It is circular and pointless to debate where the IoT needs to secure itself: devices, connections or somewhere else. The answer is: everywhere. The interesting question is: How?
One answer came from Maged Zaki, director, corporate technology marketing, Qualcomm (News - Alert), in his session at IoT Security 2015 in Boston, September 22. He said that the future of security in the era of smart, connected things has to come from intelligent, cognitive awareness of abnormalities in the network.
“Security is defined by the weakest point in the chain,” he said. “So, how to secure the endpoint—the device—to start with?”
The unique challenges inherent in securing the IoT, Zaki said, include how cheap individual devices can be, how constrained they are in terms of power and resources, their ability to act as back doors to critical systems, longer service life than any device manufacturer has been used to, and the fact that devices aren’t usually built with security in mind upfront.
His vision for IoT security requires on-device, real-time alertness to attack, hardware-based security installed at design, all managed and monitored by a cognitive machine learning and data analytics framework that can manage data and evaluate it to see indications of breaches.
“Behavioral classification makes observation, analysis and evaluation possible,” Zaki said. This cognitive defensive approach can help mitigate security concerns, and also privacy breaches.
Of course, if the machines are monitoring themselves, there might be new concerns to address.
Who watches the watchmachines?