M2M Security: Are There Issues?

Sales of smart phones have bucked the economy and smart utility meters are entering millions of homes, so valid security concerns are emerging. Smart phones, for example, have open operating systems, which means that they are vulnerable to viruses. For example, German researchers have found out how to jailbreak your iPhone and reveal passwords in six minutes. However, security isn't a big issue right now for most Business-to-Business (B2B) applications.

These apps involve devices that perform relatively simple tasks on proprietary platforms. Simple tasks equate to minimal code, so the hacker doesn't have much to work on. There's no B2B M2M malware out there. It could be created, but it would take a long time and why would anybody want to hack into a B2B application when the only impact would be to crash the devices?

That said, there are solutions that are more intelligent at the device level, e.g. the application allows decisions to be made at the local level. In this case the embedded modules employ powerful processors in order to perform more complex tasks and complex tasks equate to more code that can be manipulated by hackers to perform a different task, e.g. reveal valuable information. This means that robust M2M security can only be realized when the communications link is encrypted, i.e. when there are security mechanisms on the devices and the central computers.

Another issue comes from the fact that mission-critical M2M applications are increasingly being integrated with the mainstream business processes of large enterprises and organizations. In time we can therefore expect the emergence of solutions that meet ISO (International Organization for Standardization) 27001. This is the "umbrella" standard that sets the ICT security bar. It entails compliance within many business aspects such as equipment, software and overall processes.

Conclusion: security has not been a major issue for the industry so far, but it is a moving target. Moreover, when M2M data becomes part of an enterprise's management information systems, solution providers will need to demonstrate their total commitment to hardened security.