In September, Howard Penrose, PhD, presents "Your IoT Devices May Be Weaponized (And What To Do About It)" at the fourth-annual Smart Industry Conference, which this year includes an optional CMRP exam that enables attendees to earn their Certified Maintenance & Reliability Professional certification. (Howard is the 2018 chair of the Society for Maintenance & Reliability Professionals.)
Today, Howard previews his presentation and shares his thoughts on updating legacy systems, botnets and the value of certification. Take a look…
Smart Industry: Are business owners aware of the security vulnerabilities that IoT efforts create? Or are they overly wary of IoT devices for this reason?
Howard: Most business owners and leadership at the C-level have some awareness of security vulnerabilities, although that awareness is often lacking in the area of IoT devices. There is a push for the application of IoT systems in order to improve automation of systems. The challenge appears to be a lack of strategic (or at least tactical) application of devices and technology toward a goal of automation. The level of adoption appears to follow what would be expected of companies adopting technology. The primary, unrealized danger is legacy systems that are no longer being updated, or have older and vulnerable firmware or software. The secondary concern is the understanding that the workforce requires awareness of vulnerabilities associated with IoT devices. That awareness is lacking in a large number of companies.
Smart Industry: Explain how you use that term "weaponizing your IoT devices"?
Howard: One of the more aggressive approaches by cyber-criminals is the use of botnets. These are computers and devices with IP addresses that are infected and then used to invade their own organization or used against other organizations. Botnets can overwhelm a service or provide a means to attack a system from multiple sites while making it difficult to trace the source. The infected devices can include anything from connected security cameras or IoT devices (both industrial and private) that are vulnerable because of poor security or password protection.
Smart Industry: How does CMRP certification benefit security professionals?
Howard: The Society for Maintenance & Reliability Professionals is the premier professional society for reliability, maintenance and physical-asset management made up of more than 6,500 professionals globally. We are founding members of the Global Forum for Maintenance and Asset Management and maintain partnerships with professional societies worldwide. SMRP is the premier provider of educational opportunities, networking events and resources for maintenance, reliability and physical-asset management professionals. We also provide the ANSI Certified Maintenance & Reliability Professional (CMRP), the Certified Maintenance & Reliability Technician (CMRT) and an international Certified Asset Management Assessor (CAMA). SMRP’s Government Relations program works closely with the U.S. Federal Government on cybersecurity, smart grid, skilled trades and CTE, infrastructure and OSHA, including partnerships and the development of legislation.
Smart Industry: What do you find most troubling about the near future of cybersecurity? What is most encouraging?
Howard: There is a strong push to implement IoT technologies by developers, including a growing number of presentations and articles showing primarily only the benefits. Until brought to industry’s attention by SMRP, there was little dialog concerning cybersecurity with IoT implementation. This trend generated concern with regulators and IT organizations. With growing dialog surrounding cybersecurity, the awareness is gradually increasing. It is encouraging to see the improving awareness of cybersecurity within organizations, along with federal frameworks and other efforts related to trustworthiness surrounding the IoT.