The Internet of Things (IoT) holds great promise, but serious danger lurks there, too. New device and application security vulnerabilities are exposed daily. It seems impossible to secure every type of device in every potential use case scenario, and yet when it comes to critical infrastructure, how could society settle for anything less?
Potential Security Nightmares in the IoT
Imagine wearing a connected, smart medical device such as an insulin pump or a cardiac pace maker. Using the same communication protocols that enable cloud access to vital health information, a hacker gains control of your medical device. This is a potentially fatal situation.
What if your automobile could be hacked with the criminal applying acceleration, braking or steering against your wishes? That’s a terrifying ride for one or several people. Now imagine an industrial facility—say a chemical plant—hacked and run amok. Or military equipment such as UAVs. These scenarios could quickly escalate into the stuff of nightmares for entire communities.
Shifting Our Thinking
Speaking at Cloud Expo Europe, Darren Thomson, CTO & vice president of technology services, reflected on the nature of IT solution development, noting that most new apps evolve from the mindset of ‘could we solve this problem’. It hasn’t been the nature of the IT industry to ask ‘should we’.
“But a car, a building, a city, a pipeline, a nuclear power facility can’t tolerate downtime. So if we don’t build security and privacy into our designs from the very first whiteboard, we’re going to leave ourselves with a problem,” said Thomson.
A Framework for Securing the IoT
Last November, the U.S. Department of Homeland Security published its “ Strategic Principles for Securing the Internet of Things” report in an effort to bring together IoT developers, manufacturers, service providers, and the users with a non-binding framework to guide security planning and conversations.
The DHS suggests these strategic principles for security the IoT:
- Incorporate Security at the Design Phase
- Promote Security Updates and Vulnerability Management
- Build on Recognized Security Practices
- Prioritize Security Measures According to Potential Impact
- Promote Transparency across IoT
- Connect Carefully and Deliberately
Technology solution and service providers can help safeguard their customers with several of these security principles.
How to Help Your Customers Navigate the IoT
As a technology provider, your business is already a trusted resource for IT and security knowledge. 60% of organizations surveyed have already started an IoT initiative, and another 23% of companies plan to start one within a year.
How can you guide your customers around the security pitfalls of the IoT, so they can benefit from its potential? Using the strategic principles above, IT services and solution providers can:
- Manage customer vulnerability through proactive service with patching and security updates.
- Stay up to date with the latest security concerns surrounding the IoT, as well as potential strategies for securing IoT devices. By understanding recognized security practices, you can help educate your customers about the best way forward.
- Help customers prioritize their IoT initiatives by understanding the potential security risks of each new project.
- When customers do roll out with new IoT initiatives and connected devices, help them connect carefully.