IoT References:
https://www.techrepublic.com/article/how-to-secure-your-iot-devices-from-botnets-and-other-threats/
https://www.peerbits.com/blog/biggest-iot-security-challenges.html
https://www.bankinfosecurity.asia/securing-iot-devices-challenges-a-11138
https://www.sumologic.com/blog/iot-security/
https://news.ihsmarkit.com/press-release/number-connected-iot-devices-will-surge-125-billion-2030-ihs-markit-says
https://cdn.ihs.com/www/pdf/IoT_ebook.pdf
https://go.armis.com/hubfs/Buyers%E2%80%99%20Guide%20to%20IoT%20Security%20-Final.pdf
https://www.techrepublic.com/article/smart-farming-how-iot-robotics-and-ai-are-tackling-one-of-the-biggest-problems-of-the-century/
Video Resources:What is the Internet of Things (IoT) and how can we secure it?
https://www.youtube.com/watch?v=H_X6IP1-NDc
What is the problem with IoT security? - Gary explains
https://www.youtube.com/watch?v=D3yrk4TaIQQ
Classmate 1
The Rise of the Republican Party
The Republican Party was formed due to a split in the Whig Party. The anti-slavery
“Conscience Whigs” split from the pro-slavery “Cotton Whigs”. Some anti-slavery Whigs joined
the American “Know-Nothing” Party, while the remainder joined with independent Democrats
and Free-Soilers to form a new party, the Republicans. The initial members stood for one
principle: the exclusion of slavery from the western territories (Shi, p. 462). Knowing the
Republicans ideology, we will look at how the events leading up to the Kansas-Nebraska Act led
to greater political division that eventually caused the formation of the Republican Party and it’s
rise to the presidency in 1860.
In the 1850’s, America was becoming increasingly divided between those for and against
slavery. The Compromise of 1850 had temporarily appeased both sides by admitting California
as a free state, allowing no slavery restrictions in New Mexico and Utah, paying Texas,
abolishing slave trade but no slavery in the District of Columbia, establishing the Fugitive Slave
Act, and denying congress authority to interfere with interstate slave trade (Shi, p. 457). This
Fugitive Slave Act was highly contested, although very few slaves were returned to the south
under this Act. In fact, it ended up uniting anti-slavery people, more than aiding the South. It was
during this time that Uncle Tom’s Cabin was written, selling more than a million copies
worldwide and detailing the harsh brutality of slavery (Shi, p. 460-461).
In the mid-1850’s, the Kansas-Nebraska Act was passed. The main reason for it was to the
settle the vast territory west of Missouri and Iowa, and to create a transcontinental railroad to
capitalize on Asian markets and goods. New territories brought up questions of whether slavery
would be allowed, with many supporting “popular sovereignty” where voters chose whether they
would have slavery or not. The issue here was that the 1820 Missouri Compromise had said there
would be no new slaver.
2. the American “Know-Nothing” Party, while the remainder
joined with independent Democrats
and Free-Soilers to form a new party, the Republicans. The
initial members stood for one
principle: the exclusion of slavery from the western territories
(Shi, p. 462). Knowing the
Republicans ideology, we will look at how the events leading up
to the Kansas-Nebraska Act led
to greater political division that eventually caused the formation
of the Republican Party and it’s
rise to the presidency in 1860.
In the 1850’s, America was becoming increasingly divided
between those for and against
slavery. The Compromise of 1850 had temporarily appeased
both sides by admitting California
as a free state, allowing no slavery restrictions in New Mexico
and Utah, paying Texas,
abolishing slave trade but no slavery in the District of
Columbia, establishing the Fugitive Slave
Act, and denying congress authority to interfere with interstate
slave trade (Shi, p. 457). This
Fugitive Slave Act was highly contested, although very few
slaves were returned to the south
3. under this Act. In fact, it ended up uniting anti-slavery people,
more than aiding the South. It was
during this time that Uncle Tom’s Cabin was written, selling
more than a million copies
worldwide and detailing the harsh brutality of slavery (Shi, p.
460-461).
In the mid-1850’s, the Kansas-Nebraska Act was passed.
The main reason for it was to the
settle the vast territory west of Missouri and Iowa, and to create
a transcontinental railroad to
capitalize on Asian markets and goods. New territories brought
up questions of whether slavery
would be allowed, with many supporting “popular sovereignty”
where voters chose whether they
would have slavery or not. The issue here was that the 1820
Missouri Compromise had said there
would be no new slavery above the 36th parallel (Shi, p. 462).
In order to past the new Act, they
repealed the Missouri Compromise and pushed the Act through
Congress, passing by outvoting
the anti-slavery Whigs. The dispute over the Kansas-Nebraska
Act, ended up causing the
breakdown of the new Republican party.
One of the first to join the party was a young Illinois
4. congressman, Abraham Lincoln. He
believed the the north must mobilize to stop pro-slavery
southerners or the Union was
endangered (Shi, p.463). Nebraska voted against slavery, but
Kansas became the hotbed of the
Union. Pro-slavery and anti-slavery groups both set up
governments and held elections, voting
opposite of each other on slavery. Violence broke out between
supporters of the groups, and
about 200 people were killed in conflicts that became referred
to as “Bleeding Kansas” (Shi, p.
463). Even members of the Congress broke out into fights, with
Congressman Brooks beating
Senator Sumner with a cane due to a speech he gave (Shi, p.
465).
In 1858, the Republicans selected Abraham Lincoln to run
against Democrat Stephen
Douglas for the Senate. Lincoln did not win, but through a
series of public debates became well
known. The Lincoln-Douglas debates helped Lincoln and his
stand against slavery be well
5. known (Shi, p. 470). With Minnesota and Oregon joining the
Union in 1858 and 1859, and free
states now outnumbered slavery states. By 1860, Democrats
were not united and selected 2
separate Presidential candidates, aiding the Republicans. In
1860, Abraham Lincoln won the
Republican nomination over William Seward, to much
celebration. The nomination of Lincoln
cemented the parties stand against the expansion of slavery. In
the election of 1860, Lincoln won
all 18 free states and none of the slavery states (Shi, p. 474).
Combating pro-slavery supporters attempts to expand
slavery was the primary basis for
formation of the Republican Party. Conflicts leading up to and
during the Kansas-Nebraska Act
set off a chain of events where more people supported stopping
the spread of slavery into new
territories. Despite several politicians efforts for compromise,
the divisions between the groups
strengthened the support for anti-slavery Republicans and
helped Abraham Lincoln get elected
President in 1860.
Shi, David Emory. America: The Essential Learning Edition,
6. 2nd Edition. New York: W.W.
Classmate 2
Benjamin Roberts
Politics of slavery played an important role the westward
expansion. As the United States began
acquiring new territories such as Texas and the Mexican
territories, a majority of the Northern
States wanted to ban slavery in these new territories. This
posed a problem for the Southern
states, as most of them were slave owners. If the new territories
did not allow slavery and began
having voting power within Congress, then the South feared that
the majority would make
slavery illegal throughout the nation, even in the south. The
South did not want to be told what to
do by the North and westward expansion was a problem if they
could not expand slavery as well.
The North also feared the power of the South and if slavery
expanded west then the South’s
power would expand as well. “…Northerners were jealous of the
7. power of the South and did not
want any new states joining the slave-state alliance”(Shi, pg.
451). There was definitely a
struggle for power and disagreements upon slavery were the
biggest debate between and
Northern and Southern states. Although a Civil War would more
than likely occurred without
westward expansion, the expansion did escalate the likelihood
and timing for it to occur. A civil
war was inevitable as a decision had to be made if slavery was
going to be allowed as a nation or
not. The nation could not be split on what was allowed
especially as it was expanding. The
South’s secession occurred partially as a result of the events
that took place during the expansion
and the Civil War began.
Final Research Project - Securing IoT Devices: What are the
Challenges?
Internet security, in general, is a challenge that we have been
dealing with for decades. It is a regular topic of discussion and
concern, but a relatively new segment of internet security is
getting most attention—internet of things (IoT). So why is
internet of things security so important?
The high growth rate of IoT should get the attention of
8. cybersecurity professionals. The rate at which new technology
goes to market is inversely proportional to the amount of
security that gets designed into the product. According to IHS
Markit, “The number of connected IoT devices worldwide will
jump 12 percent on average annually, from nearly 27 billion in
2017 to 125 billion in 2030.”
IoT devices are quite a bit different from other internet-
connected devices such as laptops and servers. They are
designed with a single purpose in mind, usually running
minimal software with minimal resources to serve that purpose.
Adding the capability to run and update security software is
often not taken into consideration.
Due to the lack of security integrated into IoT devices, they
present significant risks that must be addressed. IoT security is
the practice of understanding and mitigating these risks. Let’s
consider the challenges of IoT security and how we can address
them.
Some security practitioners suggest that key IoT security steps
include:
1. Make people aware that there is a threat to security;
2. Design a technical solution to reduce security vulnerabilities;
3. Align the legal and regulatory frameworks; and
4. Develop a workforce with the skills to handle IoT security.
Final Assignment - Project Plan (Deliverables):
1) Address each of the FOURIoT security steps listed above in
terms of IoT devices.
2) Explain in detail, in a step-by-step guide, how to make
people more aware of the problems associated with the use of
IoT devices.
Bottom of Form
Top of Form
Bottom of Form
Personal data breaches and securing IoT devices
· By Damon Culbert (2019)
9. The Internet of Things (IoT) is taking the world by storm as
interconnected devices fill workplaces and homes across the
US. While the intention of these devices is always to make our
lives easier, their ability to connect to the internet turns them
into ticking time bombs, lying in wait until their weaknesses
can be exploited by opportunistic hackers.
Personal data breaches are skyrocketing in America, increasing
by 60% in the last year and by 157 percent since 2015. As our
interconnectivity grows, so do the opportunities that our
technology will be hacked. Since every IoT device is connected
to the internet, each one is vulnerable to external access if not
secured properly. In the rush to manufacture these devices and
get them onto the market, security has been an afterthought
which needs to be urgently addressed if the number of yearly
data breaches is to be tackled.
Not only is the actual security of IoT devices under constant
debate but recent news stories surrounding both the Amazon
Alexa and Google Home products -- central machines to most
home IoT set-ups -- show that even when used properly, the
security implications of these devices can be suspect.
Though many expect IoT to revolutionize our everyday lives,
the potential holes they open up in our security infrastructures
could become an insurmountable problem if not dealt with soon.
Workplace IoT
IoT in the workplace can range from integrated systems such as
air conditioning and security systems to Wi-Fi enabled coffee
machines. But every point of access in a system has potential
for weakness, meaning the more connected devices there are the
harder it is to protect. Many believe that blockchain technology
has the answer for IoT security issues due to its decentralized
nature and the ability to timestamp and identify each connected
device, allowing for more accurate access records and a more
stable network where no central point is vulnerable.
The other key issue with workplace IoT is the necessity of
regular updates to keep all devices secured. In working
10. environments where machines are working 24/7, there is no time
to take machines out of service to complete updates, meaning
identified weaknesses can be left unresolved. This allows
hackers multiple opportunities to exploit the insecurities in an
individual device and gain access to the central network from
there.
Creators of IoT devices will need to address the concerns of
their consumers in order to create products which can be
routinely secured and hold a high base standard of security.
Integrated homes
With an explosion of interconnected devices for the home
comes a unique challenge that consumers are often completely
oblivious to. Some IoT devices have no way to securely store
the Wi-Fi password which connects them, meaning that a hacker
who is able to gain access to this device can find the Wi-Fi
password and exploit the entire network, risking data such as
banking and personal details as well as general internet activity.
It’s unrealistic to expect consumers to use blockchain security
for their washing machines and digital cameras so necessary
security changes are going to have to start with the brands
making the products. Ensuring that safety is properly considered
before marketing any IoT device is the surest way to keep
consumers’ data safe within their own network.
Google Home and Amazon Alexa
While not directly at the mercy of hackers, the recent
revelations that recordings taken by both Amazon’s Alexa and
Google Home devices have been sent to human listeners within
the company raises different privacy concerns. The companies
have assured that the recordings have been shared with human
employees for training and research purposes but as the recent
leak shows, holding personal data on recordings makes it
susceptible to malicious actors online.
Amazon have taken further steps to allow users to control how
Alexa stores their data and have it deleted using voice
commands, making it slightly easier to protect what you say in
your own home. However, many consumers buy these products
11. without thinking of the implications of keeping a device that is
always listening in their home. Companies who produce home
assistant speakers need to be more transparent with how they
use consumer data and take further steps to ensure no sensitive
personal data is kept in recordings to help reduce the number of
data breaches each year.
Trials are set to begin in the UK by Natwest bank where Google
Home users will be able to check their balance with their voice.
As this follows immediately on from the leaked recordings, it
seems there is still little concern for the ways in which we share
our personal data with the devices we use. However, online
security will likely become a much bigger topic in the future as
the number of internet-enabled devices rises.
The Internet of Things is proving that technology continues to
advance at a rapid pace. Although consumers will need to
ensure that security is a high priority in order to protect their
own data and data handled by organizations, the first step must
be taken by manufacturers to ensure these products are created
to high security standard.
Reference: https://betanews.com/2019/08/13/securing-iot-
devices/
What are the Challenges of IoT Security?
IoT has many of the same security challenges that other systems
have. There are, however, some challenges that are unique to
IoT.
1. Embedded Passwords. Embedding passwords in IoT devices
make it easy for remote support technicians to access devices
for troubleshooting and simplifies the installation of multiple
devices. Of course, it also simplifies access to devices for
malicious purposes.
2. Lack of device authentication. Allowing IoT devices access
to the network without authenticating opens the network to
unknown and unauthorized devices. Rogue devices can serve as
an entry point for attacks or even as a source of attacks.
3. Patching and upgrading. Some IoT devices do not provide a
12. simple (or any) means to patch or upgrade software. This results
in many IoT devices with vulnerabilities continuing to be in
use.
4. Physical hardening. Physical access to IoT devices can
introduce risk if those devices are not hardened against physical
attack. Such an attack may not be intended to damage the
device, but rather to extract information. Simply removing a
microSD memory card to read its contents can give an attacker
private data, as well as information such as embedded
passwords that may allow access to other devices.
5. Outdated components. When vulnerabilities are discovered in
hardware or software components of IoT devices, it can be
difficult and expensive for manufacturers or users to update or
replace them. As with patches, this results in many IoT devices
with vulnerabilities continuing to be used.
6. Device monitoring and management. IoT devices do not
always have a unique identifier that facilitates asset tracking,
monitoring, and management. IT personnel do not necessarily
consider IoT devices among the hosts that they monitor and
manage. Asset tracking systems sometimes neglect to include
IoT devices, so they sit on the network without being managed
or monitored.
Most of these issues can be attributed to security being an
afterthought (if a thought at all) in the design and
manufacturing of IoT devices. Even those IoT developers who
consider security in the design process struggle with
implementation. Most IoT devices are limited by minimal
processing power, memory, and data transfer speeds. This is a
necessary evil in order to keep the size and cost of the devices
small. Accordingly, security controls must be implemented to
compensate for these inherent weaknesses.
The first step to implementing security controls is to determine
where those controls are needed. This is another challenge for
protecting IoT devices. Since IoT devices are often not
recognized as network devices, they get overlooked when
inventorying or mapping the network. If you do not know it is
13. there, you cannot protect it.
Fortunately, IoT device manufacturers are beginning to address
these issues, but organizations that are planning or currently
using IoT cannot sit back and wait for that to happen. There are
measures that organizations can take right now to protect their
IoT devices and networks from attacks.Security Requirements
of IoT
Manufacturers and implementers must implement security
practices to mitigate IoT risks. Steps can be taken to better
secure IoT and address known risks.
Security Challenge
Solution
Embedded passwords
Rather than embedding passwords in their products,
manufacturers should require users to create a strong password
during device setup.
Lack of device authentication
Manufacturers should provide a means for their devices to
authenticate to the network. IT personnel should require devices
to authenticate before joining the network.
Patching and upgrading
Manufacturers need to make it easy for devices to be upgraded
or patched. Ideally, this would be an automatic or one-click
14. process.
Physical hardening
IoT devices should be made tamper-proof. Devices should be
monitored to detect time offline and inspected after
unexpectedly dropping offline.
Outdated components
Vulnerable devices should be updated or replaced. This can be
difficult to remedy, especially in environments that have many
IoT devices in remote locations. In those cases, tighter security
controls and more vigilant monitoring should be implemented.
Device monitoring and management
Ensure that all IoT devices are included in asset tracking,
monitoring, and management systems. Manufacturers should
provide a unique identifier for each device.
Clearly, many of these security issues can only be resolved by
the manufacturer. One that organizations’ security, IT, and OT
teams can address is device management. It is up to those
planning and/or implementing the rollout of IoT devices to
ensure that they are accounted for in asset management, systems
monitoring, security monitoring, and incident response systems.
Breaches and Hacks
There are two broad categories of attacks that involve IoT
devices: those in which the IoT devices themselves are the end
target of the attack, and those that use IoT devices to attack
other targets. We have seen both types of attacks used in the
15. real world and by security researchers as a proof of concept.
In October of 2016, an attack against Dyn, a company that
provides DNS services, made much of the internet inaccessible.
Twitter, Spotify, Github, Netflix, The New York Times, Paypal
and other major websites were down for hours.
The attack used the Mirai IoT Botnet, taking control of over
600,000 IoT devices to flood Dyn with traffic in a massive
DDoS attack. The devices seemed to be mostly routers and IP
cameras. IP cameras are frequently targeted IoT devices.
In a scary example of an attack where the IoT device was the
target, the “device” was a car. Fortunately, this was a controlled
demonstration by security researchers Charlie Miller and Chris
Valasek. They demonstrated the attack for Wired writer Andy
Greenberg, who was driving a Jeep Cherokee.
Miller and Valasek, from miles away over a cellular internet
connection, remotely turned on the A/C, radio, and windshield
wipers. That was just the beginning. Next, they caused the Jeep
to slow, remotely rendering the accelerator useless.How to
Secure IoT Systems and Devices
It is clear that IoT attacks can have serious consequences.
Securing IoT systems and devices must be done by both the
manufacturers and the organizations using them. The security
controls that organizations can put in place are similar to the
controls they already use on their network. The key to securing
IoT is to know what IoT devices are on your network and where
16. they are in your network topology. Until you know that, you are
flying blind. You cannot protect what you cannot see.
One way to identify IoT devices on your network is to require
all hosts and devices to authenticate when joining the network.
Devices that fail authentication can then be identified. If they
belong on the network, authentication can then be configured
for that device. If they do not belong on the network, you have
discovered a rogue device.
You can further secure IoT devices by segmenting the network
and dedicating one segment to IoT. This will allow you to
firewall that segment and apply IoT-specific rules. It would also
allow you to quickly block traffic from that segment in the
event that an IoT device is compromised.
Once you have IoT devices authenticated, you can then gain
visibility into their activity using a cloud-native security
monitoring and analytics platform like Sumo Logic. The Sumo
Logic platform helps you make data-driven decisions and reduce
the time to investigate security and operational issues so you
can free up resources for more important activities. For even
greater visibility into security events, integrated threat
intelligence from Crowdstrike is included for up-to-date IOC
data that can be quickly cross-correlated to identify threats in
your environment.
Reference: https://www.sumologic.com/blog/iot-security/