The future of security and privacy for Internet of Things systems
As we rely more and more on connected devices to make our lives better and easier, the makers and operators of the Internet of Things (IoT) must consider building in security from the very start to keep us safe. This requires integrating security from the bottom up with a multi-layered process that starts at the beginning of the development process and keeps hardware secure through its entire life. To enable the full potential of the Internet of Things, security challenges must be addressed through a combination of interoperability, education and good design—and by taking a proactive, not reactive approach to designing security features, which will result in better and safer products.
In a November 2014 report, analysts estimated that IoT will represent 30 billion connected devices by 2020, growing from 9.9 million in 2013. The ubiquitous connectivity of things that enrich our lives, businesses and organizations—such as thermostats, medical devices, automobiles and industrial equipment—presents an exciting environment for innovation and new business opportunities. This expanded computing environment also presents a broad set of security issues and threats. A world of connected things makes them, the data they produce and use, and the systems and applications that support them, potential attack points for malicious actors. Possible attacks include obtaining private or confidential data, manipulating or controlling devices, or confusing or denying service to applications that use and supply data within IoT systems.
There are different requirements for IoT security depending on the risk profile of the system being secured. For example, the security needs for a consumer IoT system to measure and control a watering system for garden plants are different from the needs of a complex, mission-critical, enterprise petroleum drilling or pipeline operation that involves IoT-connected valves and pumps.
A vital consideration for the security of IoT systems is that the system cannot depend on the constant integrity of every connected device to ensure the ongoing integrity of the whole system. The design and security features of the IoT system assume that individual devices might be compromised (no security is foolproof), and still be able to function securely with one or more compromised devices.
A recently published paper outlines in greater depth critical steps and techniques for IoT security. Take a look at the IBM paper on IoT security and share your thoughts. Where do we have to go as an industry to ensure IoT security? How can IoT security be enabled from beginning to end? I'd love to hear your ideas. Please comment on this blog or engage with me on Twitter.