As more devices become connected to the internet, safety and security considerations often seem like an afterthought — which could be fatal in the case of connected cars or industrial controllers. “If it’s got software, it’s vulnerable, and if it’s connected, it’s exposed,” said Joshua Corman, founder of I Am The Cavalry, at Gigaom’s Structure Connect conference in San Francisco on Wednesday and was joined onstage by Hugo Fiennes, CEO of Electric Imp.
It’s not just your data that’s at risk if your car or your lock has an IP address, it’s also your physical security. Because our dependence on connected technology is growing faster than our ability to secure it, the internet of things has a problem that doesn’t have a clear solution, whether it’s public standards, the free market or even government regulations. Consumers don’t have a clear authority to turn to.
What wi-fi chip maker Electric Imp is counting on is that a secure toolkit will be attractive to connected device makers that don’t necessarily have the resources to do security themselves. “Companies who build products can make uses of the security work we’ve done,” said Electric Imp’s Fiennes. “Because you can’t add security to an insecure system.”
But security isn’t an end-point, it’s a process, and part of having a system that isn’t easy to attack is keeping it up to date. Connected devices need to get better at installing updates without user input. “People have too much stuff going on to make sure their lightbulbs are updated,” Fiennes said. “You can’t be asking did I leave the gas on and are the lightbulbs patched?”
Ultimately, securing devices on the internet of things may mean considering whether an object needs to be connected to the internet in the first place. “It’s like ‘everything’s better with ‘bacon’ — not everything is better with Bluetooth,” Corman said. “Just because you can put connectivity on something, doesn’t mean you should.”
One important question is whether it will take a disaster for meaningful changes to be made to current connected security practices. “Around the turn of the century, the Cuyahoga river caught on fire, and that’s why we have the Environmental Protection Agency,” Corman said. “I hope we don’t have a ‘cyber-Cuyahoga’ moment before we start doing something.”
Photo by Jakub Mosur