The Security Implications of the Internet of Things

March 2015
Topics: Cybersecurity, Homeland Security, Computer Security, Information Security Risk Management, Information Security Operations
Chris Folk, The MITRE Corporation
Dan C. Hurley, Attochron
Wesley K. Kaplow, Polar Star Consulting
James F.X. Payne, Dun & Bradstreet
Download PDF (8.04 MB)

A vast and transformational change is happening that will alter the face of the Internet as we know it forever. An explosion of connectivity under the broad descriptor of The Internet of Things (IoT) is currently rolling out across the globe, leveraging the enormous expansion of IP addresses through the carrier deployment of IPv6. This new IP protocol moves Internet addresses from a limited and carefully managed resource to a new platform without any such restriction. This dramatic change in venue has spawned a new creative spirit not unlike the first years of the Internet. This expansive change is expected to increase the number of smart connected devices by some estimates to 50 billion, or even more. With previous address restrictions lifted, creative solutions are being proffered daily that connect our healthcare, home energy consumption, mass transit, insurance, and almost every economic sector such that we will have infinitely more opportunities to optimize and simplify usage and effectiveness.

Now is the time to consider the implication of these changes and suggest means and methods of determining their impact. The purpose of this paper is to better define the threat aperture that changes with this new environment. What fundamentally makes this threat different from traditional cyber is that this involves what many call actions at a distance. Once we, as individual consumers, introduce the IoT into our families and lives, we allow machine-to-machine interactions on our behalf. This changes legal and liability issues and, in some cases, introduces a series of grey areas yet to be defined.

This white paper, a publication of the AFCEA International Cyber Committee, is a call for awareness with recommendations for actions that need to evolve just as we evolve the related technologies that enable this progress.​

©2015 AFCEA International. All rights reserved.