Disaster awaits if we don't secure IoT now

Summary

In 2015, Ukraine experienced a slew of unexpected power outages. Much of the country went dark. The U.S. investigation has concluded that this was due to a Russian state cyberattack on Ukrainian computers running critical infrastructure.In the decade that followed, cyberattacks on critical infrastructure and near-misses continued. In 2017, a nuclear power plant in Kansas was the subject of a Russian cyberattack. In 2021, Chinese state actors reportedly gained access to parts of the New York City subway computer system. Later in 2021, a cyberattack temporarily closed down beef processing plants. In 2023, Microsoft reported a cyberattack on its IT systems, likely by Chinese-backed actors.The risk is growing, particularly when it comes to internet of things (IoT) devices. Just below the veneer of popular fad gadgets (does anyone really want their refrigerator to automatically place orders for groceries?) is an increasing army of more prosaic Internet-connected devices that take care of keeping our world running. This is particularly true of a sub-class called Industrial Internet of Things (IIoT), devices that implement our communication networks, or control infrastructure such as power grids or chemical plants. IIoT devices can be small devices like valves or sensors, but also can include very substantial pieces of gear, such as an HVAC system, an MRI machine, a dual-use aerial drone, an elevator, a nuclear centrifuge, or a jet engine. The number of current IoT devices is growing rapidly. In 2019, there were an estimated 10 billion IoT devices in operation. At the end of 2024, it had almost doubled to approximately 19 billion. This number is set to more than double again by 2030. Cyber-attacks aimed at those devices, motivated either by political or financial gain, can cause very real physical-world damage to entire communities, far beyond damage to the device itself.Security for IoT devices is often an afterthought, as they often have little need for a “human interfac...