The security implications of the Internet of Things (IoT) are mind boggling. In many visions, the IoT is deeply enmeshed in the lives of users—even those who are doing their best to steer clear of it. So, the potential for mischief and malevolent behavior is great.
Bruce Schneier is one of the best known electronic security experts and in a Network World interview with Tim Greene, Schneier didn’t pull any punches on where the industry is on IoT security. In response to a question on the practical steps that can be taken, Schneier did the equivalent of throwing up his hands:
There’s nothing you can do. This is very much like the computer field in the ‘90s. No one’s paying any attention to security, no one’s doing updates, no one knows anything - it’s all really, really bad and it’s going to come crashing down.
For folks with short memories, it is worth remembering that the chaotic state of online security almost kept the Web from achieving the vast success it eventually enjoyed. So comparing the security status of the IoT to what existed during that era is damning.
The good news is that folks are finally starting to pay attention. So far, though, the discussion of IoT security has been a bit conceptual. EDN Network’s Richard Quinnell made things a bit more tangible through a conversation with Hugo Fiennes, the co-founder and CEO of the IoT platform company Electric Imp. Fiennes offered three IoT security rules for developers of embedded code destined to serve in the IoT. The requirements are to enable secure remote firmware upgrades, to plan security from the earliest stages, and to budget for IoT security.
It’s also worthy to note that BlackBerry, which seems to have spent the past few years seeking ways to save itself, sees IoT security as its latest road to salvation. The Motley Fool reports that BlackBerry subsidiary, Certicom, is becoming a certificate issuer to device makers who want to connect to the IoT. It seems to be a good idea: Even at its darkest hour, nobody doubted BlackBerry’s security acumen.
Other news related to IoT security includes an advanced story on the DefCon 23 conference slated for August. Computerworld’s Lucian Constantin lays out how the hacker community – as opposed to “cracker community,” which consists of bad hackers – is confronting the issue. The sponsors are creating the IoT Village, which will be built as a showplace for IoT devices to be built, broken and discussed. Independent Security Evaluators (ISEs) will organize the “village,” which was conceptualized after the group’s successful SOHOpelessly Broken router hacking contest last year. The village will deal with the safety of IP-related devices as diverse as routers, network storage systems, TVs and smart cars. Flaws and vulnerabilities uncovered will be reported to manufacturers in order to qualify for prizes.
Carl Weinschenk covers telecom for IT Business Edge. He writes about wireless technology, disaster recovery/business continuity, cellular services, the Internet of Things, machine-to-machine communications and other emerging technologies and platforms. He also covers net neutrality and related regulatory issues. Weinschenk has written about the phone companies, cable operators and related companies for decades and is senior editor of Broadband Technology Report. He can be reached at firstname.lastname@example.org and via twitter at @DailyMusicBrk.