More Things, More Cyberattacks

Not a day passes without mention of the Internet of Things in the media, as it appears to expand exponentially.

Roughly 6.4 billion things will be connected to the Internet in 2016, at a rate of 5.5 million new things per day, according to Gartner. More than 20 billion devices will be in use by 2020.

As a result, everyone must be more cognizant of cyber-risks, including risks to businesses; utilities; heating, venting and air conditioning systems; autos; and homes.

The IoT is at risk of being ensnared in a tangled web of legal and security issues, as I noted in a column last year.

The FBI recently gave us another wake-up call via a Public Service Announcement on the Internet of Things’ vulnerability to cybercrime.

We’re Surrounded

  • The list of IoT devices the FBI identified as being at risk for cybercrime activities drives home just how personally exposed we all are:
  • Automated devices that remotely or automatically adjust lighting or HVAC
  • Thermostats
  • Wearables, such as fitness devices
  • Smart appliances, such as smart refrigerators and TVs

Criminals “can use these opportunities to remotely facilitate attacks on other systems, send malicious and spam e-mails, steal personal information, or interfere with physical safety,” reads the FBI PSA.

Following is a synopsis of some of the IoT’s risk areas, according to the FBI PSA.

IoT Health Risks: It now is common for medical devices to monitor people who are ill, and some actually dispense medication on a prescribed basis. Cybercriminals could “possibly change the coding controlling the dispensing of medicines or health data collection.” This is a life-or-death risk.

Baby Monitors and Day Care Centers: Closed circuit television and other devices constantly watch children, whether they are sleeping in a nursery or at play in a day care center. What if cybercriminals were to take control of these monitoring devices and stream video of young children?

Automated Devices at Home and Work: Cyberattacks may be directed at “security systems, garage doors, thermostats and lighting,” which potentially would allow criminals to “access the home or business network and collect personal information, or remotely monitor the owner’s habits and network traffic.”

IoT in Gas Pumps: Think about the amount of damage that could result from a cyberattack on gas pumps. Cybercriminals “could cause the pump to register incorrect levels, creating either a false gas shortage or allowing a refueling vehicle to dangerously overfill the tanks, creating a fire hazard, or interrupt the connection to the point-of-sale system allowing fuel to be dispensed without registering a monetary transaction.”

As the IoT device list grows, cyberattacks surely will keep pace. It is in your best interest to heed the warning of the FBI. Share the PSA with your employees, friends and colleagues.

Also, it is important to report cyberattacks to the Internet Crime Complaint Center, or IC3, which is a partnership of the FBI and the National Center for White Collar Crime. The IC3 collects data on criminal acts to try to find patterns of cybercrime, of which IoT crime is just one facet.

Cybersecurity for the Future?

The FBI’s identification of risks suggests that criminals around the world might see vast cyberopportunities with the IoT — and in particular, with companies that have Bring Your Own Device programs, since many employers have little or no control over what employees do with the devices they bring.

Microsoft has announced new security efforts with its Windows 10 IoT Core, focused on offering enterprise-grade security to IoT and targeted small “embedded devices that may or may not have screens.”

Dell reported the results of a mobile security survey that suggests businesses are getting the message about how important it is for them to do a better job in supporting security for BYOD.

Other companies are trying to stay ahead of cybercrime as well. Believe it or not, GE, AT&T and Texas Instruments, among others, this spring sponsored a hackathon, dubbed “Hack the Home,” in the spirit of spurring innovation. More than 200 teams competed for more than US$60,000 in cash and other prizes.

Events like the hackathon help guide businesses to design better technologies to protect homes connected to the IoT. Let’s hope they succeed.

Peter Vogel

Peter Vogel is renowned as both a trial and transactional lawyer who deeply understands technology, science and intellectual property, and the opportunities and problems they pose for clients. Governments and administrative agencies, as well as major corporations and emerging businesses, rely on Peter to get right to the heart of an information technology or e-discovery dispute; he knows what to expect and how it will play out in the courtroom. This eliminates unproductive rabbit trails and reduces the cost of litigation for all parties. When negotiating agreements for IT implementation projects for ERP or development projects for healthcare and other companies, his knowledge of technology enables his clients and their vendors to reach consensus faster. CEOs and other C-suite executives consult with Peter on the confluence of technology, business and law. He advises on cyber-security and identity protection, international privacy laws and global technology disputes, combining complex enterprise systems after a merger or acquisition, and counsels with clients when they are upgrading IT platforms. In every instance, his technical experience, background, and understanding of relationship dynamics streamline the pathway to the right answer and best approach or solution. Peter is often appointed a Special Master representing the court in IT and eDiscovery disputes. In addition, a court-ordered mediator in eDiscovery and ESI, internet, e-commerce, intellectual property and IT litigation, and has represented numerous states, counties and municipal governments inside Texas and throughout the U.S.

Leave a Reply

Your email address will not be published. Required fields are marked *