The Internet of Things poses real security risks, but security needs to be determined by use cases of IoT devices and risks. Lost in the hype over IoT hacking has been a common and serious problem: privacy.
An alliance that includes Microsoft, Symantec, ADT, AVG, Target, TRUSTe and Verisign issued guidelines for IoT manufacturers, developers and retailers for use with connected devices.
They are inviting public and industry comment, so chime in now. The objective is to address security and privacy concerns that are starting to bubble up around the rise of the IoT.
“This could lead to hackers remotely opening garage doors and turning on baby monitors that are no longer patched, to infiltrating fitness wearables to spy on health vitals, or creating mayhem by sabotaging connected appliances,” the alliance said in a statement.
Basically, security needs to be systemic to everything you do with computers, networks, and devices. Thus, we need to address security with IoT, big data, cloud computing, and even legacy systems.
In the past few years, most of the well-publicized hacks have been around older systems, where proactive monitoring and updated security were not what they should be. No cloud-based systems have suffered breaches as of yet, but you can count on somebody dropping the ball along the way. It will happen.
The IoT becomes fuel for the Chicken Littles out there. They can describe visions of refrigerators exploding, or somebody taking control of our cars while we drive to work, or even taking control of weapons systems. However, we’ve had these things connected for years, and it’s been smooth sailing…so far.
Here’s the deal with IoT security. The security requirements for these connected devices need to be determined through the device use cases, and also the risk. Yes, I would be concerned about my home security if somebody could make my garage door go up and down, but I would care a whole lot more if somebody takes control of my car at 70 mph. Hopefully, the car will carry a more aggressive security profile than my garage door.
The larger issue here is not bad guys taking over devices; it’s bad guys gathering data. In some cases, health telemetry wearables, your Web browser habits, and even what you purchase on retail sites gathers data on certain devices. This could lead to very accurate conclusions about personal information you would rather not be out there.
Very much like marketing that data companies do today around buying habits and social media usage, the IoT means that we could be giving up even more telling and personal data. If we think it’s harmless, know that advances and analytics allow those with mountains of raw data from IoT devices to learn even more about you, and it’s all done legally without any security breaches.
So, don’t worry about IoT security breaches sending your Roomba to kill you. Worry more about the data that’s being spun off these devices, and the fact that we could be giving up more privacy yet again.
Want more? Check out our most-read content:
Frontiers in Artificial Intelligence for the IoT: White Paper
Research from Gartner: Real-Time Analytics with the Internet of Things
How Real-Time Railroad Data Keeps Trains Running
Operational Analytics: Five Tips for Better Decisions
Why Gateways and Controllers Are Critical for IoT Architecture
Liked this article? Share it with your colleagues!