Guest post by LiveWorx Sponsor Device Authority
The value of big data and actionable analytics is impossible to ignore. The manufacturing industry uses it to optimize assembly lines and churn out higher-quality products at a faster rate. The farming industry employs “smart agriculture” technology to increase crop yields and help automate the harvesting process. The financial industry is even using social media sentiment analysis to correlate and predict industry stock prices. There is little doubt that data is the new gold – and good analytics is one of the tools for running a prosperous “gold mine” (although some tools yield better results than others!).
But let’s imagine a real world scenario - You’ve just taken delivery of your $80m yacht, you’re sailing through the Mediterranean Sea, and life feels pretty good. The aforementioned vessel is sophisticated – a plethora of onboard systems link to various satellites and services to utilize real-time data feeds that help get you from Monaco to Greece by way of the fastest, yet smoothest and safest route that the autopilot can calculate (hey, you didn’t pay all that money to drive it yourself, right?). Except you never arrive in Greece, because someone fed your autopilot system bad data that caused it to completely change course and anchor itself just off the coast of “pirates cove”. Good luck.
The above scenario might sound a little farfetched – but this exact attack was demonstrated by a group of UT Austin students that directed bad GPS data to the ships autopilot system to successfully divert the course of a very real yacht, without triggering any onboard alarms.
The yacht's autopilot system, with streams of inbound data that help determine what action it should take, is a metaphor for your IoT deployment, and the boat represents your business. To be clear, there is nothing wrong with the actual data analysis – the analytics engine, and the algorithms that are used to calculate and implement cost-reducing processes (such as predictive machine maintenance) are typically very accurate, but the results are only ever going to be as good as the data that goes in.
Data analytics that deliver actionable insights are a fantastic tool for driving process optimization and increasing operational efficiencies, but if the data that you’re acting on is “bad”, and being fed to you from untrusted sources or devices, then you may just find yourself in “pirates cove”.
Data is the new oil for the digital era, more so for the Internet of Things. The security and privacy of that data is questionable if the device cannot be trusted. IoT applications require verification of the device’s authenticity before taking the critical actions based on the insights received from the analytics engine.
While there are many marketing claims on security, neither the IoT Platform vendors nor the device vendors take the device security responsibility. Essentially, the IoT device is the weakest link in the IoT ecosystem.
Typical IoT deployments see devices communicate with multiple services owned by a number of different stakeholders. In these multi-system deployments, you cannot rely on fragmented authentication mechanisms and protocols to provide a consistent identity assurance. Today, our social media identities are federated – and it needs to be the same for IoT devices. The device trust/authenticity that includes identity, integrity, authorization must be centralized, and continuously evaluated. Every IoT application and service cannot implement this within its own purview, so it should be implemented in a way other delegated security models have done i.e. Cloud IAM, a centralized model.
Device Authority’s device identity centric KeyScaler™ platform addresses these security concerns and requirements with a powerful combination of device authentication and data encryption. Learn more about KeyScaler today: http://info.deviceauthority.com/keyscalerplatform
Contact DeviceAuthority for a demo: email@example.com.
For more great content like this, register for LiveWorx 18, June 17-20, 2018 in Boston!