As cyberattacks grow in both number and complexity, they also present an outsized threat to civilized society as we know it.
Ironically, one of our best resources for understanding how to solve this problem doesn’t come from computer scientists, but from epidemiologists—the experts who study the frequency, spread and control of diseases.
When epidemiologists talk about controlling the spread of disease, they often talk about the concept of herd immunity.
From Wikipedia: Herd immunity is a form of indirect protection from infectious disease that occurs when a large percentage of a population has become immune to an infection, thereby providing a measure of protection for individuals who are not immune. In a population in which a large number of individuals are immune, chains of infection are likely to be disrupted, which stops or slows the spread of disease. The greater the proportion of individuals in a community who are immune, the smaller the probability that those who are not immune will come into contact with an infectious individual.
Simply substitute “infectious disease” with “cyberattack” in this Wikipedia entry and the concept defined above could easily apply to the Internet of Things.
With the current state of IoT security, we are facing an increasingly dangerous situation, not just for device owners, but for everyone on the internet. Many involved with IoT see a deadly cyber epidemic coming, yet neither the will nor the incentive to build a herd immunity into IoT exists, despite the fact that doing so could help slow or stop the impact of IoT cyberattacks.
In order to understand just how dire of a situation we’re talking about, you’ll need to grasp the full scope of IoT.
Understanding the Full Scope of IoT’s Footprint
IoT is a system of connected, physical devices accessible through the internet. These devices are embedded with electronics, software, sensors, actuators, and connectivity that enable them to connect with each other and exchange data.
This system of connected, physical devices include an array of consumer-facing applications, like home automation, digital assistants, baby and home video monitoring, entertainment systems, wearables, connected health monitors, home robots, appliances, and connected cars. And, new consumer-facing IoT devices are announced almost daily.
There is also a large segment of IoT in the industrial space—IIoT as it’s called colloquially—that includes factory automation, infrastructure management, inventory and asset management, smart grid, electric metering, energy management and countless other categories.
For both consumer and industrial markets, the IoT opportunities are endless.
In fact, a full 98 percent of the world’s processors are in embedded systems, not in laptops, servers and mainframes, as is the common misconception. These embedded systems include IoT, cars (connected or otherwise), infrastructure, and homes.
Connectivity, when we talk about IoT, means that each “thing" is able to interoperate within the existing internet infrastructure, in turn allowing each “thing" to communicate with every other internet-connected device in the world. That’s a lot of connected things and current estimates predict that IoT will have about 30 billion objects attached to it by 2020.
IoT’s Security Problem And How Herd Immunity Can Patch It
To keep consumer IoT devices small, cheap and, in some cases, to get them to market more quickly, many IoT device makers don’t give the slightest nod to security.
This lack of security made it easy for the perpetrators of an attack against internet infrastructure provider, Dyn. The attackers marshaled millions of devices, from printers to baby monitors and even home thermostats, into a botnet army that flooded Dyn with enough traffic to bring their servers down and disrupt more than 65 major services, including Amazon, CNN, HBO, Netflix, and Visa.
Even on the industrial side of IoT, where one would hope manufacturers are more careful about security, there are numerous examples of disaster via cyberattack.
The root of this problem isn’t a lack of innovation in security, it’s a lack of business need for it.
IIoT and IoT devices are not cyber resilient because people are not willing to pay extra for security; they’ll pay more for bells and whistles, but they see security as a commodity and expect it to be there.
The dirty little secret about cyberattacks is that it is the bugs in our complex software that are the open windows letting attackers in. We can’t make perfect software, and the bigger the software, the more bugs there are. And, the more bugs there are, the more vulnerable the software is to exploit.
When we layer on defensive software that ostensibly will protect our networks and the computers on it, we are actually making the problem worse—the herd gets sicker. That’s because this defensive software is very complex and has the same percentage of bugs per lines of code as all our other software does.
Worse, complex security software often have special privileges on the computers they protect giving a nefarious actor the tools they need to take advantage of your machine. All it takes is a soft access point like an unprotected IoT device and poof … they’ve taken over the computer. Now multiply that by millions of devices and a bad actor has all the resources they need to marshal a bot army of “infected” devices and use it to crush a critical arm of the internet like Dyn.
CoreGuard™ and its Role in Developing IoT Herd Immunity
CoreGuard sits at the final gate that the bad guys have to get through and it completely immunizes the processor from being infected, blocking the attacks before they can even take effect. This is critical for creating a herd immunity in the IoT since the bot armies are formed by having one infected member of the herd infect those it is connected to. If some in the herd are immunized by having CoreGuard’s protection, then those CoreGuard-protected devices can help break the chain of infection, diminishing the effects of the attack or, better yet, controlling it completely.
To illustrate this, consider a scenario where a bad actor has decided to string together a botnet with a goal of infecting a total of 1,000,000 IoT devices. If each IoT device has the capability to infect 1,000 other devices before being detected, then it would take just 1,000 devices for the attacker to reach their goal. The ability to exponentially grow the impact of an attack is part of the reason bad actors so feverishly target IoT devices in the first place.
But now, let’s consider herd immunity and how it might play out in the scenario described above.
What if, for example, half of the original 1,000 IoT devices are now immunized through CoreGuard technology. In this scenario, only 500 IoT devices will have the ability to infect 1,000 other devices, each. The other 500 IoT devices, thanks to CoreGuard’s technology, will withstand the attack and avoid passing on the infection. By simply securing the processors of half the devices in the original group, we’ve also halved the bad actor’s ability to increase the impact of their attack. They can now only reach 500,000 devices in total, rather than the 1,000,000 they were shooting for.
But, let’s extrapolate this example just one step further.
In our final example, consider a world where both populations—the original 1,000 devices, and the thousands of devices they’ll infect—have both been cut in half. In this scenario, 500 devices have the ability to only infect 500 devices each, thanks to technology like CoreGuardTM. Here, we’ve now taken the total number of IoT devices in the attack and cut it down to a quarter of what it once was. In this example, a bad actor will only be able to reach a total of 250,000 devices, rather than the 1,000,000 they were after.
By protecting IoT devices with CoreGuard technology, vendors have the ability to make their devices so secure they deter attacks before a line of malicious code can be written. Technology like this, when deployed strategically, can help create a herd immunity for IoT devices.
Unfortunately, it can do little for the millions of devices that are built without hardware-based security solutions. The same devices that attackers will quickly move on to when their exploits against CoreGuard-protected devices prove fruitless.
Learn more about CoreGuard and how it can immunize your IoT devices, today.