Military Security in the Age of the Internet of Things
Despite looming threats, trusted communications offer a glimmer of assurance.
Securing the cyber domain commands as much attention as it does effort and dollars—and yet, in spite of years of work to fortify enterprises, it is the fast-paced ecosystem known as the Internet of Things that gravely threatens the security of the world’s greatest military. With mere clicks on a computer, hackers have the knowledge and power to wreak havoc in the defense arena, with experts warning that it is just a matter of time before threats become realities, particularly in three distinctly vulnerable areas of vehicle safety, healthcare and supply chains.
Already, security experts have shown it can be done. During the past several years, viral videos showed white hat hackers hijacking car technology, as was the case last summer when they used a laptop to remotely access a Jeep’s onboard smart technology and disable critical functions such as steering and braking. The worrisome hack highlighted several materializing vulnerabilities presented by society’s widespread migration to capitalize on the convenience of the Internet of Things, or IoT. The U.S. military is not immune to the cracks in security, especially because it strives to match progress already made in the private sector, particularly with the adoption of software-defined networks (See http://url.afcea.org/iotsecurityblog).
News of the ethical hackers’ ability to remotely connect to and commandeer vehicles through the onboard entertainment systems, and follow-on reports that Wi-Fi networks available to passengers on commercial airlines could make some planes vulnerable to hacking, are at least two examples that highlight a prominent question circulating inside the defense industry: Are Humvees and fighter jets next?
As if the thought of compromised troop convoys and bombing sorties were not worrisome enough, attackers also target medical monitoring equipment, as the untethered devices provide for soft targets. The vulnerability poses a particular concern within the military health care system, now ranked among the largest providers with one of the most vast information technology infrastructures. A two-year study conducted by an information security firm for Essentia Health revealed major security flaws in health information technology, establishing precedent for the susceptibility of medical treatment facilities. Researchers noted that health and safety devices could be controlled remotely, and hackers managed to manipulate drug-infusion pump dosage levels, heart monitors and treatment tools such as defibrillators. The results, reported in April 2014, demonstrate how such attacks could pose serious dangers to warfighters undergoing medical care, either for wounds sustained during combat at forward-deployed facilities or those treated at military hospitals around the world. Because of privacy and security reasons, detailed statistics are not readily available on the number of military patients connected to remote monitoring or treatment devices. But the trend for remote monitoring is rising dramatically as the IoT makes its way into health care systems, both commercial and military. The market encompassing patient monitoring systems, from devices to the software, packaged services and other applications, tops $31.4 billion, according to a report by health care market research publisher Kalorama Information.
Finally, the military’s reliance on the effective, affordable and maturing ecosystem that is the IoT is a plus for efficiency but jeopardizes military supply chains. A single device such as a mobile phone can contain components manufactured and assembled from various locations around the globe, increasing security risks because of malicious subterfuge by nation-states or even unintentional flaws that yield vulnerabilities.
The problem of security breaches related to connected devices is rather widespread. According to the Gemalto Breach Level Index, attackers managed to breach 1,023,108,267 records globally in 2014, a 78 percent increase from the previous year. Here is how that statistic breaks down into some digestible numbers: When tallied, breaches happened 2.8 million times a day, or 116,000 times per hour. Yes, that amounts to 32 breaches every second.
Many devices in the hands of military personnel prove valuable to attackers for several reasons. A smartphone’s camera, for example, might provide intelligence about the security of a particular military outpost. Other gadgets provide value because of what they might control. Criminals take advantage of the effortless compromise of communications between devices and those who control them, such as manufacturers or service providers—also known as masters. Changing messages in transit is a common way of hacking, facilitated because of the volume of sensitive data that passes between devices via IoT connections. These hacks are particularly nasty and expose data attackers can intercept and manipulate. They threaten trust in the information, resulting in miscommunication about troop movements or other battlefield information. Additionally, attacks against masters can be potentially the most dangerous because they disrupt service to devices, rendering them useless at the most hazardous times. Conversely, an attack on a master also could mean manipulating many devices at once, with the introduction of malicious code into devices that threatens the entire infrastructure.
With all of that said, there are preventative tactics that can safeguard devices. Protecting IoT-enabled electronics comes down to identifying devices and their masters and protecting the data shared between the two. That means having trusted identities, trusted devices reliably associated with a provider, a trusted master that provides authentic, unmodified software and data encryption to prevent interception or theft. Establishing assured identities for the IoT revolves around the notion of public-key cryptography (PKC), which enables reliably secure communication between individuals. The PKC establishes trusted identities in the IoT built on a network of uniquely identifiable devices. The basis of the PKC is a special, unique relationship between two distinct numbers that encrypt data—a public key number and a private key number. When the two are put together, the relationship is validated—an approach that is also called “asymmetric encryption” because one key encrypts and a second decrypts.
A security challenge persists in determining whether keys belong to the people who claim they do. Verification requires a certification authority that issues a digital certificate to confirm ownership of the keys. This digital certificate contains several fields to validate the identity of a device or system and the corresponding public key. The IoT requires billions of certificates to identify devices, authenticate software updates and facilitate encrypted communications. The distributed systems, collectively referred to as a public key infrastructure (PKI), generate, issue, store and manage both keys and digital certificates and is correspondingly enormous. The sheer size of the infrastructure makes security a significant challenge; the bigger the infrastructure, the greater the risks.
Another proven offering for best practices to store and manage crypto keys involves the “root of trust.” The problematic element to maintaining an effective PKI is the private keys. After all, public keys by necessity must be freely available. On the other hand, private keys must be secret and secure to ensure a trusted identity. Securely storing these keys means running software on an operating system or in trusted hardware connected to systems. But storing cryptographic keys in software is suboptimal because it is much easier to access and compromise. Businesses need components, known in the aggregate as “root of trust,” that can reliably perform one or more security-critical functions, such as protecting cryptographic keys, performing device authentication or verifying software, according to the National Institute of Standards and Technology. While a root of trust creates a barrier between software on the server and cryptographic key material, the practice can go a long way toward thwarting a hacker’s paths of attack and access to sensitive cryptographic keys. Furthermore, it is important that an assured supply chain creates the hardware root of trust. Otherwise, if compromised, the entire infrastructure is at risk.
The IoT, well on its way to not just becoming a reality but overtaking day-to-day living, gives military and civilian agencies keener insight and control over critical functions and operations. An estimated 50 billion uniquely identifiable connected devices will be deployed globally by 2020, according to the Internet of Things Solutions World Congress. It is a game changer, and part of playing the game involves ensuring the devices are secure. The volume of Internet-connected data and devices will grow by enormous proportions, making it essential to create a base of secure, trusted and reliable data.
Shawn Campbell is vice president of product management for SafeNet Assured Technologies. The views expressed here are his alone.
Defining the Internet of Things
Though the government has invested millions of dollars to secure its enterprise networks, it is the emergence of untethered systems—those that make up the blossoming Internet of Things (IoT)—that now pose the gravest security concerns. To understand how attacks occur, it is important to know some of the IoT language and how the various elements interconnect:
- Sensors and actuators allow monitoring and data collection, and control the actual “things” in the IoT.
- Devices are the so-called “things” in the name—the smartphones, tablets, fitness trackers—that will become even more efficient, thanks to improvements made to sensors and actuators.
- Gateways provide the means with which connected devices communicate more efficiently, allowing for improved data management and security.
- Masters of devices and service providers govern every device or service within the IoT domain. All have a master that issues and manages devices and makes data analysis easier. A master might be the device manufacturer, a cloud service provider or an Internet solution provider.
Based on the components described above, each attack against the IoT can be placed into one of three categories:
- Attacks on devices
- Attacks on communication between
- devices and masters.
- Attacks against masters.