by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : July 2014
CYBEREYE BY BRIAN ROBINSON THE INTERNET OF THINGS (IoT) is coming, and there s no doubting its potential. Government IT managers don t care that your fridge can tell your smartphone what you need to buy next, but they do appreciate that advances in connectivity and data collection will en- able major improvements to services that government provides citizens. Those improvements will come from linking the embed- ded computing systems that drive much of the country s infrastructure and that outnumber the more famil- iar servers, PCs and laptops many times over. But it poses a massive security problem. Market researcher Interna- tional Data Corp. sees strong growth for the IoT in a num- ber of areas over the next few years, including government. It projects a 7.2 percent com- pound annual growth rate in environmental monitoring and detection through 2018, for example, and 6.3 percent CAGR for public infrastruc- ture assets management. Other large growth areas are public safety, emergency response and public transit. "For IT, typical drivers for this growth are cost and time savings," said Scott Tiazkun, senior research analyst for IDC s Global Technology and Industry Research organiza- tion. "There s the convenience factor in having all of these sensors in many places that automatically send data back versus having to send a per- son out to do a reading, which also decreases the chance for errors." Typically, however, these kinds of embedded systems have been built with cost and performance in mind and not security. Now that they are also becoming more intercon- nected, that vulnerability has become increasingly attrac- tive to attackers who want to disrupt public services. The Department of Home- land Security says many of the public infrastructure sites that have recently been successfully attacked were in- su ciently protected, and at times administrators weren t even aware they needed to be secured. Some parts of the govern- ment are keenly aware of potential security problems. Embedded computer systems play a part in just about every area of military technology, for example, and the Defense Advanced Research Projects Agency started its High Assur- ance Cyber Military Systems program in 2012 specifi- cally to create technology for embedded systems "that are functionally correct and satisfy appropriate safety and security properties." Fortunately, it seems the security industry has begun to take notice of the needs of the IoT, though it s debatable how far traditional IT security systems and techniques can be made to work for embedded systems. But tools specifically aimed at this market are be- ing developed and some are already out. Computer scientists at the University of California, San Diego, have developed a tool that allows hardware design- ers and system builders to test for security as they build their devices, for example. It tracks a system s security-specific properties and makes sure they stay secure (See box). On the software side, Real-Time Innovations has introduced what it claims is the first secure messaging software for critical indus- trial systems. Its machine- to-machine communication doesn t need the centralized brokers or system administra- tors required by traditional IT security, which ensures the low communication latencies needed by such systems. These tools, and others like them, will be needed. Embed- ded system security is still an unknown territory for many government organizations. As the IoT becomes a reality, that could put a lot of public systems and infrastructure at risk. • 12 GCN JULY 2014 • GCN.COM RESEARCHERS HAVE TOOL TO HELP SECURE IOT Small embedded computer systems built around microcontrollers are becoming more common as device makers look for ways to connect to the Internet of Things. But the devices, including medical instruments, cell phones and smart grid technology, remain vulnerable to security breaches. Now a group of computer scientists at the University of California, San Diego, have developed a tool that lets hardware designers and system builders test security. The tool is based on the team's research on Gate-level Information Flow Tracking, or GLIFT, which tags and then tracks critical pieces through a hardware's security system. Researchers say the tool can detect security-speci c properties within a hardware system, such as ensuring that a cryptographic key does not leak outside a chip's cryptographic core. And in some types of hardware, one can determine a device's cryptographic key based on the amount of time it takes to encrypt information. The tool can detect these timing channels that can compromise a device's security. -- Brian Robinson Tools to tighten the Internet of Things