search.noResults

search.searching

saml.title
dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
More than just a connection Internet of Things


By Ian Ferguson, VP marketing and strategic alliances at Lynx Software Technologies


T


of Thunderball that involves the crime organisation SPECTRE to involve the taking over of important data networks as opposed to stealing nuclear bombs. The result could be significantly messier in terms of financial impact. Nearly four years ago, it was reported that a Casino’s records had been compromised by a hacker accessing the network via a fishtank. This was very impactful for me


he internet of things term was coined by Kevin Ashton in 1999. Some people will (rightly) argue that the benefits of connecting systems started a long time prior to this. The promise of remotely managing systems and gaining quicker (real-time) insight into (and indeed potentially adjusting the functionality of equipment has been the subject of many investor pitches. Of course, the downside of connected systems if they can be accessed with mischief, destruction and extortion in mind. I am a fan of James Bond and I can imagine a remake


www.cieonline.co.uk


as this plus the Mirai attack in late 2016 showed that the attack wasn’t really about messing up the device that was accessed, but more about what that could lead to in terms of finding troves of valuable data or changing the behavior of the device for malicious purposes.


This week’s infiltration of a water treatment plant in Florida is another example. According to this report, a plant operator noticed that someone briefly accessed it. He didn’t find this unusual, because his supervisor remotely accessed the system regularly. Someone noticed a remote actor


take control of the system and direct the software to increase the amount of sodium hydroxide by about 100x of normal levels. It was noticed and much is made about safety protocols working….but the reality is that many times, a system can be compromised and no one notices. As an example, Citrix indicated that an incursion went unnoticed for six months.


What has to happen? 1) Frankly security has to be taken as a priority. No system is impenetrable. If there is a network connection, the company HAS to plan for people to access this with a desired outcome that is not what the system architect originally intended. Prioritise safety and security over time to Prioritise...needing additional workers to read and control machinery is better than a connected system that is prone to attack. Just because it is connected, does not make it a good idea!


2) Get the experts in. If your business is a hospital, you are great at keeping people alive and removing pain and suffering. Focus on that. Bring in people that just focus on IT security


3) Companies must be fined for the installation of substandard rollouts


4) “Don’t just lock the front door” When Microsoft announced its Azure Sphere initiative a few years ago, I was struck with an analogy that was shared. Today, when we leave our house, we lock the front door. In the world of IoT, we needing to be closing and locking every door


inside the house as well as those that connect outside. That way if there is a breach, the entrant only gains access to a subset of the valuable assets. Software and hardware have to partition systems to isolate functions from each other


5) Systems have to realise immediately that they have been compromised. In the case of the water treatment worker, he noticed that a systems’ mouse had been taken over. This has to migrate to the system recognising that something unusual is occurring. I feel this will be one of the use cases for AI to play a role in industrial IoT applications as behavior that is out of the norm for that system can be quickly identified and a user can then be empowered with a decision as to what course of action should be taken (disconnect the system from the network, blocking a specific IP address, disabling certain system functions etc)


6) Plan for being hacked. No system is fullproof. Systems need to continue to raise the bar over time in terms of the level of immunity from attack, but equally, the system must be able to recover to a known, safe state in the event of the system becoming compromised


7) The solution has to be compromised in partnership with software. The hardware OEMs cannot blame the software suppliers and vice versa. The more the software harnesses unable-to-modify, authenticated information in chips and platforms, the harder the task for the external hacker


lynx.com Components in Electronics March 2021 29


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54