By Leslie Langnau • Managing Editor
The buzz around the Internet of Things (IoT) is, in effect, throwing down the gauntlet to design engineers. With “everything” connecting to the Internet, you must now think about designing defensively when creating connectable devices.
Here’s why. Medical device developer Medtronic created a line of insulin pumps that communicated wirelessly between doctor and patient, delivering the potential benefit of helping to save lives faster and more efficiently, thanks to instant access to data. These pumps hold about 300 units of insulin. The patient’s doctor receives and monitors data on the insulin usage, ensuring that levels are steady and avoiding possible insulin shock.
In October 2011, it was reported in a UK newspaper that McAfee researcher Barnaby Jack, at a Hacker Halted conference, showed how he could hack into that insulin pump and cause it to discharge its entire reservoir of insulin into the unsuspecting patient, which would be fatal.
It wasn’t hard to hack into the pump because it didn’t use any encryption between the doctor and the device’s transmitters. (Since that conference demonstration, Medtronic engineers have been working on fixing this issue.) Obviously, encryption is one solution. And the designers might want to think about preventing the insulin pump from being able to deliver more than one dose per a given time period.
In 2013, it was reported in many newspapers that the wireless communication of former U.S. Vice President Dick Cheney’s pacemaker was disabled because physicians realized someone could hack into it and quietly—and anonymously—assassinate him. Once hacked, the pacemaker could be turned off, forced to deliver lethal electrical shocks, or forced to deliver arrhythmic impulses, and so on.
As recently as a few months ago, it was reported that a smart refrigerator was hacked and turned into a “botnet,” an Internet linked device that can be secretly controlled by others. The hackers can use botnets to, at the most benign, send malicious emails to companies and individuals around the world.
And what potential for mischief is available to the new “driverless” cars being developed, carrying passengers that sit passively in the vehicle while it transports them to their destination? Can’t you just imagine the scenarios that might arise if hackers took over and commanded the cars to do who knows what? (Researchers have proved they can hack into these vehicles.) There better be manual overriding safety protocols and switches for these cars.
The seductive dream of having everything and everyone connected to the Internet and sharing everything could quickly become a nightmare. CEOs and others praise the efficiencies that will come, the new products we will be able to create, the costs we will save, and the better life we will finally have. Often, we hear and read comments such as the following: “We can intervene, remotely, in both catastrophic and chronic health events.” “We can sell analytics and services around Big Data, rather than make stuff, (like machines).” “We can obtain trillions of dollars in increased productivity and profitability. “ By the end of this decade, we could see more than 50 billion “smart” objects connected to the Internet.
But, it should come as no surprise that it will be up to the design engineer to ensure that the wireless medical devices, driverless cars, smart phones, and anything else designed to connect to the Internet cannot be turned into something silent and deadly. Because, as recent news about various automotive companies suggests, the boss may not think about such things until after the lawsuits hit.
Within manufacturing plants, the debate about how to protect all the controls, sensors, and components connected to the Internet from being taken over has been going on for more than 20 years. Many directors and manufacturing executives have not taken the issue of securing access seriously because, “why would anyone want to hack into our plant?” (Such thinking means these devices are some of the easiest opportunities for hackers.)
“Because,” said Jim Toepper, product marketing manager at Moxa in an article we published in our March 2014 issue (The Internet of Things: Game Changer or Reboot?), “the biggest threat is the theft of intellectual property. ICS-Cert (Industrial Control System-Cyber Emergency Response Team), which is dedicated to securing industrial control systems, reports that billions of dollars of intellectual property theft occurred last year alone.”
A report titled APT1 by Mandiant showed that a significant amount of Intellectual Property was stolen from industrial control systems that were network-enabled. In many cases, these attacks downloaded CAD files for specialized patented designs. Once the files were stolen, the product plans were easily copied, allowing imitation products to flood the market and destroy the advantage innovative companies reap from large investments in R&D.
According to IBM’s security division, as reported in a recent issue of TIME, the average American company fielded nearly 17,000 hacker attacks in 2013.
Stealing a company’s intellectual property is not just about gaining a competitive advantage. In some cases it turns to extortion—give us money or we release a bug to destroy your data, or we release information to others (competitors) who will pay for it, and so on. These companies, such as Exodus Intelligence mentioned in the TIME article, sell such bugs. Instead of being viewed as programming mistakes, bugs are more often viewed as the means to gather data from another source, like a competitor.
A serious design issue is—how do we protect those who won’t protect themselves? Customers of home security systems, for example, often do not change the factory default password, which makes it easy for hackers to take over that security system and spy on the homeowner’s every move.
Many users of smartphones, tablets, and laptops resist updating the software, let alone changing their passwords with any frequency. Do engineers need to make these updates automatic, without informing the user?
Engineers have had to “idiot-proof” electro-mechanical devices for years. Protecting users from their unsecured data will be expected too, if for no other reason than to protect engineers and the companies they work for.
Each and every device that connects to the Internet is a node, and is therefore accessible. The next growth industry—and the next skill engineers will need to become proficient in—may well be encryption.
Tips on designing defensively
Some known steps may have to become standard practice in design.
- Design 128-bit encrypted Virtual Private Networks to protect data and manage access to the industrial control network.
- Disable HTTP web access to web servers built into Ethernet attached products, and use HTTPS instead.
- Enable MAC address filtering for each Ethernet switch attached to a network, which ensures that ONLY specific MAC addresses can connect to specific ports on the switch. Unauthorized devices plugged into the switch will not be allowed to communicate.
- Enable 802.1x authentication.
- Before being allowed to communicate past an Ethernet switch, a credential check must be done with an authentication server (RADIUS and TACACS are common types).
- Force customers to alter default passwords.
- Automate software updates.
- Force periodic password changes
Filed Under: Commentaries • insights • Technical thinking, MORE INDUSTRIES