In-brief: Three noted academics and experts on homeland security argue for changes in the way that Internet of Things devices are deployed, and more research on the risks such devices pose to companies and individuals.
Christian Science Monitor’s Passcode has a nice opinion piece on the subject of how to secure the burgeoning Internet of Things. The authors: Michael Papay of Virginia Tech and Frank Cilluffo and Sharon Cardash of The George Washington University raise some common concerns about the security of the Internet of Things – and propose some unconventional solutions, as well. (Editor’s note: I am a regular, paid contributor to Passcode.)
The three, all experts in topics related to defense and homeland security, note that technology advances are far outstripping the ability of individuals and organizations to properly manage that change. Security is one area of tension.
From the article:
“The crux of the problem is that our desire and ability to innovate has so far outpaced our commitment to embedding cybersecurity into the design process. The upshot is that even the most sophisticated entities have historically taken – and may still be taking – more risks than they should when conducting business using devices and networks constructed with parts that aren’t secure.”
In other words: our eagerness to adopt new technologies (and benefit from them) is exposing us in ways that we don’t fully apprehend.
Yes, attacks against car telematics systems are still proofs of concept. And there has yet to be a documented cyber attack causing damage to critical infrastructure in the U.S. – despite many warnings. But the authors note that the conditions for such attacks already exist and that images of such attacks are very much in the popular media, including shows like “24” (or the new CSI:Cyber).
“The time to get serious is now. This means incorporating cybersecurity into the design process, from hardware to software to (forgive the jargon) the interface protocol level,” they write.
One proposal to “fix” the underlying insecurity would be to mandate “shutoff modes that give users optional connectivity choices that default to off upon shipping and self-patch themselves upon activation,” they write.
[Read more Security Ledger coverage of risk.]
They also call on the U.S. government’s National Academy of Engineering to “analyze the tradeoffs between security and capability, in relation to the universe of devices that together make up the Internet of Things” – all the better to understand how to integrate cyber security policy into the commercial design process.