Don’t forget the S in IoT!
Without security in IoT – whether designed-in or retrofitted – there will be problems. IoT Fest Bucharest made it clear – there’s never been a better time to move concepts from ideas to prototypes and then push them live into production. But then there is the nasty “s” word. Security.
For me, IoT Fest Bucharest was a fantastic opportunity to meet with the individuals reshaping industries by crafting disruptive products and technologies that solve actual needs. There were for smart cities, maintenance forecasting, manufacturing automation, smart agriculture, and finance – to name just a few.
Regardless of the individual sector, there was an increasing awareness that in the IoT’s rush for the quickest time to market, efforts to enforce data security and protect users’ privacy have been cut back way too often. Putting the security into IoT is a big issue that is just not going away – and that was precisely the focus of my presentation at IoT Fest Bucharest.
Security failure or media hype
IoT security lapses have been linked to some great cartoons and some major shutdowns in the past years. First, the cartoon:
And then there is the reality. IoT security lapses have indeed led to hacked baby cameras, networks of hacked security cameras, and the largest DDoS attacks in history. Yes, there are problems – some annoying and others dangerous due to their scalability. Consumers might well be wondering if the IoT is inherently insecure and start avoiding anything with the IoT label – pushing down the expected sales these devices.
And for the good news
These hacks and attacks of the past year didn’t have to happen. They were not predestined. And most shockingly, they could even have been prevented. And, as I pointed out in my presentation, the Online Trust Alliance found that 100% of reported IoT vulnerabilities could have been easily avoided. The question is how to do this.
How baked in is that security?
Right out of the box, IoT security can be like that on your WiFi router – and that is both good and bad. Are there fixed firmware logins or passwords? Bad sign. Never allow default logins and passwords to go unchanged.
But beyond the box, IoT security is largely hidden from the end user – and this is where the developers, security architects and product fellows alike have a task to do. And, these tasks go deeper than just putting a check on developers To-Do list. These specifics range from changes at the embedded level, booting, communication protocols, and identity management.
Now let’s get back to work
During my talk at IoT Fest Bucharest, I showed why security is key, and how it can be designed-in or retrofitted. In our connected world, we now have access to global information, tools, communities, and markets. The guys there understand the potential this brings. In this nascent playfield, these innovators are combining silicon, algorithms and communication technology to build amazing products that address unthinkable human problems. We just hope they don’t forget to incorporate security into this mix.