The internet of things is a wondrous vision. Over the last few years, we have invited clever little IoT pixies into our homes, offices, factories and institutions. They watch out for us, perform services for us and generally impact our lives in good ways.
But these clever things are not necessarily intelligent things. Just like little kids, they need to be taught not to talk to strangers and not to believe everything they hear. They must learn to understand the context of the world around them to know right from wrong. If we overload them with functionality, leave them too open or let them come in with malicious ideas latent under cute exteriors, they will do things you don’t want them to do. The consequences can be disastrous.
On Oct. 21, we saw firsthand the impact of giving some of these things a bit too much trust, too much responsibility. A switch in our IoT pixies’ subconscious flipped, and suddenly our favored webcams and video recorders turned into an army intent on sending millions of simultaneous requests for information to a single Internet infrastructure company, Dyn.
Dyn hosts the Domain Name System (DNS), and these devices were unknowingly executing a distributed denial-of-service (DDoS) attack. Because Dyn was flooded with incoming connections, it couldn’t tell legitimate requests from those created by the ad hoc army. Across the U.S., large swaths of the internet became unreachable.
The attack on Dyn demonstrated a known vulnerability in the internet’s DNS system, but the more pressing issue it highlighted was that we exist in a world filled with insecure devices. The reality is, that webcam you bought last week may be ready to flip into attack mode upon receiving a few carefully curated bytes from the right sender. A week earlier, Johnson & Johnson had announced that its insulin devices were hackable. The list of digital vulnerabilities lurking within our homes, vehicles and factories goes on.
So what can we take away from this situation? Here are our recommendations:
- Watch out for unintended consequences: The allure of enhanced convenience services is great, but so too is the potential for trouble. Linking an Amazon Echo to a smart door lock may seem like a good idea, but a burglar could shout from the window to unlock the door. As IoT enables new modalities for device and service interaction, remain vigilant and anticipate how unexpected use cases can undermine your goals.
- Let cloud things help: As we noted, cleverness and intelligence are not the same thing. We can make clever devices intelligent by giving them big brothers and sisters in the cloud. These digital big siblings are worldlier, aware of more context information, savvier about desirable and undesirable interactions and better able to defend themselves. If we treat these big siblings as proxies for our pixies and communicate with them exclusively, we can take some of the vulnerabilities out of the equation. This is the same as the idea of digital twins, where a cloud “avatar” has more intelligence to complete advanced actions, like interfacing with other devices, while local devices limit their actions to the very minimum.
- Build in watchdogs: While our IoT pixies may not have fully developed thinking, their big siblings do. These siblings can learn models for how the world normally behaves and how certain systems respond to input. This awareness lends itself to the creation of a “cognitive supervisor” capable of supervising the pixie, identifying when something isn’t quite right and notifying an adult. If a big brother notices his sister looks sick, he tells his parents. We need this same sort of human in the loop alerting and validation for IoT.
Similarly, the big sibling may use its understanding of the pixie to evaluate inputs prior to execution, creating a “cognitive firewall” of sorts. If a big sister knows her little brother will start bouncing off the walls after eating sugar, she may prevent him from eating a king-size candy bar. Our digital siblings must be able to similarly prevent our IoT pixies from receiving bad data or malicious requests. Turn on a connected microwave for 100 minutes? No way.
- Beware Trojan horses: Consumers and industry must learn to preferentially select hardware and software from trusted vendors. Over time, the nascent field of security standardization and certification for IoT device security will develop more fully. Consumers should exclusively use devices possessing stringent certifications and take care to address existing weak points where possible (e.g., by changing a device’s default password).
While the attack on Dyn was scary, ultimately good will come from it. Heightened consumer awareness of system limitations, newly vigilant developers and novel architectures will help the IoT thrive. The resulting better-designed systems taking security, data privacy and ownership, interoperability, and resilience into account will ensure a bright future for all connected devices and services, so people can continue to reap the benefits from allowing good things into our lives.
Sanjay Sarma is a professor mechanical engineering at MIT. Josh Siegel is a postdoctoral associate in the Field Intelligence Lab at the Massachusetts Institute of Technology. He researches connected systems and their applications.