Many industries, including critical national infrastructure (electricity, gas, water, etc.) and manufacturing firms, rely heavily on computer systems, networks, control systems, and embedded devices to provide safe and reliable operations. These networks can be complex and are often bespoke to the types of product these industries may provide. In recent years we have seen a significant rise in malicious attacks against such systems, ranging from sophisticated intelligent attacks to simple tool-based delivery mechanisms. Additionally, connected physical devices, home automation appliances, and wearable devices are all part of IoT. All of these have two major things in common: firstly, seamless connectivity and secondly, massive data transfer (another example of Big Data). These devices also bring with them, vulnerabilities, significant cyber security threats and the potential for sensitive data breaches.

Common security issues such as data that is not encrypted (in transit or at rest), insecure protocols, and inadequate authentication mechanisms are among the significant factors that leave devices open to security breaches.

IoT covers such a broad range of technology that it is hard to differentiate between IoT and any other form of technology. Broadly speaking, IoT encompasses automated technology that is connected to the Internet, but surely every form of technology has some form of automation and either has or can be connected to a network? Where does the line get drawn; this is a perfect example.

For those interested, here is a link to my recent IoT Forensics presentation for the BCS Cybercrime Forensics specialist group.