The intersection of IT and IoT.

At the BlackBerry Security Summit last week, Chief Technology Officer at BlackBerry, Charles Eagan, spoke about the convergence of the worlds of IT and IoT.

“The worlds of IT and IoT colliding, sounds very dramatic, but I think we would all admit that we’re already seeing this today with the amount of connected things that we’re looking at,” Eagan said. “The amount of connected devices or things that are coming into all sorts of applications is very, very apparent, so it’s not a theoretical future.”

The microscopic view: the attack surface of an individual IoT device.

“The ‘World of IT,’ large scale software, brings lots of benefits to the ‘World of things.’ New technologies, larger development communities, operational efficiencies, new product features, you know, dramatic use of open source; and this is all good, because it brings functionality quickly.” Eagan goes on to say, however, that the attack surface is significantly expanded due to the increased convergence. He discusses the new risks posed by the interconnection of these devices, saying “the impact of cyberattacks can lead to safety [risks], impacts on production, we’ve seen pipelines and electrical grid, uranium manufacturing, there’s all kinds of examples … But the fact is, these IoT systems are now connected to IT systems,” and that we need to better prepare our security for these devices.

The macroscopic view: the number of devices and attack surfaces coming in the future.

Eagan discusses how the threat landscape has evolved over time, from email threats in the 90’s to software supply chain attacks, Ransomware-as-a-Service, and spearphishing, among others, in the current day, and emphasizes the importance of protecting the IoT future. “I think I would generalize that cyberphysical things may not be getting the top cyber focus. I think the purpose-built connected things are often connected without a deep cybersecurity portfolio. We don’t have cybersecurity standards that are global, or even regional, to define what a cyber-connected device is.” He says that he believes that between the worlds of IT and IoT, solutions are very similar for threats; prepare, prevent, detect, and respond.