The Hole in the Dam that is IoT: A Lack of Security

As unlikely as it would have seemed ten years ago, cyber systems are steadily bridging their influence into the natural world in ways never imagined possible. Even those seemingly uncontrollable aspects of nature, natural disasters, will no longer be free from the ever-evolving reach of technology.

According to Tech Central, the Dublin City Council is looking to implement the Internet of Things devices to help monitor water levels in flood-prone areas. Flood damage to Dublin’s infrastructure averages to about €8 million per year, a cost that will hopefully be mitigated by upgrading the techniques used to analyze water levels. Knowing where water is rising fastest, as well as how fast, are key metrics in judging how well emergency personnel can respond to a dangerous situation. In addition, because of rising sea levels and increasing amounts of rainfall over the past few years, it is projected that flood risks will continue to become an even bigger threat than they are now.

While integrating the technology of IoT into public safety can have huge benefits for the city, it would be naïve not to consider the extra precautions that must be taken when using such a system. For a system in which a single failure can result in catastrophic consequences such as a flood monitor, it goes without say that said system must be impervious to defeat. This includes protection from being hacked.

According to an article by Mike Iliopoulos of the Denver News, the city’s tornado warning system was hacked in early April, causing the sirens to simultaneously blare for over an hour and a half. The hack was done remotely, and forced the city to upgrade the encryption on the warning system. The lesson to be learned comes not from the outcome of the hack, but the potential for even worse damage in a similar scenario.

While what happened in Denver was little more than a prank, the real-world damage that could be caused by the disabling of an emergency warning system in a time of need could be catastrophic.

Governments and industries are quick to jump to IoT solutions to improve the conditions in which they work, but the reality is that IoT without security is a dangerous gamble. The need for security is not only present in those critical systems, but also on any device that would be in the same network. Any end node can quickly become a weak point if not defended properly, and once a hacker has gained access to one entry port the entire network can be compromised.

The need for cyber security has never been greater – Trillium’s mission as a company and the passion of our team is to provide security for these vulnerable networks.