Skip to content ↓ | Skip to navigation ↓

The Internet of Things (IoT) is the newest buzzword on the block as it promises to connect our lives together in an ecosystem that understands how we live, work and play.

Whether we want to turn on the heat at our homes, use a webcam at work to connect with our international colleagues or be able to maintain our cars with the push of a button, the Internet of Things has the ability to help us connect the components of our lives into a mesh of interoperability.

However, it also has the potential to be a minefield of vulnerabilities that unsavory actors may want to exploit.

There is no shortage of information about the product horizons and possibilities for IoT—the options are endless. With this blue ocean opportunity, I believe the competition to be first to market will drive products to end users quickly (and often prematurely, from a security perspective).

As Katie Moussouris states in her blog post titled “Vulnerability Coordination for the Internet… of Everything,” we have to build security into the design of future products. Just how do we do that?

In a recent blog post in the NY Times, Quentin Hardy outlines that rather than compete to be first to market with product, Intel and Qualcomm are competing to be the first to offer  an “Internet of Things” standard. Players, such as Google and Apple, may join this march, as well.

This is what we need. We need competition to drive security into our designs and ensure that our ecosystems are protected. While there are market share reasons for these companies to ensure devices inter-operate well with an open source standard, it still behooves everyone involved to have devices that are designed with security features in place from the beginning.

Do you ever choose a product because it is “earth friendly,” “organic” or “benefits a charity”? We certainly do.

I propose we make security robustness a stamp of approval, too. As Mark Stanislav indicates in his blog post, we need to make security design a first class citizen too. With a mechanism to indicate the level of security a product has (e.g., USDA “Grade A” or prime grade beef vs. select grade), end users can choose, based on their security acumen or their desire for privacy, the right level of security aptness for their needs.

I believe people will pay a premium (just as they do for rbGH hormone free milk) for products that give them extra security.

So, while many companies compete for first to market placement for product, I commend and salute technology companies generating security dialogues, architectures and best practice design standards to ensure that we are driving an ecosystem that will be safe for all levels of ends users to utilize and protect us from the unwelcome actors looking to take advantage of that network.

Let’s start looking for products stamped with “Grade A Security.”

 

Related Articles:

 

BB-Shirt-TwitterAdv3d1
Back by popular demand…

Hey, InfoSec Pros! We’re giving away dozens of these awesome ‘Breaching Bad’ T-shirts to some luckyTwitter followers. Make sure to follow us @TripwireInc and RT to be entered for a chance to win! Contest ends Dec. 18, 2014. Click here for Terms & Conditions.

Title image courtesy of ShutterStock.

Hacking Point of Sale
  • Totally agree. Security, especially when it comes to this kind of data, is highly important. But I think those two aspects about which you're writing, doesn't have to exclude one another when it comes to producers of smart devices. I'm convinced that companies can compete both for the best product on the market and for its security protocol.
    Monica

  • Hi Mandy,

    Thanks for covering such an important subject.

    Simply giving the end user a greater choice over privacy and or security is essential going forwards. I look forward to see which company is first to market. If you have any more intel/info please do share.