Developments in the smart sector promise to bring with them an exciting mixture of increased technical control and more automated, reliable capabilities for both business and individuals. However, as networks join up systems of systems across the country and the world, new methods of management will be required to take best advantage of the potential positive impact of these technological advancements.
The implementation of new smart technologies and the systems that control them raise new and bigger risks than these systems had when they ran disconnected from each other. Where once we might have had confidence in an air-gapped system, now the inherent interconnection implied by the Internet of Things (IoT) means that our systems may only be as safe as the weakest link. There are two different levels where we need to consider the risk here: personal and national level.
We need to protect the consumer to ensure that their personal security is maintained and the addition of significant smart technology into their home or work environment does not expose them to a level of risk that will be unacceptable to them. Their personal data and property must be protected, so systems must be tested by experienced, independent specialists to ensure they are resilient. At the other end of the scale, the Critical National Infrastructure (CNI) will be more vulnerable than ever before through the proliferation of smart grid technologies if they are not adequately protected from cyber-attack by a variety of innovative electronic security techniques that meet sensible regulations. A new breed of authentication, encryption, validation, malware and firewall software and techniques are needed to combat the Denial of Service (DoS) attacks we can expect (such as the recent suspected attack in the Ukraine).
This will be hard. Budgets are already stretched to meet desired requirements and timescales for IoT-related projects. Expectations are high whilst the public probably do not expect or want to have to pay more for the benefits these technologies will bring. Insurance companies and legal firms are already scrabbling around to understand the implications to the question “if this goes wrong, who will be accountable?”
The key is that we must not see security as optional for these systems; it has to be the first and foremost requirement in the minds of stakeholders at all levels. These systems need to be verified and validated for safe IoT connectivity before being released. The threat is significant and we must not miss our opportunity to ensure that smart implementations are secure at both personal and national levels.
Smart Metering for the UK - Case Study