As a responsible child of my parents, I have already began to consider how I will care for them in their older years. The Internet of Things gives me a myriad of options to consider alternatives to in-home care, a nursing home, or living with us, allowing my parents to live independently as long as possible.
I have been looking into life-logging, where I can monitor movement, such as steps taken, sleep patterns and health. Other products give me the opportunity to ensure medication is taken, install sensors in their home, or even allow my parents to instantly alert someone or seek immediate help if they aren’t feeling well.
All of this brings me comfort in being able to be “present” in my parents’ lives without being intrusive. Intrusive… my security mind wakes up and starts thinking about this giant “Internet of Things” and what it really means.
When Kevin Ashton coined the term Internet of Things (IoT) in 1999, I wonder if he imagined that within a decade the number of connected devices would outnumber the world population. By next year, there will be approximately 3.5 devices per person on earth, meaning more than 25 billion devices. With so much connectivity, how do we manage this growing phenomenon?
Dr. Mazlan Abbas states that the Internet of Things is driven by 1) sensors, 2) connectivity and 3) people and processes.
He shows some very poignant examples of how we use the IoT today and what is possible tomorrow. What I draw most from his presentation are a few items that I would like to purport that we consider as developers (and securers) of this technology:
A sensor classification scheme based on ownership will help us classify data privacy needs around each type of connected device (referenced from “Sensing as a Service Model for Smart Cities Supported by the IoT by Charith Perera). If we can get a scheme for classifying each type of device and require that its software meet the security and privacy levels for each level, we will make great strides in containing the proliferation of an insecure IoT.
Consider invasion of privacy as something to avoid in development. This has to be a part of the software development lifecycle. If we can design into our products and devices the connectivity to consider the biggest challenges, such as identity management; authentication; encryption; and data anonymity for privacy, then we can begin to share information in a safe and secure manner.
People & Processes
People and processes cannot be controlled as strictly, but we can standardize the way people use the Internet of Things. If we consider driving standardization across manufacturers of devices, then those companies that seek to secure the IoT will have a much easier time reconciling the designs of the few, to benefit us many.
Finally, while not mentioned specifically in the presentation, I would like our thought leaders to help drive an architecture of the IoT ecosystem, rather than it driving us. Proactively determining what it should look like will help the technology (and security) industries design with that specification in mind.
I am certain my mother would love the independence of living on her own, in control of her own life, well into her 80s and 90s. The Internet of Things may well allow this over the coming years in a lightning fast manner. But, I would like to expect that hacking into her pacemaker would not be an easy task. Therefore, I urge us to consider implementing privacy and security into our design as we move forward with the IoT and its immense benefits and possibilities.
- Weeding Through the Security White Noise
- The Sea of Information Security
- Security: Not Just a Checkbox Anymore
- Understanding What Constitutes Your Attack Surface
Check out Tripwire SecureScan™, a free, cloud-based vulnerability management service for up to 100 Internet Protocol (IP) addresses on internal networks. This new tool makes vulnerability management easily accessible to small and medium-sized businesses that may not have the resources for enterprise-grade security technology – and it detects the Heartbleed vulnerability.
The Executive’s Guide to the Top 20 Critical Security Controls
Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].
Title image courtesy of ShutterStock