Pierluigi Paganini June 08, 2016

The potential of IoT devices connected over cloud networks is breathtaking, opening opportunities that will forever change societal culture.

It’s a buzzword that has been around the past decade and has often been portrayed in futuristic visions of a society where man and technology has integrated into one. The potential of IoT devices connected over cloud networks is breathtaking, opening opportunities that will forever change societal culture and interactions.

Take a minute, and imagine this: You’re leaving work after a late night of meetings, and want nothing more than to go home, and de-stress after a long day. On your way to the parking garage, you pull out your iPhone to unlock your car, enter the address of your destination, and it begins to self-drive. As you rest your eyes during this drive back, you are rudely awakened as you suddenly remember that you washed your laundry earlier that morning, but forgot to throw the clothes in the dryer. You pull out your phone and with a tap of a few buttons, your clothes are in its wash cycle again; that’s one check off your to-do list. You think to yourself, I might as well change the thermostat now so that it’ll be warm when I get back. Tap-Tap-done. After an hour of sleep on the smooth drive, you arrive at your house, pull out your phone, and scan your fingerprint to unlock the door. A gentle, soothing voice greets you –

“Welcome home Sarah, I’ve gone ahead and put your clothes in the dryer, and started the water for your bath at 94 degrees. What would you like for dinner?”

The synchronization between technology and man offers a beautiful and convenient vision of a future that only exists in a perfect world. Unfortunately, there is a current halt to the technological progression of society that offers such luxuries which is known as the innovation gap – a deep chasm between a vision and its realistic implementation. That’s not to say that we lack the technological know-how to create the interconnections for devices to communicate with each other, but rather the societal risks is too hazardous for businesses and governments to give the greenlight on developing aforementioned innovations. At the center of this risk is the cybersecurity challenge. If man is to become so dependent on IoT technologies, any disruption to the system will threaten lives, social stability, and productivity. Thus, it becomes critical that controls are in place to ensure the security of the technologies we rely on – and this is where we play our social function as the cybersecurity community. An IoT world is inevitable in the natural progression of a technology-oriented society, but we must first address the policy, technological, and cultural challenges before riding the next wave of business opportunities.

In a recent IoT Security Survey conducted by IOActive (March 2016), 70% of respondents believed that fewer than a quarter of IoT products have adequate security designed in them. Amongst the biggest challenges facing IoT security was Uneducated Users, Data Privacy, and Design. Since the Dot-Com era, a hazardous phenomenon began to infest the culture of the industry: the first-to-market wins. As businesses rushed to push out their product into the market before their competitors, they captured more consumers and funding; the opportunity cost of this was insecure hardware and software that, to now, threaten the privacy and security of end-users.

For many businesses, it is too risky to begin investing in IoT products. In the past two years alone, we have seen companies and agencies – that we would expect to have the most secure data centers – get breached. Cybersecurity is challenging. This said, the emergence of cloud networks have allowed for companies to work with cloud providers on strengthening the security of data in storage and transmission. It is not perfect yet, but we are making more progress than ever.

For other businesses, skepticism of a common IoT protocol makes it difficult to justify investments in the R&D of IoT devices. As told to me by a mentor in the security community, “Would you as a CEO spend 1 billion dollars building IoT devices if the language that you would use to communicate with them might be considered outdated in 2-3 years when IETF or someone else comes up with a set of rules on how IoT devices should be managed?” Until there is common security policy that can guide the direction for businesses to follow, little progress will be made in the markets surrounding IoT.

Lastly, there are technological challenges that must be addressed from the C-level down to developers in the creation of future IoT technologies. The OWASP Internet of Things Project outlines the top ten security concerns regarding IoT devices that can be controlled through secure programming and design, which include vulnerabilities in encryption, transport layer, and web interfaces.

As bleak as it may sound, we still have to make a few leaps before we can realize the vision of a future society where technology and man synchronize securely. It requires the cooperation of businesses and governments, and a cultural change where cybersecurity is valued just as much as locking the front door of your house. As we becomes more dependent on the interconnections and comfort offered through the internet and associated technologies, security and privacy must play a bigger role in national and international dialogue.

Jeff Tso is a cybersecurity professional who has experience in both the technical and business realms of Cybersecurity. He is passionate about the sense-making potential of Big Data, the rising market opportunities around Cloud Networks, and the business and technological developments of SmartCities and SmartHomes. Bilingual in Mandarin and English, he seeks to help organizations in East Asia develop their security strategy and posture.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – IoT devices, cyber security)