Moderator Al Ghous was present at the 2016 ISE® West Executive Forum, which also brought up the topic of the Internet of Things (IoT), and he noted that it seems as if our relationship with IoT and comprehension of its risks have not developed much over the year. However, what we are finding is that organizations seem to focus mostly on the IT side of the IoT. But IoT also encompasses Operation Technology (OT) in addition to Information Technology—most significantly, OT includes consumers. A massive array of consumer devices are involved—phones, tablets, televisions, and even cars now belong to the IoT and must be considered as part of our strategy to monitor IoT.
Furthermore, the implications of risks in IoT are also different when comparing the IT side and OT side. From an IT perspective the risks may amount to Personally Identifiable Information (PII) leaks or an impact to company financials—but from an OT side, the risk pool is huge. Interconnected devices in an oil rig, or a jet engine, a power plant, or something similarly massive are critical to that system’s performance. If their operational use is threatened the implications are severe, even life threatening. Even satellite in orbit are considered IoT, because they collect information and transfer it digitally and securely—and could potentially risk a critical information breach if at risk.
We are still trying to figure out how best to protect devices in the IoT. The controls will be different for every piece of technology and take a lot of processing power—and some of them, such as vehicles, or wearable devices, are not built for security installation, so securing them takes an entirely different strategy. What the group thinks we should focus on for now is first utilizing what we already have to manage our security, and strategizing the best way to repurpose those tools to start us on the path of secure IoT.