The Internet of Things (IoT) represents a fundamental change in the way our world interacts with the internet. With the endless possibilities this brings, there are new and exciting challenges in data collection and investigation.
If your IoT technology is compromised, ensure that electronic evidence is handled appropriately. Due to the complex, interlinked nature of these networks, the information could be inadvertently accessed and contaminated.
Amend and optimise cyber policies and procedures in order to enable a resilient approach to the IoT and other relevant developments.
|IoT investigations||IoT breaches|
|The IoT represents a significant shift in how we interact with data. The volume of information collected provides opportunities for seasoned forensic specialists to conduct investigations. The data will largely be located outside your own data centres, in the cloud, with third or fourth parties, or on (mobile) devices of employees or clients.||In 2001, Vitek Boden was a disgruntled employee who presided over the Supervisory Control and Data Acquisition (SCADA) systems that managed a local Sunshine Coast council’s sewage infrastructure. He hacked the nodes responsible for the flow of waste through pipelines causing several million litres of raw sewage to flood community parklands, hotel grounds and canals.|
|Develop a standardised platform within your business to ensure the maximum security of your IoT network. Look at what data is critical in terms of security and make sure this is adequately protected.||Boden’s cyber-attack is considered Australia’s first breach on critical infrastructure. In response, the Maroochy Shire Council has spent over $50,000 to upgrade security systems. With the rise of the IoT, many more systems will become similarly vulnerable.|
|Containing an IoT breach is increasingly challenging. A forensic specialist should know that evidence is no longer restricted to a PC or mobile device, but can be found in vehicles, RFID cards, and even in a fridge.||A similar compromise occurred in 2010, but on a much larger scale. Dubbed the ‘Stuxnet’ worm, it was found in millions of computers globally, including traffic systems, power plants and hospitals.|
|A major challenge in the development of IoT technology is the enormous variety in systems used. Consider which systems are most critical to you and understand their structures so that adequate actions can be taken in the event of a breach.||Designed to target the Iranian nuclear centrifuges, it was able to modify the normal process beyond what was safe, yet could tell engineers that ‘nothing was wrong’. The virus destroyed over 1,000 centrifuges and delayed Iran’s nuclear program by 3 years.|
If your systems are compromised by a coordinated IoT cyber-attack, KPMG professionals will be able to examine data from new and unique sources, such as a smart oven.
The hackers will leave evidence of their actions within the IoT systems as they attempt to gain access and exploit more devices. Our experts will create a dynamic incident map and discover the vulnerabilities.
Due to the number of objects involved in an IoT breach, significant technical challenges exist. KPMG can help with navigating these scenarios, assisting in compliance and continuity of evidence.
We can assist with policies, processes and procedures, and test your IoT systems to plan for the future.
© 2019 KPMG, an Australian partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.
KPMG International Cooperative (“KPMG International”) is a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm.