In-brief: In recognition of Internet of Things day, a list of some quality security and Internet of Things focused reads that are both online and free.
A happy Internet of Things Day from Security Ledger. This is the fourth Internet of Things Day and the third annual celebration of all things IoT. In honor (or maybe just recognition) of the occasion, there are MeetUps and other events in many major cities. Check the list out here.
Of course, any discussion of the Internet of Things these days is likely to surface the topic of security and privacy. Indeed: fears about one of the other of those two issues are seen as one of the few impediments to the otherwise gonzo growth of the IoT. As I wrote yesterday, I’ll be chairing a free, online panel discussion of security and the Internet of Things today at 1:45 EST, as part of IoT Live. You can sign up for that here.
But there are other great resources for those interested in the issue of how to bring security to something as vast and unfathomable as the Internet of Things. In honor of Internet of Things Day, I’ve pulled together some must reads (and should-reads) that are both online and free (no trips to Amazon necessary)!
- Internet of Things: Privacy & Security in a Connected World (Federal Trade Commission) (PDF)
The FTC has taken the lead among government agencies in voicing concerns about security and privacy issues in the Internet of Things. In this report, the agency articulates the case for making connected devices secure and building in protections for user privacy.
- The Future of Privacy (Pew Center for Internet and Society and Elon University) (PDF)
As Security Ledger noted at the time, the Pew Report is a fascinating look at attitudes about the Internet of Things from some of the top technologists and visionaries out there. The final report provides a fascinating insight into evolving trends and attitudes about privacy, surveillance and convenience.
- Who should and should not be talking to your fridge? A reflection on the social impacts of smarter hardware in the physical world (Gilad Rosner) (Link)
Rosner is one of the smartest folks writing about the Internet of Things and privacy. In this blog post, he talks about the very tricky issues around data sharing and consent, and the tendency of users to lose control of their personal data over time. “The language of privacy values and the tools of privacy-enhancing technologies must be made available to everyone involved in making devices smart.”
- Industrial Internet of Things: Unleashing the Potential of Connected Products and Services (Accenture and World Economic Forum) (PDF)
The Accenture report makes some important observations about the industrial Internet of Things. Chief among them: that the IIoT will transform businesses from delivering products to delivering what it terms “outcome-based services” that deliver “measurable results” to customers. That could be “uptime” on a factory floor or energy savings or crop yields. Security stands as a monumental challenge to that business model, however.
- Ten Challenges the International IoT Community Needs to Master (Bosch) (Link)
Stefan Ferber over at Bosch does a great job in this two-part blog post identifying some of the high level challenges facing IoT. Among them: security, accountability and governance. Money quote: ” Security in the IoT needs to be as simple as a key that you give to your kid to open the front door, not as complex as millions of keys. Otherwise it becomes more complex to manage the keys than to provide the security itself. “
- Internet of Things Security Audits (Various)
A number of firms have conducted auditsofIoT products with similar results. They give us a good sense of some of the common problems afflicting connected devices today. Among those worth reading are:
- Device Democracy: Saving the Future of the Internet of Things (IBM) (PDF)
IBM’s paper provides some of the most interesting insights into how to build trust at scale for the Internet of Things. From the paper: “The greatest challenge is not in simply building a decentralized IoT, but one that can scale universally while maintaining private, secure and trustless transactions.” In other words, IBM notes, the IoT represents “a case of billions of players, not all of which can be trusted – some even malicious – with a need for some form of validation and consensus.”