FIC 2016: Is security the main challenge of the Internet of Everything?

Christophe Jolly of Cisco France took the stage at FIC 2016 to outline the fundamental security problems in the looming "internet of everything".

FIC 2016 in Lille, France
FIC 2016 in Lille, France

The Internet of Everything means a fundamental change in the way not just we, but everyone, does business, said Christophe Jolly, security director of Cisco France. 

He opened his lecture at Lille's FIC 2016 by commenting: "The digital age will see that companies that were not necessarily dealing with the area of computers will be dependent upon and using computers... [meaning] security is going to be an essential challenge."

The scale of the Internet of Everything shouldn't be underestimated. The market opportunity for the IoT is set to be about $14.4 trillion over the next ten years. By 2020, there will be 5 billion connected objects, hence, the internet of of 'everything.' To clarify, with the expected growth of the earth's population, Jolly said, that will mean nearly an object per person on earth.

This "offers porousness between the different world; we have industrial networks, public networks being affected, social networks. This is unprecedented." Already you can see this kind of acceleration said Jolly: "you only need to go to a shop and see everything we buy in terms of appliances."

He added, "In a couple of years time I imagine if you want to go buy a fridge, you won't be able to get one that's not connected."

Wonderful. But all those connected devices all provide nothing less than, "an excellent opportunity for hackers" to avail themselves of billions of connected devices.

Only a couple of years ago, hacking "was restricted to a handful of experts. There are now ecosystems of people pooling their income towards their ill-willed activities," said Jolly. The Angler EK is a perfect example. Cisco recently uncovered a campaign, using the Angler EK which pulled in an expected $34 million per year: "These ecosystems are extremely lucrative," Jolly told the crowd. "500 million connected objects can offer a plethora of opportunities." What's more, these kinds of people are "heading towards the internet of things".

Security isn't something that manufacturers or consumers take into account when making or buying these products. "It's rare that security is taken into account" in IoT because, for consumers, cost and function matters. In terms of public infrastructure, power plants are built to withstand things other than a cyber-attack.

Jolly cited the fact that only last week Ukrainian power plants were attacked by an unknown assailant, although many suspect it was Russia. He raised the apt point that were one to cut off power or heat to a community of people when it's minus 10 or 20 degrees, that could incite riots, local instability or worse.

So how does this change? Jolly used the example of the car: "A century ago cars were invented without thinking of car accidents." People didn't think they were impervious to harm, but nobody ever thought that people might die underneath them.

"All these accidents led legislators to enact laws." That said the wheels of change might not starting just yet: "We're going to have [to experience] several disasters for the legislature to start."

You can do something about that, said Jolly. First, try and get inside the mind of the person who might attack you: what do they want? how are they going to get it?

“Try and imitate what the attacker might want."

Second, know your infrastructure, find "all the objects that are connected within one and the same company."

"Hackers," said Jolly, "should have as dim a view as possible."