Nov 08, 2016I just returned from my polling place in San Francisco and feel exceptionally fortunate to live in this great, if divided, country. I'm also happy that I had a very short wait at the polls. But that doesn't mean voting was easy. With more than 40 state and local ballot measures to weigh in on, I spent a fair amount of time researching what each proposition meant and how it would affect my state and city.
The process reminded me of the parallels between government and technology. Both can be used for good or evil, and neither one works well when it is not managed by and for the people. This election is a good reminder of both those concepts. Cybersecurity experts warned us that the Distributed Denial of Service (DDoS) attacks we recently saw were just a drill for an election-day disruption. So far, I've not seen any evidence of this (it is mid-day on the West Coast as I write this), but cybersecurity firm Flashpoint reported yesterday that it observed attempted attacks on both the Donald Trump and Hillary Clinton websites.
According to everything that cybersecurity experts have told me directly and everything that I've read on the matter, insecure Internet of Things devices have proliferated because individuals—from IoT product designers to those who make component-sourcing decisions to those who design, test and implement software used to control those IoT devices—have chosen speed-to-market and low cost over robust testing and thoughtful design. They made poor choices.
But by the same token, I also think that consumers are, to a lesser degree, complicit because they have put trust in manufacturers and brands without doing their due diligence, at least to a degree comparable to the non-IoT products that they buy. But because most consumers are not computer scientists or software engineers, they need to rely on trusted resources, such as consumer groups, to advocate on their behalf. There is the Electronic Frontier Foundation, but that is more broadly focused on consumer privacy protections and digital rights. When it comes to IoT products, however, I cannot think of any groups focused solely on educating and advocating for consumers in the IoT space. If you know of any such groups, please tweet me @iotjrnl or send me an email.
But this isn't just about manufacturers and consumers. If you are involved in sourcing IoT products or services for your company, you need to follow the trust-but-verify ethos when it comes to the cybersecurity risks associated with those products and services. Ask questions, educate yourself about standards and protocols, and remember that cybersecurity is always evolving. Eventually, the best protections against cyber-crimes that are in place today will be rendered inadequate, so you need to ensure that your vendors' cybersecurity settings and the cybersecurity tools that you use internally are up to snuff.
On the upside, the spotlight being thrust upon IoT security (or lack thereof) is really putting pressure on IoT vendors. My inbox is flooded with interview pitches from cybersecurity experts, but more importantly, I'm also seeing an uptick in new security and encryption products and services related to the Internet of Things. And while I used to always have to ask about security features when interviewing vendors regarding their products—and the responses generally seemed canned, frankly—now, security is one of the first things that vendors want to talk about.
Is this energy and enthusiasm behind boosting IoT security going to last? That will depend on whether individuals, be they consumers or decision-makers within the enterprise market (and, of course, the latter group is also part of the former) continue to demand it, and vote with their dollars.
Mary Catherine O'Connor is the editor of IoT Journal and a former staff reporter for RFID Journal. She also writes about technology, as it relates to business and the environment, for a range of consumer magazines and newspapers.
