| SAN FRANCISCO
SAN FRANCISCO Nov 19 The rapid spread of
utility meters, medical equipment and even cars connected to the
Internet is drawing scrutiny from regulators and big business
suppliers worried about privacy and security issues.
Though security researchers have shown they can hack into
power meters, medical devices, industrial equipment and even
moving cars, the fragmented market and regulatory structure have
done little to improve defenses against malicious hackers.
Now a number of business used to providing more traditional
Web security are moving into the market, and the U.S. Federal
Trade Commission will hold a public workshop on the subject on
The FTC session will include panels on connected home
devices and cars and feature technology executives, regulators
as well as academics and advocates.
In announcing the workshop in April and soliciting comments,
the FTC asked how such gadgets can be updated when security
holes are discovered and how to weigh privacy concerns against
societal benefits from aggregating data provided by
The Department of Homeland Security has also stepped up its
scrutiny, coordinating disclosures of new research and warning
device manufacturers as well as the general public when flaws
Smart meters are getting much of the attention so far,
because their distribution is expanding rapidly and because the
Obama administration's concern about the impact of a blackout or
other disruption from hacking the power supply.
February's executive order on cybersecurity stressed the
need for critical infrastructure providers including utilities
to work on developing security standards, though they would
remain voluntary without new legislation.
The problems vary by device and by type of business. Many
industrial controls were not designed to be connected to the
Internet and now are. Others have means for "backdoor" access by
vendors that can be discovered and used by hackers. In both of
those cases, access is too easy.
Other gadgets have the opposite shortcoming. Without a
regular, sure-fire way to accept and install updates once
problems arise, the gear doesn't have enough access.
"Everything is becoming connected quickly, but a lot of the
time it isn't being done with security in mind," said Frank
Dickson, a network security industry analyst at Frost &
One of the broadest problems is the inability of many
devices to know exactly what they are communicating with.
Dallas-based Entrust Inc, which already provides
authentication for banking and other websites and physical site
access, has expanded into smart meters and the like, said Senior
Product Manager Chris Taylor.
A potentially much bigger player, telecommunications giant
Verizon Communications Inc said it is joining the market
Verizon, which already offers a variety of Web security
services, said its system would use digitally signed
certificates and remote cloud access to verify that machines are
what they say they are when they connect to each other.
"The potential is in the millions [of instances] for
larger-scale applications," said Eddie Schwartz, vice president
at Verizon Enterprise Solutions. He said Verizon would focus on
the power, transportation and medical industries. "Security is
pretty much of a mess for anything that's not traditional"
Analyst Dickson said Verizon's size and the prospect of
toughened regulations would make Verizon's offer "compelling"
for some customers.