Network World’s John Dix hosted a very interesting round table on security and the Internet of Things (IoT). It is a topic that is getting a lot of attention in this blog and elsewhere, and for good reason: Failed security on the IoT doesn’t result just in purloined emails or pirated movies. It very well could end up disrupting pacemakers, interfering with operation of motor vehicles, taking utilities offline and many other equally scary situations.
One potential issue with the current IoT security dynamic is a lack of standardization. When asked whether homogeneity of systems is better or worse for the IoT, Ari Juels, professor at the Jacobs Institute at Cornell Tech (and former RSA chief scientist) responded that it is better for the success of the IoT, but worse for the security of the IoT:
In the early days of networking you had extreme heterogeneity of protocols and it was the convergence of those protocols that created the security problems and the security industry we have today. Similarly, we’ve been doing IoT-type things since the ‘80s with an alphabet soup of protocols. With IoT we will see the same thing; we’ll have a convergence at some point to a more homogenous environment and that’s going to cause the next security crisis.
It’s a classic damned if you do/damned if you don’t scenario: If the IoT continues to be comprised of a stew of protocols that don’t communicate (or only do so with great difficulty), it likely won’t reach its potential. However, if standard protocols and procedures are implemented that enable the IoT to realize its promise, the chances for big problems will grow exponentially.
The entire roundtable, which also features Cisco’s Mark Blackmer, Carnegie Mellon’s Patrick Tague and Tempered Networks’ David Mattes, provides a more detailed explanation of the current IoT situation and where it needs to go.
Of course, the best result will be developing and implementing standards that create interoperability, but within the context of a security regime that protects pacemakers, cars, the power grid and everything else that connects via the Internet. Of course, work is ongoing. M2M Now reports on a study by Beecham Research that security along with related disciplines such as device authentication, device management and data management services will generate $3 billion in outsourcing revenue annually by 2020. Security and data management, the researchers found, will account for $1.8 billion of the total.
Very rarely is a finding 100 percent. Usually, there are the minute exceptions, whether it is people who don’t wear seatbelts, have an aversion to disco music or wear shorts in Boston this week. However, a study by HP found that 100 percent of home security devices studied have “significant” vulnerabilities. Help Net Security points out that this class of devices is becoming a key element of the IoT. The story goes in depth on the problems, which include insufficient authorization, insecure interfaces, lack of transports and encryption safeguards and improperly protected privacy information.
In general, it is possible to focus on a single issue too closely. The case of IoT security, however, is an exception: There really is no such thing as going overboard in efforts to create a safe IoT. Vendors and related firms are pouring many millions of dollars into research and development. That’s a very good thing.
Carl Weinschenk covers telecom for IT Business Edge. He writes about wireless technology, disaster recovery/business continuity, cellular services, the Internet of Things, machine-to-machine communications and other emerging technologies and platforms. He also covers net neutrality and related regulatory issues. Weinschenk has written about the phone companies, cable operators and related companies for decades and is senior editor of Broadband Technology Report. He can be reached at cweinsch@optonline.net and via twitter at @DailyMusicBrk.