The Biggest Problem with the Internet of Things
If you’ve noticed a trend in tech blogging lately, (aside from talking non-stop about the Apple Watch), it’s the phrase “Internet of Things”. The Internet of Things (IoT) is a nice fancy term for the various embedded computers in, well, things. This means thermostats, cars, medical equipment, even recycling bins. It’s the hottest new catchphrase on the lips of every tech blogger, and we’re going to talk today about the biggest problem facing this new brand of computing: Security.
Okay, so what’s wrong with the Internet of Things? Does my live-tweeting toaster need to be secure? The short answer yes, the long answer is the rest of this blog post.
1. The Internet of Things poses unknown security risks because they haven’t plain old existed before now.
It’s hard to know how to secure something when that something didn’t exist until last month. You can’t know what threats are targeting a device when the threats haven’t even manifested. That means when you’re building a brand new device (like a tweeting toaster) you have to take a guess at what could possibly go wrong; meaning the system will be insecure from the start. Even the best guesses are not always 100% on target.
“In the absence of this research, organizations will be forced to make substantial architectural decisions without sufficient data to understand the risks and identify appropriate mitigations,” – Cloud Security Alliance executive Luciano Santos
The difference between the IoT Security and plain ol’ Internet Security is that we have had a long time with the internet and know a lot of attack patterns that hackers use against machines. Plus, common types of malware, viruses, and other attacks are well documented and easy to defend against when you’re building the system from the outset.
Why should you care if hackers can screw up your tweeting toaster? Worst case scenario, they’ll tweet ads for Chinese pharmacies, right?
2. The Internet of Things poses bigger risks because there are bigger consequences.
They could tweet ads about weight loss pills, or they could burn your toast. The bigger problem with security on these devices is that where you could lose data from a PC attack, if your thermostat gets hacked, you could have a sleepless night because the malware turned off your air conditioner (or they could keep the air conditioner always on and then you’ll lose sleep over your power bill). In a more topical case, if your self-driving car happens to get hacked, what’s to stop it from crashing with a car in the next lane? This is obviously a real concern because when polled on the IoT “85% of Americans have concerns about the increased risk to breach of security/privacy, while 70% feel it would have a negative impact on daily interactions.”
Before, these types of objects had no real threat because they were not connected to a wider network, but now that they are on the same internet as millions of other people and devices, it opens them up to attacks. Things that you never thought of as a device needing an antivirus suddenly do; how many people have anti-virus running on their computers right now? How about your refrigerator?
3. Security has always been an afterthought
On the regular, old, boring Internet, Information Security came up as a solution to a problem instead of an initial consideration. That cannot be the case for the IoT . “The NSTAC determined that there is a small—and rapidly closing—window to ensure that IoT is adopted in a way that maximizes security and minimizes risk. If the country fails to do so, it will be coping with the consequences for generations.”
If we take the same approach as we did to the regular internet of patching holes in the dam instead of making the dam less prone to holes, we’re going to have a bigger problem. The initial internet was only supposed to be a small experiment, but it blossomed into a worldwide network connecting hundreds of millions. With the IoT, we know well ahead of time the impact it will have on our world. It’s up to us to make sure that we keep security in mind as we build, or we’ll have a disaster on our hands later. As always, thinking ahead prevents a lot of needless work later.
Let’s keep security in mind to ensure the utopia of tweeting toasters will be just that, instead of the dystopian future of burnt toast on malware robots in my kitchen!