IBM launches new security services for IoT and connected cars
- Earlier this week, IBM announced security services for IoT developers, as well as one for the automotive industry. The two new services should help test the security of connected devices through development to deployment.
- The services come from IBM X-Force Red researchers, and focuses on "testing backend processes, apps and physical hardware used to control access and management of smart systems."
- The IoT service will come with the Watson IoT platform. For the connected cars service, IBM X-Force Red worked with automotive manufacturers and third-party automotive suppliers to develop a practice that they say can help shape the industry's security protocols.
Gartner estimates that 61 million cars will be connected to the internet in some form by 2020, creating what some call the generation's biggest security risk. Hackers have demonstrated an ability to hack into cars and take over critical functions, remotely — so security services dedicated to connected cars is critical and should be considered by cities as they make accommodations for electric and autonomous vehicles.
IBM commissioned a study earlier this year that found that 58% of organizations only test their IoT applications during the production phase. When a distributed denial of service (DDoS) attack last year took down sites like Amazon, Twitter, Paypal and Spotify, it was determined that the attack utilized a botnet made up of IoT devices, showcasing a secondary vulnerability: Not only can IoT devices be disrupted, like shutting off a car's transmission, but IoT devices, if not properly secured, can be used to disrupt.
The recently introduced Internet of Things Cybersecurity Improvement Act of 2017, would require manufacturers selling to the federal government to allow software updates and make them properly authenticate the updates on devices. It would also forbid them from using hard-coded passwords on devices that cannot be modified. In addition to practices like protecting passwords, city governments need to take measures to secure connected devices, lest they be vulnerable to debilitating strikes.