Securing Our Transforming World

Research funding and commercial expertise should come together to find new ways of approaching and solving these problems. 

cyber
Gorodenkoff/stock.adobe.com

Technology is rapidly pushing all of us toward a fully connected and always-on society. The concept of the Internet of Things (IoT) began with the idea of connecting consumer devices to home networks to make life easier. Now, critical systems are increasingly connected to the internet. Today's advanced driver assistance system (ADAS)-equipped automobiles contain upwards of 150 million lines of code and up to 150 networked electronic control units (ECUs) that enable both benign and safety-critical functions. Modern medical devices are making patient care more effective and affordable using machine learning software to quickly diagnose conditions and recommend treatment plans based on continuous streams of bio-sensor data. Industries as a whole are transforming. Agriculture and manufacturing have both been transformed by the introduction of smart sensors and collaborative robotics. All of this connectivity will eventually enable advanced automation use cases that fully leverage the power of machine-to-machine interactions and human-to-machine collaboration.

These advanced automation use cases are being built on a shaky foundation. IoT represents a complex system-of-systems architecture, composed of:

• A diverse array of devices capable of sensing and/or acting on their environment.

• A communication layer capable of local and remote interactions.

• Services and applications that provide management, analytics, data storage and other support.

Devices may be simple or complex. Either way, we have seen many examples of devices that are shipped to market with basic weaknesses, such as hard-coded passwords, the use of insecure services, insecure third-party libraries, lack of encryption and lack of secure update mechanisms. As devices become more complex, so too does the ability to identify weaknesses prior to fielding. As new collaborative architectures are identified, these same devices will form the foundation of a new automation and collaboration layer within the IoT architecture.

We have already seen a wave of digital transformations. Some of these have been as simple as interfacing existing systems to the internet to enable remote management and monitoring. We have seen the ramifications of connecting water supplies or industrial systems to the internet haphazardly.

In the future, digital transformations will be much more complex. Researchers today are working on new ways to enable human/machine and machine/machine interactions to enable these new use cases. Companies are already developing systems that integrate perception, decision and action to identify and respond to threats or safety issues. At the same time, DARPA is actively expanding the state of the art in this space with their work on programs like Gremlins and Code. These programs promise to use collaborative autonomy to allow teams of unmanned systems to collaboratively respond to events and operate with minimal human interaction.

As all of these machines begin to collaborate in pursuit of complex goals, they will continue to be vulnerable to many of the same basic weaknesses that plague today's IoT architecture. And, as technology becomes more complex and interactive, the impact of a major compromise becomes significantly greater.

Today's approaches to securing the IoT will be insufficient to effectively secure tomorrow's more advanced autonomous systems. Fielding devices and software with multiple weaknesses and then patching those weaknesses over time is not sufficient. Focused research is needed to better understand how to develop trusted composable systems. We collectively need new ways of thinking about how to secure devices, networks, protocols, services and software, taking into account the need for secure interoperability across heterogeneous devices and systems.

Secure interoperability should be addressed in any new standards and specifications. Methods to enforce and measure trust should also continue to be researched. Devices should be able to measure their own integrity and report those measurements to other devices through remote attestation. These trust measurements should be taken into account in any interaction, allowing for security mitigations to be established when the measure of trust in a peer is low. Standards for software cryptographic libraries should also be created, supporting low-power IoT devices such as sensors that cannot make use of hardware-specific capabilities. Measures of trust should take into account the robustness of any peer device's cryptographic capabilities.

All of this and more will require collaboration between government and commercial sectors. Research funding and commercial expertise should come together to find new ways of approaching and solving these problems.

Automation promises amazing opportunities and capabilities for the future. Developing these capabilities with secure devices, networks and software will allow us all to benefit from resilient collaborative machine interactions that make life easier and safer. Not doing so will lead to brittle systems that are constantly being compromised by the ever-increasing capabilities of our adversaries

The Newsweek Expert Forum is an invitation-only network of influential leaders, experts, executives, and entrepreneurs who share their insights with our audience.
What's this?
Content labeled as the Expert Forum is produced and managed by Newsweek Expert Forum, a fee based, invitation only membership community. The opinions expressed in this content do not necessarily reflect the opinion of Newsweek or the Newsweek Expert Forum.