We’re deep in the think of it here at IoT Evolution Expo in Las Vegas. We’ve seen dozens of discussions about networks, standards, connectivity and security, with some really interesting analysis and perspectives on how to approach each or all together.
We sat down with Alan Grau, president, Icon Labs, to pick his brain about one of the drums he’s eagerly beating: device security. He says it’s a mistake to spend all of our effort to secure data and connections, when there’s an easily breached and obvious hole lurking at the edge, waiting to be exploited.
“We’re not worried about securing data,” he said. “We’re worried about command and control functions on end-user devices.” The danger, he said, is that almost every smart thermostat, vehicle and power transformer is right now a poorly-defended entry point to larger systems where malicious actors can cause real damage.
These edge devices are easy targets and if they’re compromised, the hacker can then operate as a “trusted entity” within the supposedly secure network. “All of the communication protocols are concerned with protecting the signal and the data, but not the devices themselves,” Grau said. “As an OEM, you have to take a broader view.”
But what’s the answer? It seems like each device system is on its own proprietary platform, and that’s how vulnerabilities enter the network. The solution is the establishment of an industry-leading standards body that can set rules and make decisions for the good of the IoT, not just one vendor or supplier or platform maker.
“We are trying to create an Internet of Secure Things because if you start at the enterprise level, you’re securing the top while leaving the soft underbelly vulnerable,” he said. The underbelly being local devices. “It’s like sending a soldier into battle with a helmet but with no body armor.”
He’s not really all that safe.