Finding Balance on the Internet of Things

The Internet of Things is disrupting long-held notions of privacy, security and safety says Marc Blackmer of Cisco Systems.
The Internet of Things is disrupting long-held notions of privacy, security and safety says Marc Blackmer of Cisco Systems.

In-brief: For all its promise, the Internet of Things is poised to disrupt long-held, societal notions of privacy, safety and security, argues Marc Blackmer of Cisco Systems. 

It is no exaggeration when I say that most of my waking hours are spent writing, presenting, teaching, reading, or peppering my family with factoids (they’re a captive audience) about cybersecurity for the Internet of Things (IoT). The topic is utterly intriguing to me, and why not? How many times a day do you see news stories, blog posts, or conversations about IoT cybersecurity? You’re reading this post, aren’t you?

But for all of the talk of the expanding attack surface, rogue devices, and protecting ourselves from cyber threats, there is proportionally little discussion about being secure – beyond cyber – and to what lengths we’re willing to go to achieve that security. In other words, the focus is most often on the technology and very rarely about the societal aspects that dictate what we wish to protect and how we choose to protect it.

[Read more of Marc’s articles and opinions here.]

We are in the midst of a social (r)evolution with the Internet of Things a major driver. Think of how our views on privacy have changed with the proliferation of social media. For those of us born before the 1990s, we are often shocked by what teenagers and young adults are comfortable sharing on social media. I’ve heard pre-teens asking, “Is that going on Facebook?” after a parent has taken a quick photo or video. The idea that moments from one’s life will be accessible to almost anybody in the world has become not just acceptable, but inevitable.

At the same time, we are bombarded with stories of purloined personal information. Personal data is a profitable source of income for identity thieves. I don’t see any abatement in personal data theft any time soon. The fact is: there is very little control the public can exercise over their personal data when it resides with a third-party provider like Google, Amazon or Microsoft. We can only trust that those who have our data will protect it appropriately. And that is cold comfort, indeed.

Marc Blackmer, Cisco Systems
Marc Blackmer is a Product Marketing Manager for Industry Solutions at Cisco Systems.

Our personal devices are one place we can control our privacy. There is a plethora of tools built into- or added on to computers and mobile devices that can keep our data secure.Used correctly, these tools can make it virtually impossible for a third-party to read your personal information. The problem is that these tools take some level of sophistication to use properly – and often lots of sophistication. Even for those in the know, simple tasks like encrypting an email message can be complicated, making security lapses common and undermining the promised protections of the technology.

The other side to this coin is that privacy technology is agnostic. Criminals and terrorists can make use of these same tools to hide their criminal activity. Law enforcement may then find themselves in a situation where they are not able to prevent a tragic event from happening and/or unable to access evidence that would allow them to prosecute suspected criminals.

What should we do in these cases? Will weaker cybersecurity for individuals improve the overall security for everyone? Do we have a right to privacy in this new paradigm? If so, how much privacy can be considered “safe?” I don’t ask these questions rhetorically. These same questions animate the current stand-off between Apple Computer and the U.S. government and are the basis for proposed legislation on Capital Hill, in the EU and elsewhere. Without wading into my particular position, I would say that these important questions need to be answered by all of us, or a small minority will answer them for us. However, I do believe that we in the cybersecurity community have a duty to be the informed voices on the technical issues and to help educate others, including policy makers and the public.

Regardless of your philosophical position, informed policy decisions will benefit us all. We are at the very beginning of the IoT, and I wouldn’t fathom a guess on how it will look in five or ten years from now. What I will guarantee is that the IoT will continue to be a major force in reshaping our social norms, and if we all don’t take an active role in influencing the direction of that force, we are not going to be happy with the results. And we will have only ourselves to blame.

Marc Blackmer is a Product Marketing Manager for Industry Solutions at Cisco Systems.

One Comment

  1. We certainly can have both privacy AND security, which is why I’m working to proliferate Enhanced Privacy ID (EPID)in the IoT (it’s free). In the current land-grab to stake out the turf in the IoT, developers have to — at a minimum — harden the device. That means, immutable ID, secure boot and whitelisting, if you do nothing else.

    Of course, once you harden the device, the entire ecosystem needs to secure the comms and monitor & manage everything. When you consider that with the IoT you aren’t just securing data, you are securing control (i.e., safety), anything less is a non-starter.