Industry Trends

M2M Attracts Enterprises, Risks and All

By Stefanie Hoffman | July 30, 2012

Machine-to-machine (M2M) communications applications are working their way beyond traditional utility, traffic control and telemedicine industries, as enterprises search for ways it can benefit their businesses despite some real risks.

ZDNet's Tim Lohman recently penned an article about how the automated communication of data between connected devices, M2M, is envisioned more and more by CIOs as delivering real value, cost savings and innovation in management.

Lohman says now that networking equipment (a simple SIM card or RFID chip, in the case of M2M) and wireless carriage have dramatically decreased in cost, and wireless coverage, speed and capacity have increased enabling connectivity to be embedded into the things we use in our day-to-day lives. This, he says, translates into new business intelligence, operational efficiencies and revenue-generating opportunities.

And, it's attracting interest. A variety of M2M market numbers forecast there will be up to 50 billion embedded mobile devices worldwide over the next 15 years to 20 years. Along with the promise and projections, however, comes risk.

Fortinet addressed the M2M risk issue in a late-2012 report about the top security risks for this year. The report notes that "while the practical technological possibilities of M2M are inspiring as it has the potential to remove human error from so many situations, there are still too many questions surrounding how to best secure it."

Fortinet's report predicts 2013 will see the first instance of M2M hacking -- most likely in a platform related to national security, such as a weapons development facility. The report goes on to explains this will likely happen by poisoning information streams that transverse the M2M channel -- making one machine mishandle the poisoned information, creating a vulnerability and allowing an attacker access at this vulnerable point.

In a recent blog exploring M2M as the next big "Internet Security Threat," Anthony Cox of Juniper Research writes, "Word on the street is that during the Queen's London Jubilee celebrations, a hacker sent continuous messages to the M2M-enabled security cameras covering the event (known as pinging)." He surmises it might have meant, on the day when security could not be more important, key security infrastructure was rendered useless. Thankfully, he says, security on that day was not put to the test.

However, it raises an important point: Consider that M2M modules are going into power stations, meters, vehicles and just about every kind of object imaginable.

"It only takes one security breach to result in, well, who knows what?" he ponders.

There's little evidence that suggests M2M is being actively targeted by the hacker community, notes Cox, but as the service offering becomes more sophisticated and as more intelligence resides at the module level, the threat level will rise. At the same time, top-tier M2M service providers and specialists are on top of their games. Encryption, he says, is becoming an integral part of the M2M roll out. Programming interfaces are protected by security software, and there's increasing innovation when it comes to best security practices in the M2M environment.

Older systems and environments could still be vulnerable, says Cox. As with any area of Internet security, it's a question of remaining one step ahead -- because more intelligence and sophistication correlates to increased vulnerability and risk.

Join the Discussion