The Fabric CloudBlazers Forum is the community of cloud and infrastructure experts. It brings together a group of thought leaders in the networking industry.
This time, we met to discuss the security problems facing the IoT revolution.
From left to right: Rajan Raghavan (The Fabric), Rich Langston (Rosetta Cyber Systems), Michael Tennefoss (Aruba/HPE), Stephen DiFranco (IoT Advisory Group)
Michael Tennefoss, VP of Strategic Partnerships at Aruba/HPE, joined myself and Stephen DiFranco, Principal of IoT Advisory Group to talk about the state of IoT and industrial security. Rajan Raghavan, CEO of The Fabic moderated and provided lots of insightful questions.
A clear consensus emerged early – IoT and industrial networks in general are plagued with challenges. Huge parts of our infrastructure are inadequately protected, especially in today’s world with active nation-state actors riffling through networks everywhere.
Mike highlighted the practical challenges of protecting the industrial and building automation world. Chief among these, he said, are the large numbers of different protocols in use. In lots of places, TCP/IP isn’t even the main protocol. For example, BACNET (an IP protocol) was pioneered by Mike and his company at the time, Echelon. This protocol is commonly referred to as the first “standard” protocol used in the building automation field. If we can’t speak the same language, it’s hard for vendors to offer good support. Hackers willing to learn less mainstream protocols find fertile ground for recycling old attacks.
Stephen highlighted another large issue for protection IoT in general – the lack of horsepower in most IoT solutions. In the PC and mobile world, devices have enough memory and CPU to give them at least a chance at protecting themselves from the threats they face. Most IoT solutions are completely optimized for cost – tiny processors with little memory. This makes it impossible to run any endpoint protection software, and hard to store certificates, making defense and authentication problematic.
For my part, I talked about some of the things we need to do to better protect these networks, things that we are trying to do at Rosetta Cyber Systems. Key examples of this are better visibility into industrial networks and protocols, basic understanding of vulnerabilities of devices, and monitoring of networks for changes and intrusions.
Thanks very much to our great audience, who challenged many of the points. I think everyone left with a greater understanding of the problem, including myself and our other panelists. Please join us again at The Fabric CloudBlazers Froum!