OpenStand has posted one or two of our articles regarding the security challenges that are presented by the ever-expanding Internet of Things (IoT). Without question, the advantages of having a web-connected heating system or vehicle or baby monitor are attractive and obvious. However, the reality is that the IoT creates security vulnerabilities and hacking risks.
At a basic level, the argument can be made that the IoT increases user vulnerability simply by increasing a household’s network footprint. If a single internet connection serves as a single point of potential exploitation by hackers, then increasing such connections exponentially will only increase the number of potentially exploitable points of access. While it’s hard to dispute such seemingly fundamental logic, the corresponding solution would be to roll back the amount of Internet-connected devices, which undermines the promise of the IoT.
Of more pressing concern is the fact that, as of yet, there is no widely-adopted security standard for IoT devices. As such, it is not uncommon for a number of web-enabled products to wind up in consumers’ homes with insufficient security protocols in place. In previous OpenStand blog posts we discussed a few of the more-high profile examples of IoT technologies being hacked – and less spectacular examples of IoT devices being exploited are not difficult to find.
Fortunately, the need for comprehensive security standards in the world of IoT has not been ignored by the tech industry at large. Efforts have been made to remodel existing security standards (such as those under the ISO 27000 auspice of security protocols) to suit the needs of IoT devices. Furthermore, the IEEE has been working on various models of architectural frameworks that are specifically designed to address the needs of IoT products.
Though this awareness and progress is welcome news to those who follow the tech industry and care about standardized protocols, there is still much work to be done. As the IoT continues to expand the Internet’s reach at a dizzying pace, organizations such as McKinsey & Co. and the Global Semiconductor Alliance (GSA) have identified several areas of IoT security consideration that are not currently being addressed by any standards organization. It has been estimated that by next year, most IoT devices will have been developed by companies that are less than three years old. While this sort of exponential growth in the industry is exciting and promises to bring new and imaginative features to consumers, this growth also promises to outpace the development of security measures and industry standards.
All this puts the tech industry in a difficult position for safeguarding the future of the Internet. Those who are concerned about the challenges of IoT security can help address the problem by raising awareness, advocating for continued and increased development of security standards, and encouraging organizations in the tech industry to collaborate with one another to establish robust security models.