“There is currently no reliable method for IoT system security managers to detect and garner timely, dynamic, valid and comprehensive awareness of all components connected to and/or affecting their infrastructure.”
Michael Cooney in his article, “DHS says IoT security vulnerabilities are critical and need to be addressed.”
The link above provides fascinating reading from a few perspectives. lt outlines the challenges of securing sensor networks, so much so that the US Department of Homeland Security (DHS) has put out a call for “novel ideas and technologies to improve situational awareness and security measures for protecting IoT domains, as well as technologies that will help DHS operational and support components gain comprehensive and near continuous knowledge of IoT components and systems that affect their operations and assets.”
I find this interesting for three reasons:
- As regular readers of PAOSS know, l think OSS are a great platform upon which to build IoT ecosystems
- The same security challenges faced by IoT are faced by OSS, although the DCNs used by OSS tend to be more tightly locked down than highly connected sensor networks
- As we seek to automate trust relationships due to the touchpoint explosion (eg SDN, NFV, IOT), we lncrease our security risk
If OSS are to step up to become the manager of sensor networks, then we also need to find a solution to the problems that DHS has defined.
Is blockchain the silver bullet of automated trust relationships?