Risk Assessment, Sharing are Key to Optimal IoT Security, Panel Says

When it comes to the Internet of Things, the appropriate level and type of security depends upon the application and the risk involved should that data or asset be hacked.

Tim Hahn, distinguished engineer at IBM, noted that he uses a different quality of lock on his home than he would in a bank. The same thinking can be applied relative to security and the IoT, he indicated. Here, he emphasized the importance of assessing risk by understanding what you want to protect and the value of it.

“We will never thwart all the attacks,” he noted, so it’s best to understand there will always be another attack, and to prepare for it in the most appropriate way possible.

That advice could apply to any kind of security scenario, of course, but Hahn and his fellow panelist Godfrey Chua of Machina Research, noted that the IoT has what they called amplified attack surfaces. Hahn and Chua were panelists at the IoT Security Summit, which took place yesterday at the IoT Evolution Expo, which runs until Thursday at Caesars Palace.

Hahn said he already has 30 or 40 connected devices in his home. During the same session, Chua presented a slide of a car with an array of labels that pointed out connected and software-based functions.

Chua went on to say that given the complexity of putting together an IoT deployment, there is no one company that can do it all. So it’s important, he said, to work with your network partnership ecosystem to understand all aspects of security.

Perhaps BMW would have benefitted from such sharing. Chua said the company was hacked nearly two years ago. Although the company was diligent about security, he said, it used an encryption technology that was known to be vulnerable, but didn’t realize it was using a technology that already had been compromised.