Headline-making incidents like the botnet that took over unsecured webcams and DVRs to generate distributed denial-of-service (DDoS) attacks last fall tripped an industry-wide alarm about security. Quite simply: every device—no matter how banal—increases privacy and security concerns when connected through the Internet. And even though FDR counseled we have nothing to fear but fear itself, fear itself won’t secure these devices.
IOT SECURITY IS A PHILOSOPHY
Lack of security design in connected products can have severe consequences and lead to property damage or personal safety issues. We are now are seeing recognition by both tech and consumer products companies that they must raise IoT security to a position of top priority. As we reported about CES 2017, a wave of new product developments and industry alliances emerged in this area to protect smart home products.
We are also starting to see industry-wide recognition that security needs and responsibilities go beyond when products are initially shipped. Connected product companies must provide regular patches or updates for their products or those devices may suffer degraded security. As Olaf Kolkman, chief Internet technology officer for the Internet Society noted at the recent RSA security industry conference: “We’re shipping stuff now that will live in our environment for a very long time.” At RSA, industry experts also debated the need for government regulation on a panel titled, “Internet of Insecurity: Can Industry Solve It or Is Regulation Required?”
WHO WATCHES THE WATCHMEN
We have already begun to see government guidelines emerge. In November 2016, the Department of Homeland Security issued the first draft of Strategic Principles for Securing the Internet of Things. Around the same time, the National Institute of Standards and Technology (NIST) released updated guidance on how to develop secure IoT systems.
Panelists at a recent National Telecommunications and Information Administration (NTIA) IoT policy workshop, urged industry and governments to address the urgent security and privacy issues surrounding the Internet of Things by using the NIST framework of cyber security standards. As Stacey Higginbotham assessed in her newsletter on the topic: “This would actually be incredibly helpful in establishing some type of baseline security standard for connected devices that manufacturers could work toward.”
SECURITY DEFINES THE CONNECTED PRODUCTS COMPANY
We agree that privacy and security safeguards represent an urgent need for connected products and also know that it will take a village to raise this IoT child safely. But at the basic level, security and privacy take INVESTMENT in people who know how to properly architect systems and policies, and COMMITMENT to put security and privacy first. Problems arise when people either don’t know how to pursue, or management has not committed to, security as a priority. We are already seeing a significant increase in companies who want to work with proven partners like Arrayent to implement security and privacy best practices at high levels for their product programs. Besides not wanting to be the next headline about a security failure, they are finding that with the right partner, best-in-class security doesn’t need to be more expensive. We predict that 2017 will be the year that most connected products companies jump on board and institute security measures throughout their organizations.
You can read all of our predictions for 2017 here. Be sure you are subscribed to our blog, newsletter and social media feeds as we expect to chronicle many future developments for consumer IoT technologies throughout 2017.