Oct. 27, 2015 —
Q: What is the Internet of Things?
Internet of Things (IoT) is considered to be the physical devices with compute power that are connected to the Internet. These objects can collect and share information, and communicate over the Internet. Experts predict that there will be over 20 billion IoT devices by 2020. A wide range of devices such as Internet-connected electric smart meters, thermostats, smoke detectors, door locks, light switches, security cameras, insulin pumps, cars, and integral components of the power grid and water distribution networks make up the IoT. More precisely, many of the systems just mentioned that deeply integrate computation, communication, and control into physical systems, are often characterized by the term cyber-physical systems (CPS). These are smart systems that have cyber technologies, both hardware and software, and are deeply embedded in and interacting with physical components. Such systems are sensing and changing the state of the real world.
Q: How is cybersecurity relevant to the growing trend of interconnectedness?
The Internet continues to highlight the power of being connected. Without moving, we can immediately access huge amounts of data and discover information and people from far away that spark our imagination. We have seen how the connectedness of the Internet assists people in transforming their lives and their societies. IoT devices will be privy to many intimate details of our lives, far more so than other computing devices, and as a result security and privacy become paramount.
Still further, new smart IoT and cyber-physical systems will drive innovation and competition in sectors such as the power grid, transportation, buildings, medical technologies, industrial automation, and advanced manufacturing. They will demand capabilities and applications from the Smart Grid, the Next Generation Air Transportation System, Intelligent [surface] Transportation Systems, Smart Medical Technologies, Smart Manufacturing, Smart Buildings, and Smart Cities. As automation and information technology pervade new platforms, IoT and cyber-physical systems have and will become ubiquitous in our everyday lives and grow increasingly complex each year. They fly our planes, control our nuclear power plants, run our medical devices, and so much more. The question we are asking today is, "How can we build systems upon which people can – and will – bet their lives?"
Therefore, without a doubt, cybersecurity is an important aspect of IoT and CPS.
Q: What research is NSA doing in the realm of cybersecurity for the Internet of Things (IoT)?
NSA is doing great work in this area and has developed several key technologies to assist in safeguarding of IoT and CPS.
NSA's Laboratory for Telecommunication Sciences (LTS) established a multi-faceted research strategy to adapt to the changing "connected world" landscape brought by the IoT. The LTS constructed the Internet of Things Living Lab to establish an environment for the study of IoT devices at the system level rather than device level. Devices from many manufacturers are set up within the living lab and are directly operated on and passively triggered by the presence of researchers throughout the day. In this model, the LTS is equipped to study normal IoT device communications, conduct security analysis across a wide range of platforms and establish unclassified proof-of-concept capabilities
Still further, NSA has developed the lightweight cryptographic algorithms - Simon and Speck. These algorithms are not only strong; they are highly efficient, requiring minimal power and computational space. Devices that previously were too small and low powered to use encryption can now use encryption. Encryption is critical as it not only protects data from being exposed, it helps stop attacks. NSA publically released Simon and Speck in the summer of 2013, and the overwhelming interest in low-power, low-space algorithms has drawn interest from the chip manufacturing community.
We are also working with several universities doing fundamental cutting-edge research as part of our Science of Security initiative. We want to develop the building blocks to assist others in making secure and resilient IoT and CPS devices and systems. We want to move beyond the cycle of find a problem; fix the problem; and release a patch. We are looking at developing new approaches to resilient architectures and security designs needed specifically for IoT and CPS.
Still further, our Trusted Systems Research Group looks at all types of principles for secure design. These principles have been integrated into the Android SE operating system, which helps contain untrustworthy applications.
In fact, the next two issues of the Research Directorate's The Next Wave magazine will have articles about our cybersecurity and IoT research. Please read those issues to learn more about our research in The Next Wave.
Q: How concerned should individuals be about the security of their data from the IoT?
We should be aware of, but not paralyzed by, security concerns. The IoT is an emerging way of life, and the number of devices is counted in the billions. Just as we have built up trust or non-trust with products, people and web sites based on evidence, we need to continue to do so with emerging technologies. To do this we need to develop and support sound scientific security foundations upon which we can base our trust and that others can examine transparently. Science will continue to progress in many fields and new research will continue to be required. Fundamental research questions to be answered include:
- Societal Challenges: How can we provide people and society with IoT/cyber-physical systems they can bet their lives on?
- Technical Challenges: How can we build intelligent and safe digital systems that interact with the physical world?
- Scientific Challenges: New models or extensions of existing, continuous and/or hybrid models are needed – discrete systems in a continuous world; we need to increase our ability to reason about uncertainty, and to increase our understanding of complex, unpredictable systems.
- Address new research challenges of privacy and information integration.
Q: Where will technology take us in regards to the IoT? What should we be worried about? What should we be excited about?
This melding of the cyber world with the physical world is a trend that will continue to accelerate in the coming decade as a breathtaking pace of advances has brought computing and communication into all facets of our society.
This is being ushered in by ubiquitous instrumentation and widespread deployment of low-power sensors ranging from tiny specialized communicating processors ("smart dust") and specialized sensors (body-area sensors, life-supporting micro-devices embedded in human body, structural sensors, power sensors), to sensors for change detection – thresholds, phase transitions, anomalies – and mobile phone-based sensors (geolocation, vibration, etc.).
With enabling applications including:
- Sensing environmental information
- Physical infrastructure monitoring and management
- Emergency response during man-made or natural disasters
- Management of traffic flow
- Smart grids for more efficient, safe and secure generation, transmission and distribution of electric power
- Social data and remote/distributed health monitoring
Clearly then, IoT/CPS is going to be transformative by empowering users just as other technological revolutions have helped people to focus on the most important aspects of living full and productive lives.
End users should be aware of the concerns, but not paralyzed by security concerns of IoT. Industry, government and academia are working to develop the technologies and tools that are needed for these devices to be safe and to respect privacy. Technologies and ideas developed in NSA Research are being publically released and shared to assist in reaching these goals.
Finally, we should be excited about many of the devices we interact with everyday which make adaptive intelligent decisions through information sharing, having an expectation that the chores of our lives will be reduced and that the things we love to do will be more easily enabled – through secure and safe IoT/CPS.