As the proliferation of the Internet of Things explodes into a 36.95 Billion market by 2021 according to research firm MarketsandMarkets, the race is on not only to build out the IoT market, but also to solve the biggest inhibitor – security. In their haste to create new technologies for the IoT, industry vendors have sacrificed security in favor of go-to-market strategies. These strategies could also mark a stopping point as well. Vendors need to step back and build security into IoT devices from the beginning. The hard lessons are already being learned with the revelation that there is a serious vulnerability affecting over 120 D-Link products and an IoT botnet launching 400Gbps DDoS attack.
Devices that are part of IoT are especially vulnerable and this lax approach to security means that the devices in hospitals, critical infrastructure, homes, cars and even in government are just waiting to become part of the next DDoS attack.
Who will be responsible?
When an attack inevitably comes, the question will then become: who is liable? Fingers will be pointed at manufacturers, stores & distributors, Internet Service Providers and firewall vendors. Consumers could also be in the line of fire for not securing their own IoT devices.
It isn’t very hard to code good security features. Take Google Nest Thermostats for example. The only successful Nest hack reported to date required physical access to the device. Physically accessing a device requires too much effort and most hackers will move on to find an easier target.
From new smart cars to healthcare devices, organizations are at the mercy of hackers. The most recent attacks have involved ransomware taking hospital networks hostage. We have just been lucky that these incidents have not resulted in serious injury to patients.
Securing IoT for the Future
What is needed is new legislation that is similar to the banking industry. IoT
manufacturers must be compelled to:
- sell subscriptions for routine updates for the expected life of the product (minimum x years)
- fix discovered bugs and vulnerabilities within x amount of time or else suffer a fine per device sold. Money should be held in escrow.
- provide full disclosure to consumers when their IoT device is hacked
- be subject to auditing on the above to ensure they are compliant
IoT represents a whole new world for everyone from vendors to consumers. It will impact our economy and will either present new opportunities or just expand the threat landscape impacting critical infrastructure all the way to government stability. It is time to create this new IoT world correctly with the start of built-in security.
About the Author: Mike Patterson, Founder and CEO, Plixer would be happy discuss the current state of IoT security.
Edited by
Ken Briodagh
