Miles of column inches have been devoted to the whiz-bang aspects of the Internet of Things (IoT). The way the tech publications tell it, pretty soon we’re going to be living like the Jetsons all courtesy of IoT. But the reality on the ground is a little more complex and after the big IoT-based attacks of 2016, technology officials at all levels of government are much more focused on securing what they already have in place than adding more potential vulnerabilities to their systems.
Recent security reports suggest that IoT-based attacks are likely to become a focus for adversaries that deploy ransomware, similar to what happened with the San Francisco Muni system late last year when over 2000 devices were compromised. Riders got a free weekend of service and city officials got one big headache.
CivSource recently caught up with Paul Stephenson, who works closely with state and local governments to secure public sector IoT networks in his position in the Office of the CTOs America for VMware.
“With the Internet of Things, cities and districts can be fully connected: schools, mass transportation, and utilities. That convenience means efficiencies and cost-savings, but it also means we need to stay one step ahead of bad actors looking to compromise IT infrastructure,” Stephenson says, adding that a lot of CIOs and CTOs are trying to pick winners out of a growing field of buzzwordy technology, but ultimately issues around security can make those decisions for them.
“When you’re looking at how to build a big network that is attached to critical infrastructure, security is a defining feature. You see products out there with a lot of capabilities and they might catch a lot of attention, but if it’s vulnerable to attack then the technology becomes a liability,” he notes. VMWare recently released a tool called “Liota” which stands for Little Internet of Things Agent and acts as a secure middleman. Liota is an open-source software development kit that enables IoT developers to build secure gateways into their solutions.
According to Stephenson, Liota is designed to help technologists secure IoT networks without having to stick with a single vendor – a boon for government systems which often have a variety of vendor solutions working together.
“Our goal with tools like Liota or NXS, is to offer secure virtualization that is easily manageable,” Stephenson explains. VMWare NXS is a data center security solution that is integrated with Intel Security’s McAfee Virtual Network Security Platform. NXS is a micro-segmentation security offering that works alongside other tools like Liota. Taken together, the tools can put technologists on a path toward a secure IoT platform. “It’s critical for local and state governments to establish proper safeguards when architecting their information systems. With virtualization, we think we can offer technology officials a way to get the security they need with a user experience that’s consumer simple.”
Looking ahead, Stephenson says standardization will be the next big step, if technologists want to move IoT projects up the maturity curve. “Standardization will help architects move these projects out of the pilot phase and will also help with security,” he says. “No project happens in a vacuum, governments take a lot of factors into consideration when they decide to do something. Vendors will have to do that as well if we want to see greater adoption of our technology.”