Mariana Hentea - Building an Effective Security Program for Distributed Energy Resources and Systems

IoT devices are being used to monitor and control the mechanical, electrical, and electronic systems used in various types of buildings (e.g. public and private, industrial, institutional, or residential). Home automation systems, like other building automation systems, are typically used to control lighting, heating, ventilation, air conditioning, appliances, communication systems, entertainment, and home security devices to improve convenience, comfort, energy efficiency, and security.

Monitoring and controlling operations of offshore wind farms is a key application of the IoT [IoT 2015]. IoT applications have greater scope and flexibility, when they are able to interact not only with objects in other scenarios and domains but also with real and virtual entities.

Several significant obstacles remain to fulfilling the IoT vision, chief among them security [Roman 2011]. One aspect is that IoT technology is being developed rapidly without appropriate consideration of the profound security challenges involved including the regulatory changes that might be necessary. In particular, as the IoT spreads widely, cyber attacks are likely to become an increasingly physical (rather than simply virtual) threat.

IoT developments point to future threat opportunities and risks that will arise when people can remotely control, locate, and monitor even the most mundane devices and articles to the extent that everyday objects become information security risks. Appliances such as refrigerator may be hacked and used to send spam messages [Starr 2014]. Although email application has not disturbed the power grid, it is wise to think about the danger of using a smart appliance as a platform for launching cyber attacks on Smart Grid systems.

The IoT technology is not only a human tool; instead it should be considered as an active agent because it already influences moral decision making, which in turn affects human agency, privacy, and autonomy. There are concerns regarding the impact of IoT on consumer privacy, because the Big Data focus on collecting everything and keep it around forever will have security impacts.

The IoT devices could distribute those risks far more widely than the Internet has to date. Massively parallel sensor fusion may undermine social cohesion if it proves to be fundamentally incompatible with Fourth Amendment guarantees against unreasonable search [SRI BI 2008].

The IoT and Smart Grid technologies will together be aggressively integrated into the developed world's socio‐economic fabric with little, if any public or governmental oversight [Tracy 2015]. Therefore, the technology needs to gain consumers' trust due to privacy concerns [Bachman 2015]. However, more regulations for the manufacturers may benefit the protection of the consumers.

Perceived as creepy new wave of the Internet [Halpern 2014] or as a disruptive technology [SRI BI 2008], in order to have a widespread adoption of any object identification system, there is a need to have a technically sound solution to guarantee privacy and the security of the customers among some other issues [Ishaq 2013]. The challenge is to prevent the growth of malicious models or at least to mitigate and limit their impact [Roman 2011].

IoT applications are impacted by the security features that should make attacks significantly more difficult or even impossible [EC‐EPoSS 2008]. The selection of security features and mechanisms will continue to be determined by the impact on business processes, and trade‐offs will be made between chip size, cost, functionality, interoperability, security, and privacy.

Some argue that is imperative that companies and governments need to capture these trends to ensure that the IoT is recognized as useful [EC‐EPoSS 2008]. In addition, education and information are critical for the success of the IoT technology because privacy concerns about the misuse of information are high and final users do not clearly see the advantages and disadvantages of the widespread adoption of this technology. IoT security is not only a spectrum of device vulnerability but also unique security and privacy concerns of systems using these devices.

Another recommendation is that effective and appropriate security solutions can be achieved only if the participants involved with these devices apply a collaborative security approach as described in [IntSoc 2015b].

A number of potential challenges may stand in the way of the IoT vision – particularly in the areas of security; privacy; interoperability and standards; legal, regulatory, and rights issues; and the inclusion of emerging economies [IntSoc 2015a]. As concluded in this report, there is a need to address IoT challenges and maximize its benefits while reducing its risks.

From a broader perspective, the IoT can be perceived as a vision with technological and societal implications [ITU‐T 2012]. While such extreme interconnection will bring unprecedented convenience and economy, there are many challenges in terms of security and privacy risks that require novel approaches to ensure its safe and ethical use [Roman 2011]. Due to the complex nature of connected devices, their integration with other services, and the general insensitivity of hardware engineers to security issues, security is a technical and a cultural problem that regulators have little power to directly enforce. To make matters worse, even though the US Federal Trade Commission (FTC) recognizes the problem, it can do little to protect consumers as the IoT grows [Clearfield 2013].

While IoT technology can benefit several stakeholders, if the proper technology standards and policies are not in place, the backlash could easily stifle innovation [Palermo 2014].

Over the next 10–15 years, the IoT is likely to develop fast and shape a newer information society and knowledge economy, but the direction and pace with which developments will occur are difficult to forecast [Santucci 2010]. In order to reap the full benefits of such a technological disruption, resolutions are recommended to address these challenges in Europe [Santucci 2011]:

Mobilize a critical mass of research and innovation effort for the creation of new products, processes, and services.

Develop a new definition of privacy for a changed world.

Protect the different building blocks of the IoT, considering how these blocks will work together and what kind of interoperable security mechanisms must be created, and to assure a certain level of security during the cooperation among IoT multiple actors, especially human beings, machines, and objects.

Develop ethics for the IoT by promoting an important dialogue between computer scientists and the broader public and by bridging the digital divide between those with access to technology and those without.

Another challenge is the big data trend. The IoT connects everything with everyone in an integrated global network. People, machines, natural resources, production lines, logistics networks, consumption habits, recycling flows, and virtually every other aspect of economic and social life will be linked via sensors and software to the IoT platform, continually feeding big data to every node – businesses, homes, vehicles – moment to moment, in real time. Big data, in turn, will be processed with advanced analytics, transformed into predictive algorithms, and programmed into automated systems to improve thermodynamic efficiencies, dramatically increase productivity, and reduce the marginal cost of producing and delivering a full range of goods and services to near zero across the entire economy.