Over the last several months I have been surveying our bold new world of smart sensor technology. It is absolutely amazing how advances in this area over the last decade have led to technology that affects our day-to-day lives on a large scale. For example:
- Buildings and bridges are equipped with architectural sensors to detect movement, cracks, and fatigue.
- Industrial motors and equipment have tracking sensors for failure analysis and performance monitoring.
- Environmental smart sensors monitor for pollutants (air, water quality).
- Smart cities are equipped with sensors, which measure air quality, identify vacant parking spots, monitor traffic and people flow, detect gun violence, and adjust city lights based on ambient lighting conditions.
- Agriculture sensors monitor temperatures and moisture conditions to help improve crop yields.
- Medical sensors that we can wear or attach to our bodies measure heart rates, blood sugar levels, oxygen levels, and so on, and deliver this data to us or our doctors in real time.
- Home and office based fire detection, temperature, humidity, and security monitoring.
And this is only scratching the surface of the amazing capabilities we now have.
Although we may not always see them, smart sensors are all around us, making life more convenient, productive, and safe. With these smart technologies having such an effect on our day-to-day lives, we must step back and contemplate the security implications—or worse, the failure of security—on the devices themselves and their supporting systems . With that in mind, let us apply the security triad of Confidentiality, Integrity, and Availability (CIA) to the picture.
Confidentiality: Confidentiality focuses on the protection of information against unauthorized disclosure. So when considering confidentiality we must ask how well we are securing personal identifiable information (PII) or anonymizing data to reduce the ability for someone to gain unauthorized access to or abuse this data. Certain forms of smart sensor technologies gather confidential information. For example, when dealing with consumer and medical smart sensor technology, very personal information can be gathered and/or associated with our identity. Smart city sensors can harvest traceable data, which can potentially be used to identify us and/or monitor our day-to-day movements and behaviors. With those at stake we must consider the impact if we fail to maintain effective confidentiality of the information gathered as part of any smart sensor network. In some scenarios we must consider the potential abuse of data by commercial and government entities, and how we can prevent or limit that abuse.
Integrity: Integrity is the reassurance that information is trustworthy and accurate. Since the data gathered from smart sensors most often is used to control the actions of other functions, the integrity of the data is vital. For instance, what happens if sensors used to monitor traffic flow are incorrect? How about a sensor used to monitor boiler pressure in a power generation plant? Such inaccurate data may be due to a faulty device or a deliberate manipulation of data, and in some situations this inaccuracy can have devastating consequences. Again, we must consider the impact if we fail to maintain integrity of the data gathered as part of any smart sensor network.
Availability: Availability means ensuring that the system is functioning and its data is accessible when needed. What happens if system availability is degraded? If we are relying on a system’s being highly available, what happens to those systems and services using it if the data it provides is suddenly unavailable? What is the potential impact, and how do we mitigate the risk? Do we have a backup plan? For example, what happens if sensors used as part of the lighting control across a large city are compromised or impacted by some form of malware? Can we still control the lights, or do we lose all street lighting for an unknown period of time? How will that impact safety and security? These “what if” scenarios can be scary, but it is sometimes good to play through them (i.e., to do a desktop exercise) as they help us build awareness and create better plans to both avoid security failures and mitigate them when they do occur.
As we step back and start thinking about the security triad of Confidentiality, Integrity, and Availability as it relates to smart sensor technology, we have to consider the security implications of the following areas as they apply to smart sensors:
Supply Chain: Where was the smart sensor manufactured? What chip sets where used? What software/firmware is installed, and does it need to be updated? What mechanism, if any, is available to update it? Each of these is a vital piece of information which is often not tracked, monitored, or controlled to the level it ideally should be. When manufacturers produce a product, they typically use the cheapest parts available; this is especially true for many smart sensor device makers, for whom cost is a key concern. IC chips are very much a commodity item where cost is based on availability and demand. So if that manufacturer produces a second run of their product they will again buy the cheapest parts available on the market to meet their need. It is common for the parts inside a product to have different manufacturers from one production run to another based on this principle. This becomes significant when a chip-based security vulnerability arises and we are forced to ask which products are using that vulnerable chip set. Sadly the answer often is that we don’t know. When it comes to firmware installed within an embedded device, there is often no software inventory available. So when considering the security CIA triad within smart sensors, we need to start expecting a more effective supply chain inventory of the technology (hardware and software), especially when it is being used within critical environments that we rely on—and in some cases that we trust with our well-being and our lives.
Installation & deployment: This area is the scene of some of the biggest security mistakes I’ve seen. Generally those tasked with installation and deployment are driven by tight timelines, and sometimes the expectation is that the technology will just work the first time, without issue. This occasionally leads to shortcuts being taken that impact the overall security footprint—e.g., disabling things such as encryption and packet signing or leaving default authentication enabled. It is important during these phases that attention to detail is maintained at the highest level to assure no cracks in the CIA triad are introduced by accident.
Communication: Smart sensors require some means to send the data they gather; frequently, these devices also have limit processing resources, which can impact their ability to properly encrypt data before transmission. Combine that with various communication methods (from short-range to long-range RF protocols) and the result is that some communication methods are more secure than others. This plays a role in determining whether they should or should not be utilized. The following is a sampling of the different RF protocols likely to be encountered:
- Bluetooth low energy
The security CIA triad is a useful framework for thinking about smart sensor communication and its impact. First, if communication is not encrypted, then confidential information can be leaked. Second, if the data being communicated is used to make decisions and is not encrypted or properly signed, then it can potentially be altered, harming its integrity. Finally if the communication contains critical real-time operation data and can be obstructed with jamming methods, then availability is affected.
I may not have all the answers on properly securing these emerging technologies, but I do think is important we at least start having the conversations. Hopefully this short blog will trigger some of those conversations and thoughts around the subject. Are you part of an organization that utilizes smart sensor technologies in a smart city, smart grid, industrial control, or medical context? I’m looking for people who would like to join together to study, research, and develop solid security methodologies around implementation and maintenance of smart sensor technology. If this is something you’re interested in, please reach out to me to discuss.