Are you taking IoT security seriously enough?

Metaratings
23 Apr 2015
00:00
Article

The Internet of Things has a security problem. How big a problem it is will depend on how seriously both technology companies and government regulators take IoT security.

That’s the message of this recent essay from Bruce Schneier, security expert and CTO of Resilient Systems, who points out that while a movie-plot scenario such as bad guys hacking into the controls of an airplane and controlling it from the ground – which was highlighted in a recent US Government Accountability Office (GAO) report – is currently unlikely, it’s not impossible. And that will be true of every single “thing” connected to the Internet of Things:

We've already seen vulnerabilities in baby monitors, cars, medical equipment and all sorts of other Internet-connected devices. In February, Toyota recalled 1.9 million Prius cars because of a software vulnerability. Expect similar vulnerabilities in our smart thermostats, smart light bulbs and everything else connected to the smart power grid. The Internet of Things will bring computers into every aspect of our life and society. Those computers will be on the network and will be vulnerable to attack.And because they'll all be networked together, a vulnerability in one device will affect the security of everything else.We can't repeat the mistakes of the early days of the PC and then the Internet, where we initially ignored security and then spent years playing catch-up. We have to build security into everything that is going to be connected to the Internet. We've already seen vulnerabilities in baby monitors, cars, medical equipment and all sorts of other Internet-connected devices. In February, Toyota recalled 1.9 million Prius cars because of a software vulnerability. Expect similar vulnerabilities in our smart thermostats, smart light bulbs and everything else connected to the smart power grid. The Internet of Things will bring computers into every aspect of our life and society. Those computers will be on the network and will be vulnerable to attack.And because they'll all be networked together, a vulnerability in one device will affect the security of everything else.We can't repeat the mistakes of the early days of the PC and then the Internet, where we initially ignored security and then spent years playing catch-up. We have to build security into everything that is going to be connected to the Internet.

Schneier says we need to be thinking about the security aspects of the IoT, and in ways that involve solid and serious commitments to dealing with the problem, both from the technology business side (OEMs, software, network providers, etc) and the regulator side, because the market alone can’t be trusted to get it right:

We've already seen vulnerabilities in baby monitors, cars, medical equipment and all sorts of other Internet-connected devices. In February, Toyota recalled 1.9 million Prius cars because of a software vulnerability. Expect similar vulnerabilities in our smart thermostats, smart light bulbs and everything else connected to the smart power grid. The Internet of Things will bring computers into every aspect of our life and society. Those computers will be on the network and will be vulnerable to attack.And because they'll all be networked together, a vulnerability in one device will affect the security of everything else.We can't repeat the mistakes of the early days of the PC and then the Internet, where we initially ignored security and then spent years playing catch-up. We have to build security into everything that is going to be connected to the Internet.

Of course, ask anyone in the IoT ecosystem and they’ll assure you that they take security seriously and they have security processes in place. And they probably do.

On the other hand, look at all the hyperlinks in that first block quote ...

Related content

Tags:
Comments
No Comments Yet! Be the first to share what you think!