Last year, researchers told the DerbyCon security conference that thousands of medical devices such as X-ray machines, MRI scanners and infusion pumps for medication were vulnerable to hacking. Inexcusably, many organizations still used the default passwords provided by manufacturers and a number were connected to the internet, posing not only a health risk to patients, but also a means to compromise personal information.
These are just some of the risks associated with the internet of things (IoT), the movement to plug everything from cars to refrigerators into the internet. IoT is one of many tech buzzwords on people’s lips now. It’s part of the so-called Fourth Industrial Revolution — sometimes referred to as industry 4.0 — which world leaders explored in Davos at the start of the year.
The topic will be front and centre again this month at the Annual Meeting of the New Champions. Some 1,500 policy-makers and experts from more than 90 countries will gather to discuss industry 4.0 — and, hopefully, what’s needed to secure it.
The meaning of industry 4.0
If you haven’t heard of industry 4.0, it refers to the fusion of technologies such as cloud computing and big data with IoT and algorithms from machine learning to artificial intelligence that can make decisions on real-world processes; the latter is also known as cyber-physical systems. One focus of industry 4.0 is computerized manufacturing, an evolution of previous industrial revolutions that went from mechanization to mass production to industrial automation and the internet. Industrial robots feeding data to a cloud-based system that makes decisions about production is one example of industry 4.0.
In all the excitement, it’s easy to forget threats like those hackable MRI scanners. But do a Google search for “hospital” and “ransomware” and hundreds of thousands of results will show that healthcare is a growth area — one of many — for cyber-criminals. Similarly, Shodan, a search engine for IoT devices, can quickly and easily allow anyone to search for vulnerabilities in connected devices. That’s why we need to build industry 4.0 with security from the ground up. In other words, security by design — and security that takes a preventive view to stop ransomware and other fast-growing types of attacks before they occur.
A connected aircraft engine as a model of the future
One example of a well conceived industry 4.0 service/product with security built in is a modern aircraft engine. It has thousands of sensors, allowing the manufacturer to detect anomalies and transmit them to the airline for maintenance before the plane lands at the next airport.
It’s worth remembering that cloud services, big data, IoT, blockchain, AI, fintech and all the other buzzwords are possible not only because of the internet but because of security.
Specifically, the internet only became a business tool because businesses felt it was secure enough to use as a transaction means. In fact, it has existed as a platform for scientists to communicate since 1969, but didn’t see exponential growth until around 1995. This was partly due to Tim Berners-Lee’s invention of the world wide web a few years earlier, but an often- overlooked contribution was Taher Elgamal’s creation of secure sockets layer (SSL), the early cryptographic protocol that ensured communications security. SSL turned the information-sharing platform among scientists into an explosively powerful business tool: the internet.
Security by design, not security as an add-on
It’s also worth emphasizing that doing cybersecurity right means more than just doing authentication or privacy/encryption correctly, as is often pointed out in the popular press. In fact, to develop a resilient and secure system, you actually need to do all of the following: verify users are who they claim and that they’re authorized to perform desired actions such as accessing a file; ensure that data is protected and not subject to manipulation; and ensure that any action taken cannot be disowned and that it is always available when required. The challenge for security by design is to incorporate and implement all of these functions in a transparent, integrated and automated fashion.
Industry 4.0, which will yoke everything from machine learning to billions of distributed sensors and self-driving cars, will only be successful through prevention-focused security. To realize its potential, developers need to look at security not as an add-on but as a fundamental design decision. That’s the business enabler of the internet. Without understanding and acting on this fundamental concept, we will limit the opportunities of this truly transformational revolution.