AoC number

286

Primary domain

T

Secondary domain

T

Description

The Internet of Things (IoT) is the network of physical objects or “things” embedded with electronics, software, sensors, and network connectivity, which enables these objects to collect and exchange data. The Internet of Things allows objects to be sensed and controlled remotely across existing network infrastructure, creating opportunities for more direct integration between the physical world and computer-based systems, and resulting in improved efficiency, accuracy and economic benefit. Each thing is uniquely identifiable through its embedded computing system but is able to interoperate within the existing Internet infrastructure. Experts estimate that the IoT will consist of almost 50 billion objects by 2020.

Internet of Things (IoT) is a concept and a paradigm that considers pervasive presence in the environment of a variety of things/objects that through wireless and wired connections and unique addressing schemes are able to interact with each other and cooperate with other things/objects to create new applications/services and reach common goals.

MicroSoft defines the Internet of Things in the following four domains:
Things – Physical “things” such as line of business assets including industry devices or sensors — all the “things” that matter most to the business
Connectivity – Those “things” have connectivity to the internet, to each other and to people, whether directly or through gateways
Data – Those “things” collect and communicate data—this may include information gathered from the environment or input by users
Analytics – Finally, performing analytics on all the gathered data enables people or machines to add value to the business

According to its January 2016 TechRadar report on IoT, Forrester says that IoT is a “business-led trend” with 23% of companies currently using IoT, with another 29% planning to do so within 12 months.

For the airline sector, IoT offers multiple opportunities to improve operational efficiency and offer increased personalisation to passengers. It may even have the potential to change business models. In fact, there is so much opportunity that the challenge currently is where to focus efforts.

Among airlines that have started experimenting with IoT, there are projects to improve passenger experience, baggage handling, tracking pets in transit, equipment monitoring, and generating fuel efficiencies. However, in an industry still struggling with integration across legacy systems chief information officers face challenges in getting the underlying architecture right as well as addressing security issues.

Potential hazard

Each device becomes not just a data source but also, potentially, a controllable device – and as such has a potential security impact. For a start, smart devices inevitably create data, which may need to be protected depending on the risks that surround it. Risk factors may not always be obvious – for example, burglars might be able to hack into a lighting control system to determine if a building is empty, before breaking and entering.

Once breached, smart devices can also be used as springboards to access other systems. For example a poorly secured device could be logged onto, and used as a ‘base’ on the internal network, from which to connect to other internal systems; a compromised device could equally be used as part of a botnet, by running a malicious program or replacing the firmware.

Almost all of these devices connect through a WiFi network. And some of them are extremely low-priced. The companies producing these hopefully understand the need for good security, but every one of these devices is potentially a back door into corprote and government computer networks and smart phones through WiFi networks.

Integrated Modular Avionics (IMA) already enables system design that separates applications from a safety perspective This technology can easily be extended to provide security separation, so that data can be protected in the safety-critical ight systems but also made available for transmission to the SWIM system However, regulations and processes need to be updated in order to mitigate the security risk and ensure that procedures are in place to prevent any compromise of safety.

Disruptive cyberattacks, such as distributed denial-of-service attacks, could have new detrimental consequences for an enterprise. If thousands of IoT devices try to access a corporate website or data feed that isn’t available, an enterprise’s once-happy customers will become frustrated, resulting in revenue loss, customer dissatisfaction and potentially poor reception in the market.

The IoT introduces a vast range of additonal complexity in the set of vulnerabilities to commercial aviation. Because these devices will have hardware, platforms and software that enterprises may never have seen before, the types of vulnerabilities may be unlike anything organizations have dealt with previously. This increased complexity within the enterprise shouldn’t be overlooked, and threat modeling will be necessary to ensure basic security principal of confidentiality, integrity and availability are maintained in what will be an increasingly interconnected digital world.

Organizations must also be able to identify legitimate and malicious traffic patterns on IoT devices. For example, if an employee tries to download a seemingly legitimate app onto his or her smartphone that contains malware, it is critical to have actionable threat intelligence measures in place to identify the threat.

Attackers will seek to compromise the supply chain of IoT devices, implanting malicious code and other vulnerabilities to exploit only after the devices have been implemented in an enterprise environment.

The increased demand for new devices and their associate bandwidth and connectivity arising from the IoT will create business continuity risks.

Last update

2017-08-28