NSA: Here’s $300,000, people. Go build us a safer Internet of Things
Maybe we could think about security when designing stuff
The NSA is funding development of an architecture for a "safer" Internet of Things (IoT), in the hope of incorporating better security at a product's design phase.
The controversial US intelligence agency is bestowing a $299,000, one-year grant to the University of Alabama in Huntsville (UAH) for a project that aims to build a lightweight virtualisation architecture which will make it easier to build security into IoT systems before they leave the factory.
A growing number of devices are being internet-enabled, thereby joining the IoT as smart meters, inter-enabled cars, and much, much more.
Unfortunately, little consideration has been given to security at the design phases, so that security flaws from weak authentication, crap crypto and glaring built-in web console flaws have become legion.
As a result, cars have been remotely hacked while home routers have been left hopelessly insecure. The list is extensive, and growing.
Given its history, particularly when it comes to intercepting the supply chain of routers to plant backdoors, it might be tempting to think that the NSA wants to backdoor IoT devices too. But it's hardly worth the effort on kit that is wide open and insecure in the first place.
The UAH's Dielectric architecture aims to incorporate cybersecurity into the product design phase of IoT kit rather than bolting it on as an afterthought.
Experts in embedded systems and automotive systems will come together to work on the project. The approach could have applications in cloud-based systems, according to UAH.
"With the Internet of Things, one expects various 'things' – that is, embedded systems – to connect to the cloud," said Dr Etzkorn, a faculty member at UAH's computer science department. "We are examining security methodologies that can apply both at the embedded systems level and the cloud level."
The academics said the arrival of funds later this month will enable them to take on two graduate student researchers at the beginning of the autumn term and support them through the summer of 2016.
The research team will also include three faculty members from the UAH electrical and computer engineering department as well as two from its computer science department, as explained in a statement on the Dielectric architecture and the NSA grant here.
Third-party reaction to the proposals can be found in a post by Lisa Vaas on Sophos' Naked Security blog here. ®
Sponsored: Becoming a Pragmatic Security Leader