The Internet of Things (IoT) is growing rapidly, but the security of these newly-connected devices is lagging behind. This perspective is supported by TechBeacon’s Christopher Null in an article, “The state of IoT security: Trusted connected devices a work in progress.”
In the article, Null says there are a number of reasons IoT security is lacking, but a major reason is because companies that aren’t in the networking business are now adding IoT into their devices without considering the impact on security. He also says that developers are operating on a low-cost business model with slim margins, and have overlooked or ignored basic security principles.
“When they have addressed security at all, they have tended to use lightweight technology that minimizes complexity and maximizes convenience for the end user,” Null said in the article.
“The maximally cynical interpretation is that, given a choice between two devices—one of them cheaper and out the door faster, and one of them more expensive, delayed, and more secure—people will pick the first,” said Michael Collins, technical director for the Cybergreen Institute. “Security has always been a difficult sell, and since secure systems are going to be more restrictive, you’re going to also run into a reduction in features.”
The convenience vs. security argument is a valid one, but in today’s environment where data breaches are occurring so regularly, security can no longer be overlooked.
Null reports that, “in a perfect world, manufacturers would heed this warning and start developing more secure IoT devices while preserving their ease of use. But as Sami Nassar, vice president of cybersecurity solutions at NXP points out, the IoT is still in an innovation phase. Robust quality controls will only come after it has been established that the technology works and is useful. And even if the industry did suddenly strengthen its security game, there’s little it could do for the millions of IoT devices already being used in homes and businesses that are defenseless against increasingly sophisticated attacks.”
Things will get worse before they get better, but Null and the industry experts featured in the article say the silver lining is that many feel this may pave the way to the inevitable government regulation that’s ultimately needed to turn things around.
The Secure Technology Alliance’s Internet of Things Security Council aims to help the industry address these challenges by developing best practices and providing educational resources on implementing secure IoT architectures using embedded security and privacy. Learn more about their efforts, see their latest resources, or learn how to get involved in the council here: https://www.securetechalliance.org/activities-councils-internet-of-things-security/.
To read Null’s full article, visit https://techbeacon.com/state-iot-security-trusted-connected-devices-still-work-progress.