Picking up on the conversation from my previous post, the Internet of Things continues to pose challenges for many manufactures as they now have to think about network security for new versions of their products.
One of the worries about the future of the Internet of Things (IoT) is that many of the manufactures that are now working to develop IoT devices haven’t had to think about network security for previous versions of their products.
What makes IoT such a fascinating area is the huge diversity of things that could be considered a smart IoT device: fitness bands, nanny cameras, door locks, TVs, lightbulbs, coffee makers, personal medical actuators, home appliance sensors, transportation actuators, and weather sensors to name just few. The real hope is that these devices will work together and make our lives and the management of our lives easier and tailored to our own needs.
One thing we know for sure about the future of the IoT is this: securing IoT devices requires thinking about exactly the same things we have had to before for wireless routers, handhelds, laptops and desktop systems.
- Authentication to them
- Authorization of the transmission of data
- Encryption of sensitive data at rest and in transit
- Privacy and confidentiality with regards to security standards
- Maintaining updates
- Monitoring the physical security of devices
- Administration of the devices
The worrisome part of the future of IoT is that manufacturers are being pushed to release products as soon as they can so they don’t get left behind. Historically, that means that important security issues haven’t been properly planned for or tested which means they can be ripe for a whole new wave of viruses, denial of service attempts and other malware as well as taking unauthorized control of the devices. IoT device manufacturers are going to need to perform “red team” analysis to help determine how the devices can be abused in unforeseen ways, and what the consequences would be.
The future of IoT is bright with never seen before levels of access to data with devices across an amazing level of diversity. The fear is that this explosion of access may happen before the security of these devices is fully understood.
Brad Johnson is Vice President of SystemExperts Corporation and has been a leader of the company since 1995. He has participated in seminal industry initiatives including the Open Software Foundation (OSF), X/Open, the IETF, and has published many articles on open systems, Internet security, security architecture, ethical hacking and web application security.