Cisco Extends Internet of Things Security Challenge
Cisco's contest for Internet of Things security proposals has proved so popular the vendor is extending the original June 17 deadline to July 1.
Send to Kindle
Cisco Systems Inc.’s contest for Internet of Things security proposals has proved so popular the vendor is extending the original June 17 deadline to July 1.
Cisco’s IoT evangelist Jeff Aboud said the vendor pushed out the deadline for its Internet of Things Security Grand Challenge in order to let interested developers complete their best work. “Thus far, we’ve had dozens of wonderful submissions and they’re still coming in,” Aboud said in a blog post announcing the extension. “After all, we all benefit by ensuring that the things we connect are secure.”
Cisco Systems has a vested interest in keeping IoT on its heady adoption curve, hence the contest to spur innovative solutions to secure the M2M systems at the heart to the technology area. Cisco has put up $300,000 in prize money for awards of $50,000 to $75,000 for up to six recipients.
Cisco’s team of security experts will evaluate proposals based on feasibility, scalability, performance and ease-of-use, as well as technical maturity and ability to span multiple vertical industries like manufacturing, transportation, health care, oil and gas exploration and smart power grids.
“In the health care sector, it’s easy to imagine how Internet-connected devices and systems are revolutionizing patient care,” said Chris Young, senior vice president of Cisco’s Security Group. “In the transportation sector, technologists are already connecting vehicles and their subsystems to the Internet. It is also, unfortunately, too easy to imagine how these world-changing developments could go terribly wrong when attacked or corrupted by bad actors.
“With the IoT as a significant part of the larger Internet of Everything [Cisco’s term for the space] market transition that brings together connected devices with people, processes, and data, it’s even more imperative that we ensure the things we connect are secure,” said Young. “The Internet of Things Security Grand Challenge offers visionaries, innovators, and implementers the opportunity to define a future of a secure IoT.”
Contestants and interested observers can keep tabs on the progress of the contest and prepare their own submissions at Cisco’s IoT Security Grand Challenge website through the new July 1deadline. Winning solutions will be announced and showcased at Cisco’s Internet of Things World Forum in Chicago on Oct. 14.
The security challenge addresses a top-of-mind problem for potential users and interested partners nibbling around the edges of the vast IoT opportunity: Internet-connected machines are expected to number some 200 billion by 2020, according to IDC Corp. At that rate, automated machine-to-machine (M2M) transactions will vastly outnumber traditional human-to-computer transactions. Cisco claims the market for these hyper-connected devices will top $19 trillion in the next eight years, but those figures could be at risk if security gets short shrift and the devices become unpatched, unmonitored badlands for hackers and cybercriminals.
Security the Internet of Things is gaining mindshare with many in the security community, even sparking its own one-day conference, called Security of Things or SECoT, an event that featured a number of well-known security experts including Sonatype CTO Joshua Corman and Dan Geer, the noted security expert and technology advisor to U.S. government intelligence agencies who now serves as CISO for In-Q-Tel.
“As we bring more of this software and connectivity into our homes, we’re inviting the devil into our homes,” Corman told SECoT attendees. “The very things you use to keep bad guys out of your house can be converted to let them in.”
Corman’s message for the breathless IoT advocates who call such security warnings FUD: “Just because it’s scary doesn’t mean it’s not true.”
Case in point: a recent survey by SSH Communications Security and Forrester Consulting found the rise of M2M connections in data centers across most industries has far outstripped the ability of organizations to secure them. The resulting misalignment of security and compliance priorities places these organizations at risk, the survey found.
“Misunderstanding how best to secure M2M transactions — and whose responsibility it is to do so — has placed organizations under significant risk of data breach,” said Tatu Ylonen, CEO of Helsinki-based SHH Communications Security and the inventor of the eponymous protocol that has become the de facto standard for data-in-transit security. “As organizations across all sectors embrace the concept of the Internet of Things, enabling more objects and sensors to communicate to support new business models the need to automate M2M connections is increasingly critical.”
According to the SSH and Forrester findings, M2M processes are in use to some degree in just about every business organization, and 62 percent of those polled say they plan to increase M2M use over the next year. Half are using M2M for logistics management and customer service, and fully half of the financial institutions polled say they use M2M connections for billing. But while 68 percent say IT data security is a critical priority, only 25 percent feel the same way about M2M systems, even those tasked with carrying high-value payloads.
These are issues that will need to be sorted out soon if IoT is ever to realize its potential. They are also issues in which the channel might gain a foothold in this emerging space and take advantage of the opportunities.
“With billions of objects networked all over the world, many of which will reside in insecure locations, security is arguably more important for IoT than it has been for any other technology in history,” said Cisco’s Aboud.