SECTIONS - Caught in the Crossfire
April 20, 2017

Is Security IoT's Achilles Heel?

At IoT Evolution in Fort Lauderdale, Fla., Ken Briodagh and I took opposing views as to how bad the IoT security problem is. According to Ken, I lost, but since this is my column, I will offer an alternate truth.

Ken’s contention was that we have never as an industry hardened our devices as well as we should have, and that has left lots of vulnerabilities. My brother, James Ford of ADP, voiced this in response to a blog post this way.

“IoT seems to be built on 40-plus years of microprocessor and software prior art. It would be hard to create something truly Big Bang in my opinion, since everything has been incremental. The security posture appears to be a problem with living too far up the abstraction model and not understanding what is really going on at the kernel or micro code level. Too many developers are grateful their project compiled or loaded and do not profile or examine how it works. In the container space, there is a lot of talk about Least Privilege Model that tries to turn off everything that the container does not explicitly need. If IoT wants a Big Bang, it will need to move toward a least privilege model and spend the time to minimize the threat surface dragged along by living too far up the abstraction ladder. Standing on the shoulders of giants is great, building on top of ancient programming models with implicit trust models is not.”

His statement about containers is very appropriate because the layer of abstraction with SDN and NFV changes the fundamentals of the internet (and whatever we rename the public switched telephone network).

It is my contention that as the industry moves all the traffic up to the session layer, the network has a chance to cure a lot of ills from the past. Perhaps it’s a matter of perspective. If you see the world like a consumer, technology gets swapped out relatively quickly. As a recovering Bell head, I am aware that telecom technology and law stay in place for decades.

However, the core of the network is often updated. So if I start from the core, I can isolate the problems at the edge. I recognize that neither side is perfect, but I feel my contention is more efficient. It also reflects the situation we are in today.

We are evolving. Everywhere I look I see paradigm shifts in communications. Mobile is becoming data centric and virtual, POTS service is being phased out, and China is taking over.

A friend who owns a major manufacturer shared his concern that China has become a dominant player worldwide and is choking innovation. If you make a presentation to a major carrier and you leave your deck behind, you can assume that if the Chinese see it they will offer some things for free.

So our security breach may be at Layer 10 more than at Layers 1, 2, and 3. If I had President Trump’s ear, I would advocate for a security standard that works like Intel Inside, and I would invoke a tariff on the hardware side. On the network side, I would admit the PSTN is dead and force a retool as we did for HDTV.

On the patent side, I would support a stronger arbitration system and better protections for the entrepreneurs. Particularly on patents issued that don’t get deployed immediately or the parent company dies, I might want to rethink how they can support the public good.

It’s not my nature to be this protectionist, but it is clear we are living in interesting times. Peter Zeihan points out that we are headed to a post-Bretton Woods world in which America first will have large implications. It is my contention that the world is rapidly becoming China first technologically, while we are building physical walls.

And that is our Achilles heel!

Edited by Ken Briodagh

Back to Homepage
Comments powered by Disqus