Internet of Things Part 3: Critical Security Issues for The Internet of Things

This is the third in the series on the Top 10 areas to probe when considering the Internet of Things.

security hand rightWhat can be done to safeguard solutions in the Internet of Things? What risks are inherent to smart grids? Mobile health? Smart cities? Are we more or less vulnerable when the Internet of Things is a reality? What are the security issues for the average person?

This is a big deal, and will require a great deal of thought, planning, coordination, and action. 

Some people think this is a big issue. Some don’t. I think the more you look into this, the bigger the issue becomes. Far more people care now about Internet security than they did in the early years of the Internet because of what has been exposed. The Internet of Things is all about scale. We have all been hearing the estimates: 50 billion connected devices by 2020, and some think that is low by a long shot. So we know the number of devices producing information will be large.

Then think of the use cases. Smart cities. Smart traffic systems. Smart cars. Mobile health. Smart grids. This is all completely cool, and certainly has the ability to change life as we know it. But advances in engineering and technology have always been a two-edged sword. With the “power” come the implications of what power can do. Be it a submachine gun, a rocket ship, a laser beam, or breakthrough communications technology, the ability to achieve a better quality of life or greater productivity comes with the requirement to safeguard against improper use of these advances. Certainly the Internet itself currently has spawned a tremendous industry around security, with estimates around $50B-$60B today.

This is a big deal, and will require a great deal of thought, planning, coordination, and action. 

The early signs of the Internet of Things are all around us. The refrigerator with the screen. The smart thermostat. The TV connected to the Internet. The smart meter that the power company installed and the information you received about how to adapt your energy usage to lower your costs without compromising your lifestyle. This is all good, and just a fraction of things inside your house alone. But do you think most people are stopping to ask what operating system is behind the screen on the fridge? Where is the smart meter storing my data? Can someone hack into my TV, my refrigerator, or my thermostat? If so, does that open a back door into my home network, my computer, and my critical and confidential information? And again, this is just the house example. What about the smart traffic grid connected to the smart city infrastructure? Does the electric grid or the water supply become vulnerable? Can my smart car be hacked and controlled, either putting me in danger or exposing confidential information about me? Will the great advances in mobile health translate into my medical information being accessed by the wrong people for the wrong reasons? These are all very real concerns with no so easy answers. Wait, scratch that. They are all easy answers. Yes, these are all vulnerabilities. The implications of these are all bad. In fact, I would suggest they are greater in magnitude and further reaching than most would contemplate (unless you work for the DOD or NSA, perhaps).

While the answer to the questions above about vulnerabilities are obvious, addressing those answers is not quite so easy. Most seem to agree that a set of standards that drive the adoption and implementation of the Internet of Things would be helpful. One such standard is IPv6. The addressability of the Internet is all but tapped out with IPv4, yet that standard has been around forever and is relatively secure in its own right. There are certainly going to be issues exposed with IPv6, but the ultra widespread adoption sure to come will help solidify it. Yet, there are many, many more considerations. And standards bodies or industry groups like the W3C will try to help drive these, but it is unclear if the resulting standards will be industry-driven, or driven by large private companies who see value in getting to a standard quicker. Surely there are examples where this has happened in other industries (like financial services).

The big industry that exists for Internet security is likely to get much bigger, and interest in security will certainly accelerate as adoption of the Internet of Things progresses. As startups rush to get in on the wave, the desire to deliver sexy features and functions quickly to gain market share may usurp the desire to deliver well-thought-out, solid, secure, scalable architectures. In a market-driven economy and with lots of money at stake, that won’t be a surprise. But that will also be unfortunate because, while the value of the Internet of Things should be immense and really life changing, the burden of care is all the higher as a result.

So from my point of view, this is a big deal, and will require a great deal of thought, planning, coordination, and action. 

Download Infobright’s
Exploit the Internet of Things Whitepaper
.

Read the next blog in the Internet of Things Blog Series: Critical issues around governance for the Internet of Things

Leave your Question or Comment