Security researchers are also worried about the rapid shift toward digital manufacturing. In May 2013 the Obama administration committed $200 million to an initiative aimed at accelerating the development of advanced manufacturing—meaning more machines, devices, sensors and smart nodes of every kind connected both to one another and to the Internet. Every one of those systems will be as vulnerable as their weakest link. It is not hard to imagine that a virus, inserted via a weak link, might reprogram a production line to produce components that are designed to fail, with potentially catastrophic consequences in industries as diverse as aerospace, health care, automobiles and construction.
To date there has been little focus on how to secure the Internet of Everything, even as it is being deployed at a swiftly accelerating rate. Many of the devices, sensors and other nodes already in the field are about as secure as a wet paper bag. For the Internet of Everything to be acceptably hack-resistant, manufacturers must adopt a set of principles that include “security by design”—systems where the software has been designed to be secure from the ground up. They must ensure that any device attached to the Internet of Everything is capable of adapting in real time to emerging threats. There is also an urgent need to develop truly global security and trust frameworks for intelligent objects—the Internet of Everything knows no borders. And just as the verification of personal identity is crucial for many of the things we do on the Web (such as banking and shopping), the intelligent objects that make up the Internet of Everything must also have a foolproof means of digitally exchanging authenticated claims about their identity.
In manufacturing the only real way to secure the supply chain is to monitor it from end to end—a Sisyphean task in a world where components are sourced diversely and globally. The first major attack on a developed world manufacturing facility will probably lead many companies to rethink their outsourcing strategies. The growth of 3-D printing may help those firms bring component manufacturing back “in house,” thus decreasing supply-chain vulnerability.
Companies will also need to focus far more on containment. Although most corporations have built security perimeters, any adversary who breaches that perimeter can roam free. As machines and devices become more interconnected, companies must ensure that any attacker who penetrates part of a network cannot roam. That means authenticating machines and people, and isolating systems so that a soft target does not permit access to high-value assets.
None of these security measures will stop a determined attacker. But given the vast potential of the Internet of Everything to transform our lives for the better, baking in security from the outset is the only realistic way forward.