Symantec Security Lives Inside the Internet of Things

SAN FRANCISCO—Over the by few years, the phrase "Net of Things" or IoT has turned upward more and more in presentations and conversations at the RSA Conference. Security for IoT devices is poor overall, and a hacker who takes over your connected teakettle or dollhouse can leverage that exploit to take control of your network. Just dwelling house devices are just one side of the equation. Brian Witten, Symantec'southward Senior Director for IoT, looks at the whole picture, from smart lightbulbs to connected factories.

RSA 2022 bug art Witten likes to challenge audiences with a simple do. He has each attendee write down a definition for IoT, including specific devices they'd include or exclude. The wildly different answers brand for a lively discussion. His own preferred definition is pretty uncomplicated. An IoT device is anything that has some kind of smart controller and is connected to the Net, excluding actual computers and smartphones. That definition covers a lot of ground.

Symantec Inside?
"1 thing we're doing," explained Witten, "is helping companies build security into their devices. You don't realize it, only Symantec applied science is in ATMs, point-of-sale terminals, even the communication systems used by airports to communicate with planes." He noted that over one.5 billion continued devices rely on Symantec's technology. "Whether y'all believe the total number of IoT devices is v billion or xv billion," he said, "that'southward even so quite a large fraction."

Machine companies are also turning to Symantec, hoping to avoid the embarrassment of having their cars very publicly hacked. "Every day we bet millions of lives on the safe of our vehicles," noted Witten. While a fix is possible, we're in what Witten chosen a window of insecurity. There are enough of cars that have the high-tech connections merely don't yet have whatsoever security. "They've got the bells and whistles, but not the armor," said Witten. Those are going to be on the road long after their successors accept gained protection.

Attack Potential
Medical devices are life-or-decease critical, and sadly open up to attack. MRI machines, drug infusion pumps, and the like simply weren't designed with security in mind. Equally with the car trouble, even if new, secure versions get developed, they won't be deployed until needed. Witten noted that the average MRI motorcar has a working life of eight years.

Witten described a possible multi-prong attack scenario that was downright scary. Film a terror group whose hired hackers managed to devise an exploit affecting a whole generation of a detail type of motorcar. Disabling all such cars during rush 60 minutes could cause (in Witten's estimate) 50,000 accidents. Now motion-picture show the hospitals shut down by a parallel attack. It's all too believable.

Security Seal
"Security done well is transparent," said Witten. "It's an enabler, not an inhibitor. That's part of the reason you don't know that our technology is in so many systems. The problem is, you lot can't tell a secure ATM from a compromised one by looking. Perhaps we demand some kind of security seal of approval."

When IoT device makers are confronted with the need for security, they react in different ways. Some actively reject the idea of spending time and money on security. Some try to tack on security as an afterthought. And some, peradventure the worst, give an illusion of security. "They toss in 1 security component and call the system secure," said Witten. "It's like locking only 1 of the doors to secure your house."

For proper security, the device makers demand to embrace four cornerstone security principles. They must protect the device'due south advice channels, protect the device itself, and provide a path for updates in case security flaws come up. Finally, they demand security analytics built in, and so they tin detect the inevitable failures in the beginning three areas.

"But what about my home network, my connected doorbell, my kid's Internet-aware doll?" you may ask. "That's the IoT I desire protected!" In truth, Symantec is involved in plenty of small-scale, consumer-side devices too. Witten hinted that Symantec will also offer a product to protect those devices congenital without effective security, just couldn't say more than this time. Volition it be a hardware solution like the Bitdefender Box? An enhancement to Symantec Norton Security? When we find out, we'll let yous know.

This article originally appeared on PCMag.com.