- Security TWENTY
- Women in Security
Marco Hogewoning, Senior External Relations Officer, RIPE NCC, offers some predictions for 2019 around the Internet of Things (IoT). First: standardisation will start to safeguard the security of IoT. The RIPE NCC does the allocation and registration of IP addresses in Europe.
The people who run large networks on the Internet are constantly talking with one another – about issues with security and abuse, routing and traffic exchange, and agreeing on policies and best practices. While this spirit is vital to the Internet, it’s strangely absent from the Internet of Things. IoT developers mostly work in isolation from their peers, which means they’re often making the same mistakes and reinventing the wheel. In 2019, the RIPE NCC believes we’ll see much more collaboration between manufacturers on areas such as security, safety and privacy best practices. There are also open communities from the “traditional” Internet industry that have been working on these issues for decades, including the RIPE community, the IETF, IEEE and W3C, which can support companies dealing with the IoT.
Health and safety regulation comes to IoT
When the security of IoT is discussed, it is often through the lens of cyber security. And while having your personal data stolen can be harmful – it’s generally not the physical kind of harm. In 2019, we expect to see a growing focus on health and safety concerns, which are inextricably linked with security when it comes to IoT. Stakeholders know that lives could potentially be at stake if hackers gain control of self-driving cars or robots in factories. Businesses want to keep their employees and consumers safe, so they are already asking for greater clarity on how they can do this. Rather than adopting a ‘wait and see’ approach, companies are increasingly seeking to actively contribute towards smart IoT regulation so they can begin to solve some of these issues.
The year of the big one?
Consumers don’t understand how much data their IoT devices share. They’d probably be surprised to learn how much data their connected TV is sending back to home base, for example. There is a significant risk in 2019, and beyond, that a relatively small number of compromised devices launch an overwhelming denial-of-service attack (DDoS) against other users, or common services such as the DNS. Many IoT devices use common components and software meaning they can be vulnerable to shared faults. This means attack vectors can quickly expand to include new targets once a vulnerability has been uncovered. New devices also unlock alternative and unorthodox routes through which to penetrate networks, such as via a connected fridge. This makes 2019 a watershed year for IoT security – and everyone in the ecosystem is going to need to be very mindful of the challenges ahead.
While the use of IPv6 has slowly been gaining traction since 2012, 2019 might be the year that IPv6 adoption picks up momentum. While the scarcity and rising prices of IPv4 addresses are could contribute to this momentum, the other big reason is simply that large content providers such as Google, Facebook and Netflix use IPv6. This means that anyone deploying IPv6 today will immediately see a large volume of data move over the IPv6 network, even if the number of users connected through IPv6 is still relatively low.
Concerns about Internet security are on the rise – and justifiably so. In 2017, there were roughly 14,000 routing security incidents, according to an estimate by the Internet Society. These events included traffic hijacking, IP squatting and network outages. Routing protocols are constantly at risk of attack; harming individual users or network operators. In 2019, we are likely to see more ISPs using Resource Public Key Infrastructure (RPKI) to improve routing security. RPKI provides a method of securely connecting Internet number resource information (such as IP Addresses) to a trust anchor. A trust anchor is a public key, linked to accompanying information, which can verify the authenticity of a digital signature. By leveraging RPKI, the legitimate holders of number resources can more effectively and securely control the operation of Internet routing protocols, which can, in turn, prevent route hijacking and other attacks.