In my first blog for the ManySecured project the scenes from the great battle of Helm’s Deep in the Lord of the Rings have a special significance. For many of us rely on our homes as our refuge and place of safety away from the problems of our world where we can relax and enjoy the good things of life with family and friends. Similarly in the story of the Lord of the Rings, King Théoden escaped the oncoming armies of Saruman to Helm’s Deep, sure that none could overcome the Hornburg’s fortress walls. But there was ‘a culvert’, a drain which the armies of orcs found and ‘crept in’. The great leader, Aragorn reports, “They have a blasting fire and with it they have taken the wall.” But like Aragorn we can say, ‘Nonetheless day will bring hope to me. Is it not said that no foe has ever taken the Hornburg, if men defended it?‘ This bears repeating, it is a call to us all. The word men referred to mankind in general, in those days and it is everyone’s duty to respond.
Why this story? It is embedded in our popular culture both in books and movies. With respect to IoT Security, it is now widely reported that routers are one of the most targeted and infected IoT devices. According to Symantec routers make up 75% of all attacks on IoT devices in our homes and small businesses. The risk they present is similar to that ‘gaping hole in the fortress of Helm’s deep and the armies of orcs parallel the ever-increasing numbers of cyber criminals and fraudsters who target our internet connections.
The World Economic Forum’s Global Cyber Security outlook for 2022 reports, “88% of respondents indicate that they are concerned about cyber resilience of SMEs in their ecosystem” . The criminals continue to look for the easiest targets even if other crimes have decreased, our internet defences are under higher attacks than before as more devices are added to our home networks.
BEHAVIOUR: What are your IoT devices doing in your home? – Our manysecured project highlights that webcams, Alexas and lighting systems are connected to your router. So, you rely on your security systems a bit like Théoden thinks the walls are secure only to find they aren’t. The very webcams you use are passing information to criminals which they can use to steal your credit card information. We think the router actually protects our home. Then we have a problem with the devices themselves, so many lack any decent level of security. We don’t even know how many IoT devices we have and certainly what they are capable of doing. A really important part of the ManySecured project is to describe the devices and the claims they make about what they do. The prototype solution can then manage the risk by identifying unusual behaviour in our networks. An alert can be sent to the router such that a webcam or an Alexa which is not acting according to correct procedure can be quickly isolated by ManySecured.
In the past two years many project partners have contributed their expertise to ensure there is now a working prototype which we are keen to test and develop further. To me it is like the many heroic and different groups in the Lord of the Rings who battle on despite ‘the hate’ and respond to the words of the hobbit, Samwise Gamgee “There’s some good in this world, Mr. Frodo, and it’s worth fighting for.”
Together with NquiringMinds , University of Oxford , Cisco and BT, the IoT Security Foundation has been collaborating on an Innovate UK project to improve this situation and reduce the risk.
Our call for action this month is to gather forces and meet to secure the gaping hole in router security and prevent more dark forces entering the fortresses of our homes and small businesses.
We are running our first hands on workshop on May 17th in London, at which you can see some of the solutions. We are looking for Internet Service Providers, Router vendors and Semiconductor engineers to join us and bring your IoT device! I know many colleagues will be concerned about the risk to the consumer and small businesses. SMEs represent about 90% of businesses and more than 50% of employment worldwide (World Bank figures). Many of these lack the network security teams and solutions to sufficiently reduce IoT risk and so our work is of crucial importance.
James Willison, Project and Engagement Manager, IoT Security Foundation
