Stranger Things & Educause 2016: The upside down of IoT
If you don’t know about Netflix’s “Stranger Things” then you have missed out. Who doesn’t love 80’s music, Star Wars merchandise (the first time around), all the super cool pop culture references in the script and a weird storyline? I am hooked! But even if you don’t know what the “upside down” is, or the Demogorgon, or who is “Eleven” and why she loves eggo waffles, it doesn’t matter for what I am about to tell you…
Like many people I am fascinated with this show. The decade references, the era's technology, fashion, music and the hybrid of Science Fiction and Steven King-like suspense. And before you ask, yes, I did binge watch it; I was hooked after the first 15mins of the first episode.
You may be saying by now, okay, how does this relate to Educause? Okay so I’m going there... The explosion of mobility and the Internet of Things (IoT) in Higher Education and Netflix's Stranger Things have a lot in common Perhaps I am stretching, but hear me out. Yes, I am technically a fan boy but it’s more than just a play on words.
Recently, I’ve been flying across the US to several conferences where I have discussed a lot about the impact of IoT and new education technologies on IT departments of many higher education institutions -- in particular the unknown cyber security threats they face. So as I am preparing for this year’s Educause Annual higher education tech shindig, I’ve wondered how I can highlight the potential these technologies offer every organizations, but also emphasize the potential threat as well.
IT and Cyber Security features heavily in the CIO issue list shared each year by Educause, as well as improving professional development, and the support needed for data/learning analytics. What is clear is that this list is more and more pointing towards the dilemma every college has on the adoption of latest or emerging education technologies. From impacting student success, increasing enrollment and tuition reduction, etc, the decision to invest in these futuristic strategies, are critical for innovation and future learning environments.
The futuristic technologies that every university must harness in the next 10 years are Artificial Intelligence and Virtual Reality, as we have seen the explosion of Internet of Things (IoT) forcing its way on today’s agenda. These three disciplines are as innovative & revolutionary as they are disruptive and concerning! While AI and VR are still developing themselves into the long term strategies of many organizations, did you know…IoT is already spreading across the higher education environment at a faster pace than expected and is actually already pretty mature in use within the campuses of North America?
This was triggered by students bringing in IoT gadgets and gizmos into the dorms, and connecting them to the network. This was followed by the faculty and facilities evolving the classroom and school buildings, from IP connected security devices, to the transformation of campus A/V systems. Now even the operational elements of a university are dominated with smart connected IoT devices, remote control of instrumentation, sensors and automated components that deliver advantages to everyone. Collectively these things affect the student experience, triggers reduction is operating costs or even vastly improves safety to all constituents of a college.
It's here that my mind wanders into the misty Indiana forest and fictional town of Hawkins, surrounding the fictional characters of "Stranger Things".
This rush to IoT means the Cyber Security strategy of today’s universities is the scary part; it is the creature lurking in the shadows, the Demogorgon living in the "Upside down" in Stranger Things, able to attack in more places than we realize (not a spoiler).
You may think that this is a weak reference (and I am self-indulgent with my geeking) but it is more metaphorical than it looks. In the series, a science teacher explains the existence of multi dimensions in our world. How is it possible that an Acrobat struggles to stay on the tightrope, using balance and fighting gravity, however a Flea, a type of celestial body, can circle the tight rope and defy science. This validates the existence of a dark parallel universe in which the shows Monster lurks, in that upside down dimension. In IoT we too have a darker, dimension that is almost peripheral, on top of the shiny innovative and revolutionary dimension. As we attach more and more IoT devices, ones that are purely connected and those smart connected ones that generate their own intelligent data, we in fact create a web of attack points, like a nervous system, connected back to a central brain. It's this web of devices that needs attention, otherwise the darker nefarious dimension tries to bleed through, make a connection, a portal, a gateway in, and attack. Once a breach is made, the proximity and extent of unsecure IoT opens huge hacking potential, and disruption that many organizations can't begin to respond to, understand or recover from. It is truly scary!
As in the "Stranger Things" storyline, the authorities are focused on the main breach, a portal between the real world, and the "upside down".
But the monster, the Demogorgon, can in fact penetrate the real world; anywhere it has the ability to break through based on certain criteria. This is also true of certain IoT cyber attacks. They focus on unassuming, non threatening devices as a way into the network, for example a wireless thermostat, a HVAC IP controlled coupler, a IP relay on a sprinkler head, a washing machine Access point, a IP enabled door lock, a IP CCTV camera, a IP controlled robot or STEM device... The list is growing. This is why IoT Containment is vital!
Our governing bodies, academic and operational, our non IT executives, need to understand the impact of IoT from both dimensions. The potential for revolutionizing the use of Education technology and student success is astounding, but the threat of inviting cyber attacks is increased tenfold. If a board struggle to see it, or understand it enough to invest it’s important to let them know it is cheaper to prevent an attack than recover from one. If nothing else, then get them to watch "Stranger Things", because it will at least frame the situation in a more entertaining way.
For example, let me explain as if we are in STRANGER THINGS… the users (the various children, the parents of the missing child, the impacted police chief) can see the impact of monster’s breaches from the upside down, meanwhile the Business (let’s say the FBI, research lab people) are focused on the obvious threats such as the power user ("eleven") and the traditional Ingress point for the breaches (The known portal between the dimensions in the secret lab in the forest).
The monster can break through where ever it sees a weaknesses, and away from the authorities, the users are the last line of defense.
IoT is more than just the gadgets and gizmos, just look at Gartner's definition of Internet of Things. The devices are just the tip of the iceberg. It's a framework of technologies, applications, actuators, integrations and even analytical algorithms that automate responses and triggers. All tied to the college’s communication network which naturally meshes them together. This is the blind spot, the weakness, as institutions organically adopt IoT without a major segmentation plan, or a proactive cyber security plan to protect.
Just take a look at the latest Cyber breaches, even as recent as the Dyn server DDoS attack THIS WEEKEND, OPM, Target etc. These were started through weak perimeter device integrity, but quickly escalated to a major hack. Target gave up a connection to an internal network through a non threatening device, which ultimately gave access through a HVAC system to the core, where the hackers were then able to rip sensitive customer data! Higher Education is second in cost per record per breach in North America, and faces daily attacks internally and externally already, and IoT adoption is just started.
So what do we do? Segmentation is not new both from an IT security and the physical networking perspective. But this legacy segmentation wasn't designed for the complexities of supporting mobility and the potential of connecting IoT devices. The segmentation must be more adaptive, controllable and flexible for IoT. If IoT containment is key; using emerging technologies like SDN, SPB and smart network analytics gives Universities support to preempt any attack, and ultimately create an efficient IoT infrastructure.
IoT adoption means the network becomes the first line of defense, complementing all the necessary security solutions that a modern campus utilizes; keeping the monster at bay, and shoring up the whole environment at the same time. The professional development of the IT department is also key, as pressure grows to assure confidence in innovation over the network, especially as the network is seen as a strategic asset. Innovation goals in higher education need to adopt these futuristic technologies to achieve these goals.
It's this promise of a cyber-secure environment that will deliver the confidence to adopt even more IoT, integrate Virtual Reality and leverage Artificial intelligence, and this will define many of the leading universities in the future. The journey starts at Educause -- how to do this and while still supporting the educational demands and delivering the student success, all in a secure robust way.
Unfortunately in our world, there is no "eleven" character who can potentially save the day (small spoiler alert), no super being who has the sick sense to help fight the hackers. SO if you are flying to Anaheim, my recommendation is to download and binge watch "Stranger Things". You never know it may frame your conference experience more than you realize.....