• Subscribe

Not just about the data

The Internet of Things (IoT) finds its way into your life slowly at first. An Alexa device in the kitchen is soon accompanied by a connected camera for your doorbell. Before you know it, you’re surrounded by gadgets made cheaply by companies that believe security is, at best, an afterthought. 

The IoT is fraught with vulnerability issues, and hackers may enlist these devices as players in malicious botnets. That said, the IoT’s security problems are often overblown in the media. Every new technology has its stumbles, but those mistakes can be corrected.

We spoke with Bruce Schneier of Harvard’s Kennedy School to get a more realistic understanding of the threats the IoT faces. We caught up with him during his recent visit to Indiana University’s Center for Applied Cybersecurity Research (CACR) where he spoke about Securing a World of Physically Capable Computers.

Is IoT security handled differently than other devices?

It's not – it’s just done at a lower price point. Your computers and phones are as secure as they are because there are security and engineering people at Apple, Microsoft, and Google that are doing the best design to keep it secure in the first place and quickly writing and pushing out patches when vulnerabilities are discovered.

<strong>It’s not the internet we’re used to.</strong> Internet-connected devices like smart doorbells are often designed quickly and rarely patched to update their security. Unlike hacks of data, breaches of these devices have the potential to affect the physical world directly. Those economics doesn't exist in low-cost embedded systems like DVRs, home routers, whiteboards, toys, appliances – anything. They're often designed offshore by third parties. Teams come together, write the code, and disperse. There aren't people on staff at that whiteboard company to patch the systems.

Even worse, a lot of these systems have no way to patch them. Right now, the way you patch your DVR is you throw it away and buy a new one. You just don't have the same economics that leads you to these well-designed, well-engineered, agile security systems that we have in these high-cost devices like phones and computers.

Is there anything unique about security in the IoT space?

What's changing with the Internet of Things is that computers can affect the world in their direct physical matter, unlike the spreadsheet on your phone, which is about data like your bank account. It could be a lot of important data, but it's just data.

The IoT includes vacuum cleaners, cars, thermostats – the things that actually change the world, things that could kill people in the way a spreadsheet never can.

It is not the internet we're used to. It is not the computer we're used to. We're used to computers that sit quietly and process data. Not ones that could freeze your pipes in a Minnesota winter.

This connects with your concept of the World-Sized Web, where all connected technologies are converging into a sort of robot. In describing this robot, you state that we may need to create a Department of Technology Policy. What would this look like?

These systems are being designed by corporations that are there to turn profits. And there is no other pressure on those systems, so you get systems designed to turn profits. You get no privacy because privacy is antithetical to profits.

We in society have to figure out how tech is fitting in, what the rules are, and what the laws are.

It's kind of like child labor laws. You don't let companies figure out child labor laws. That'd be dumb.

This indicates the possibility of building a regulatory structure. But I am not someone to figure out how to configure a government to regulate this. I gave it a name, and other people are going to be happy to get out there and figure out what it means.

It’s very easy to focus on the negative aspects of any tech trend. But is there anything about the IoT that gives you hope or excites you?

Oh, it's all great. I work in security, so I'm used to looking at the negative effects of all good things, but they're all good things. There's a reason we want all of this great Internet of Things. It's going to be cool. It's going to do good stuff.

Getting it right is important. That doesn't mean saying no to it. It means figuring out how to say yes without sacrificing our ideals as a society.

Read more:

Join the conversation

Do you have story ideas or something to contribute? Let us know!

Copyright © 2020 Science Node ™  |  Privacy Notice  |  Sitemap

Disclaimer: While Science Node ™ does its best to provide complete and up-to-date information, it does not warrant that the information is error-free and disclaims all liability with respect to results from the use of the information.

Republish

We encourage you to republish this article online and in print, it’s free under our creative commons attribution license, but please follow some simple guidelines:
  1. You have to credit our authors.
  2. You have to credit ScienceNode.org — where possible include our logo with a link back to the original article.
  3. You can simply run the first few lines of the article and then add: “Read the full article on ScienceNode.org” containing a link back to the original article.
  4. The easiest way to get the article on your site is to embed the code below.