Sitting back in your favorite recliner, a plate of nachos, a drink in one hand, and your cell phone in the other, open your smart home apps, adjust the lights, turn on the surround sound speakers, and settle in to watch the Super Bowl. The heat is jacked up (or the air conditioning turned on) to match the weather in Houston. You may not have been able to score tickets to NGR Stadium for Super Bowl LI, but you’ve made your smart home feel like a small football stadium. What you may not know is that your smart home shares the same information security concerns as that stadium, just on a smaller level.
Smart Home Information Security Issues
The primary issues for smart home security are confidentiality, integrity, and access. Keeping data private means encrypting it and being wary of who knows the information used to access it. Integrity means making sure that the no one has tampered with the information and that the author can be verified. Access means that only certain people can interact with the data, communications infrastructure, and computing resources, but it also means making sure no one authorized is kept away from that information. Unfortunately, the platforms that many smart home devices use are not built to protect from unauthorized access because they rely on applications through the Internet of Things (“IoT”). This puts your home at risk for being used either as part of a cyber attack or as a way to gain access into your private space.
Stadium Information Security Issues
On a larger scale, stadiums have the same issues. All interconnected locations need to worry about confidentiality, integrity, and access. Stadium security can be compromised in several ways. First would be within the public and private wifi connections, just as any wifi can be compromised. Alternatively, similarly to a smart home, the automation of things like power, heat, and media in stadiums creates vulnerability. When a stadium has 100,000 people attending the game, the stakes are much higher than what can happen if an individual home is compromised. With a compromised home, most likely the biggest problem for an individual would be identity theft. A problem, yes, but not life threatening. If a stadium were breached, the people in the stadium might face physical as well as electronic safety risks. According to Billy Rios, founder of WhiteScope, game integrity could be compromised through the manipulation of the stadium’s power, temperature, and displays. In the same way, the game attendees could be manipulated through power and temperature thus compromising physical safety. Non-traditional computing devices connecting through the internet bring with them the same risk as the IoT smart home applications. Instead of being worried that someone will sneak in a weapon, stadium security needs to be concerned that someone outside the venue will use the automations to put people at risk. In addition, the larger scale also means that third party vendor installation and configuration can further compromise the stadium’s security. Depending on how the automation is configured, some areas of a stadium may be more vulnerable than others. In the same way, the wireless router used to connect smart home technology can create a security weakness in your home leading to vulnerabilities. In addition, it’s possible that the applications your smart home technology uses, if not kept up to date, can have vulnerabilities similar to those in the stadiums.
Keeping Stadiums and Smart Homes Safe
According to Mr. Rios, newer stadiums, although decked out with the most up-to-date amenities, are not necessarily using better security controls. Stadiums need to be scanning for unintentionally connected systems and unauthorized configurations because greater automation leads to greater risk. Unlike the physical screenings such as bag checks, cyber screenings do not currently occur. One possible solution is to have cyber pre-screenings to verify attendees. Another option would be to ensure restricted physical access. Marcus Wehmeyer suggested, “One easy way is to ensure physical access is restricted, meaning RJ-4x ports are not easily accessible to fans or are restricted with 802.1x or some other NAC solution. Moving as many services as possible to the wireless network while still maintaining security levels is another way to ensure physical access to the network is harder to gain for unauthorized users.” Yet another solution would be for stadiums to focus on their technology being SAFETY Act compliant.
Individual users need to rely on the developers of their products. Moreover, no current legislation guides the cyber security of these consumer products. Dimitrios Pavlakis, an Industry Analyst at ABI Research, notes, “We see an alarming increase in ransomware in smart TVs and IP cameras, code injection attacks, evidence of zero-day threats, and password eavesdropping for smart locks and connected devices. The current state of security in the smart home ecosystem is woefully inadequate. Smart home device vendors need to start implementing cybersecurity mechanisms at the design stage of their products.” Several larger companies such as Amazon, Apple, Google, Philips, and Samsung have begun including network security, encryption, and communication protocol limitations into their product design phases. By creating these on the front end, smart homes will be less likely to be used as a mechanism for a security breach.
Even when just watching a football game, whether in person or from home, it’s important to keep your eyes on the prize. Keeping your information and your home safe means being aware of the ways in which interconnectedness allows you to have a unique experience while also closing the door to intrusions. In the good old days, your home used to be your castle; now, it is your sports stadium.