Security for the Internet of Things (IoT) is vitally important, but challenging to provide. Computerworld’s Kenneth van Wyk pointed to three traits of human nature as obstacles to building security into the IoT: naïveté, ignorance and laziness. He may well need to add a fourth to the list: competition.
The problem, according to van Wyk, is that companies need to position themselves quickly to take advantage of the money that is on the table and the incredible amount of it that will be thrown into the pot over the coming years.
van Wyk says that though we may understand why IoT developers were naïve, ignorant and lazy about some elements of security, it is certainly not forgivable:
They are understandable because product development is fiercely competitive, with companies under intense pressure for their new technologies to be first in the market. The thinking seems to be that once the new product has a strong foothold in the market, they will be able to go back and bolster security. The unforgivable part is that tomorrow never comes — or only comes when some researcher publishes a paper exposing a gaping security hole for all the world to see.
He concludes that overcoming the obstacles is a big challenge, but one that can be accomplished via some substantial steps in the right direction.
Network World’s Tim Greene pointed to advice from Josh Corman, the CTO of Sonatype, in explaining the necessity of engineering security into IoT products as they are developed. Corman suggests steps advocated by I Am The Cavalry, an industry group that he co-founded that is pushing for greater cybersecurity in cars. The apparent potency of what the group suggests is heartening and reaffirms that useful steps are available today:
It encourages: safety from the design phase; encouraging third-party researchers to test systems without threat of legal action; installing data-gathering devices like airplane black boxes to assist forensics; readily downloadable software updates; and segmenting and isolating critical systems from, say, entertainment systems.
The FBI and the Department of Homeland Security are speaking up about IoT security, too. They first offer a 10-item countdown of IoT devices, which certainly shows that the IoT is becoming ubiquitous. Second, they present a rundown of potential “horror stories” of what could go wrong with a lack of IoT security.
Lastly, they provide a useful list suggesting what people using the IoT can do to increase security now. The list includes hosting IoT-based devices on a discrete and well-protected network, disabling the universal plug-and-play setting, and vetting the vendors of IoT devices.
The key to increasing IoT security is to convince people to do the right thing. However, the responsibility for making that happen is shared by three groups: vendors, policy-setting business owners and the public at large.
Carl Weinschenk covers telecom for IT Business Edge. He writes about wireless technology, disaster recovery/business continuity, cellular services, the Internet of Things, machine-to-machine communications and other emerging technologies and platforms. He also covers net neutrality and related regulatory issues. Weinschenk has written about the phone companies, cable operators and related companies for decades and is senior editor of Broadband Technology Report. He can be reached at cweinsch@optonline.net and via twitter at @DailyMusicBrk.