This year we have seen some bad security breaches related to the Internet of Things. Smart fridges meet smart villains – no surprise, smart villains win.
There has been a good deal of comment about this problem, even the Economist sat up and took notice. This is an easy problem to understand, and it is serious, so it has generated a lot of comment and hand wringing in the media. One could be forgiven for assuming that security will be the be-all end-all issue for the IoT.
We are not so sure. First, the knowledge exists to solve it. My friends and I created a major piece of U.S. financial market infrastructure that handles tens of thousands of orders per second, and trades billion of dollars daily. Like most significant financial markets, it has never been hacked. The technologies we create are designed to be secure at every step. The recent high profile failures of major corporations and government departments to protect their sensitive information are more a condemnation of those organizations ability than a credit to the hackers.
There are good analogies for our modern age of innovation. In the 20th century two world wars caused enormous social upheaval and spurred massive advances in technology. While we see our current age as one of dizzying advances, the last century experienced the transition from the horse and steam power to men on the moon. One of the most visible changes of the 20th century was the automobile, and it is a good analogy to the Internet of Things.
Cars have gone from death traps to machines designed to save our lives. I confess, my wife drives a Volvo, but my favourite vehicle is my 1969 Ford truck. As I motor around in it I am acutely aware that in addition to dangerously loose steering and dubious brakes, I have a steel spear pointed at my heart.
Very few of us really understand the safety aspects of our cars, just as very few of us understand the security aspects of the systems we use. The majority of cars are close enough in safety ratings to the leaders that we make our decisions on other values. What we care about is we can feel confident our car is “safe enough” – we buy based on other criteria: fuel economy, style, brand, features, and most importantly on image and lifestyle.
Internet of Things security is no different. I want to think that the things I buy are “secure enough”. The decision I make on “secure enough” won’t be that different from the “safe enough” decision I make buying a car. GM has had a horrific year with huge recalls associated with terrible safety issues causing deaths from faulty ignition circuits, and GM knew about it for years. GM just posted tremendous growth in sales. Samsung seems to be getting on quite well despite their embarrassing experience with refrigerator spambots.
Admittedly we form strange emotional relationships with our cars and car brands, but we do the same with our smart phones. At a certain level the same forces are at work. We won’t go out and do deep research about either security or safety – we will ask our friends, we may do a quick scan on the Internet for any really obvious flaws, but what we are looking for is affirmation that the thing we want is “secure enough”. Security is a check box after we have made up our mind.
It is no wonder that we have a security problem, we have a lot of folks rushing to be first to market with the latest thing. Corners are going to be cut in the rush to be first, but the security problem has known solutions. The Internet of Things has a bigger problem than security – pretty soon we are going have too much connected stuff, too many apps, and too much noise generated by all those things to make sense of it all.
What we need is a really easy way to make all these IoT things part of our daily life, to ensure they add value and don’t detract from it. This is especially true when we look past the first rush of consumer products and consider the enterprise, and the myriad of connected devices we will need to integrate into a sensible enterprise fabric.
And yes, it has to be secure.
Header Image Credits: blue old volvo photo by Margarit.Ralev.Com
Paul is the Founder & CEO of bbotx. He has developed and marketed software products in different market segments in North America, Europe, Asia, Africa and the Middle East over the past 20 years – doing business and working in 40 countries.
Mercedes photo by NRMA New Cars CC-License: CC BY