Imagine the day when you are getting out of your workplace, and your fridge sends you a message, “Don’t forget to pick up eggs, (or beer, as the case may be) you’re out.” Actually, this isn’t a completely fictitious scenario. With the Internet of Things (IoT) set to exponentially balloon to 50 billion connected devices by 2020, in our lifetime, we will see a smart fridge sending us updates about low stocks of fish, or veggies, or whatever.
Experts have floated such varied scenarios as smart cars reminding you it was time for the oil change, the water sprinkler watering the lawn at 6 pm regularly while you are away on holiday, medical devices monitoring your pacemaker and medications. Consumers want an upping of the quality of life through intelligent devices. What the IoT does is to install sensors in devices so that they can connect to the Internet, and each other. There are thus, open channels of communication between the user and the device, as well as the Internet.
But what about the security issues with billions of connected devices sending and receiving data that is unique, and completely yours? Hackers can use the data for wrongdoing, just for the fun of it, or with far more seriously malicious intentions. Who controls the travelling of the data on an often-porous information highway? How often is the data collected, and who has access to it? Protecting the data collected from, say, the thermostat at your home, so that unauthorised access is blocked, has industry honchos deliberating deeply.
Though consumers are keen to stock up on connected devices, there is the niggling fear that a breach in the wall can be dangerous for them. All the weighty issues surrounding data protection and inbuilt security systems are scrutinised and debated over and over again. Privacy is an issue not to be taken lightly since implications range from legal to the safety points of view. It’s not surprising that people have become paranoid in the face of brazen security rifts in mega corporations like Sony, Target and Home Depot. Considering the voluminous scale of the industry, security concerns are here to stay and proliferate.
“No one agrees on the exact number, but regardless of the estimate you choose, the IoT market is huge — anywhere from 25 billion to 50 billion IoT devices by the year 2020. Connecting all those devices promises to create an immense security challenge; in fact, according to a study conducted by HP in 2014, 70% of IoT devices are vulnerable to attack,” said Steve West, Senior Director of Business Development for IoT, BlackBerry Technology Solutions, Canada, while speaking to this Website.
He added, “The reasons for this issue are several. First, many companies take the DIY route and build their own IoT solutions. But the minute a connected device starts sending messages to the outside world, you have a security concern. It’s easy to assume that messaging is simple, but secured messaging, and a secured IoT platform, require thoughtful design, careful development, and ongoing monitoring.”
Scalability of the ‘things’, where managing, configuring, sustaining and upgrading the software and associated security is Blackberry’s path towards securing the future for IoT.
“We offer several IoT solutions that target the business requirements, and security requirements, of specific markets. These include a system for over-the-air software updates, which provides a field-proven and globally scalable service for remotely updating software, firmware, applications, data, and settings, all with advanced administration capabilities. We also give a remote diagnostics solution for IoT devices that performs remote, cloud-based analysis of OS logs and fault reports, enabling faster development, accelerated triage of software issues, and improved software quality. We also offer asset tracking, an end-to-end solution designed to track highly mobile, highly valuable, and high-scale assets such as shipping containers. The solution provides critical location data to improve operational efficiencies” he pointed out.
Companies like Wind River which deliver software for IoT devices have outlined specific threats to the industry. In a white paper titled, “Security in the Internet of Things”, the efficacy of any one particular safety measure being woefully inadequate, is underscored. A multi layered approach is what they recommend. They are clear that security must be on the agenda right from the time the device is designed, till it is being used multiple times. Security is not to be viewed as an add-on to the device. Instead it must be organic to the device. Their standpoint is that security should work at the device and network levels.
Last year, the IoT industry started up the Open Interconnect Consortium, with the avowed goal of “defining the connectivity requirements and ensuring inter-operability of the billions of devices that will make up the emerging IoT.” With the increase of “things” on the Internet, the OIC hopes to achieve the collaboration of the open source community to establish industry standards. Members of the consortium include heavyweights like Cisco, GE, Intel and Samsung to name a few. This month, they have unveiled an IoT specification for cloud-native design for IoT.
““The IT industry has looked to Cloud pioneers to see how they handle millions of mobile devices and interactions, and has learned that only Cloud-native design will reliably scale to handle the millions of IoT devices and interactions we expect to see in successful projects,” said Mike Richmond, Executive Director at the Consortium. “Based on this insight, we developed this candidate specification and are making it available for evaluation by everyone.”
Incidentally, later this week, Boston is hosting an event dedicated to IoT security and privacy issues. Billed as the world’s first such event, the conference will feature visionaries from the industry, speaking about data interception, secure devices, data protection, prevention and risks of threats and legal issues.