai’s devices with default user names and passwords. Xiongmai’s recall appears to be the first debacle spurred by IoT devices participating in botnets and it certainly sets a dangerous precedent, especially since it was caused by the desire to sell the IoT devices as cheaply as possible.
Cybersecurity related recalls of connected devices in other industries seem to have been largely triggered by researchers or bug bounty hunters, who target vulnerabilities in products that are difficult for the engineering teams of the product manufacturers to identify. For example, the medical device maker, Abbott, recently voluntarily recalled 465,000 pacemakers[2] to install firmware update for patching a cybersecurity vulnerability in six pacemaker models that Abbott acquired when it completed its purchase of St. Jude Medical. The vulnerability, which could allow an attacker to modify the pacing commands of the devices or cause premature battery depletion, became known due to research by the cybersecurity firm, MedSec Holdings.
The first ever cybersecurity related recall of more than a million passenger vehicles[3] was triggered by two researchers wirelessly taking over the vehicle’s dashboard function, steering, transmission, and braking. The researchers remotely hacked a Jeep through the vehicle’s Harman Kardon radio and the Uconnect infotainment system via the Sprint network; the cellular carrier that connects FCA’s vehicles to the Internet. The recall eventually involved FCA sending USB drives with software updates to the vehicle owners to be installed through the port on their vehicle’s dashboard.
As the connectivity and complexity of products increases, the chances of their vulnerability will also increase, and the product manufacturers must carefully weigh potential product recall costs against the cost of designing for cyber threats. Manufacturers leveraging IoT must design their products with security in mind from the beginning as they do with safety and reliability today.
In the medical device industry, a potential approach for addressing cybersecurity of connected devices casts the cybersecurity risk analysis into a framework that resembles safety risk analysis based on ISO 14971.[4] In the automotive industry, the thinking is to address safety and security in an integrated manner through co-analysis, co-design, verification, validation, and certification.[5] A new analysis approach called Failure Modes, Vulnerabilities, and Effects Analysis (FMVEA) has been developed, combining the analyses of functional failures and malicious attacks and their effects on system dependability. Each system is divided into subsystems and potential failure and threat modes for each element are identified.
It appears that the tools for analyzing the cybersecurity risks could be like those used for dealing with safety risks, although differences exist in terms of time horizons for detecting failure modes and threat modes and resolving them. The security risk needs a more vigilant strategy due to malicious intent that can occur over the entire life of the product, requiring new patches throughout, while unintended or poorly understood use case driven safety risk is likely to diminish with design reuse and improved understanding.
Nevertheless, both safety and security need careful analysis and upfront robust design to minimize the risks. This requires the ability to capture and reuse knowledge about prior failures and threats from earlier and similar versions of the products. CIMdata aims to help industrial companies capture and reuse past knowledge so that they can develop and deliver dependable products, and in that context, one of the areas CIMdata wants to jointly explore with industry is Semantic Technology-based Ontology. Given the growing engineering complexity and the vulnerability of products stemming from the increasing desire for connectivity and autonomous functioning of products, CIMdata believes that the challenge of knowledge capture and reuse must be addressed.
Let me know your thoughts!
Venki