It’s odd that the Internet of Things (IoT) industry — an industry with a dismal record of cyberbreaches — would be the one moving cybersecurity forward, but that is exactly what is happening. With regulation looming and the bad press from recent breaches, there is no longer a choice: Better IoT security is a must. I will be speaking at the IoT Evolution Expo
in Orlando this month on this very subject, and thought I'd give you a sneak peek.
IoT Security Gets a Failing Grade
If I remember correctly, 50 percent is a failing grade and yet, nearly 50 percent
of IoT companies reported some type of security breach in recent memory. This shocking reality confirms that something needs to be done to improve IoT cyberdefense — and quickly. I cover a lot of areas in cybersecurity and know of no other industry with such a bad track record of breaches. Though these hacks expose data, not all of it has value. Sometimes an IoT hack garners useless data and offers no intelligence to use in an exploit, denial of service or machine control attack. The better news is that there are, at last, cyberdefenses coming to market that can address the need for solid IoT security.
New Cyberdefense Technologies Needed for IoT
IoT is different and has the potential to change everything. It is the new extended edge that allows unprecedented applications and intelligence with tremendous economics and accuracy. These tiny devices are the next step in physical artificial intelligence (AI). I stress “physical.” They are out in the real world telling both people and machines what they need to know and need to do. If hacked, they can manipulate or destroy physical things with impacts that can extend to entire economies or worse cause loss of life. IoT is not just a database. IoT it is an actuary in the physical world that must be authenticated, validated and secured or risk the potential for very real danger.
Deep IoT Needs Deep Security
There’s no room for a standard encryption file sizes or even simple processor updates patches in IoT. These tiny devices were built around minimal battery life that required tiny low-powered processors with minimal flash memory. This limitation has pushed the entire cybersecurity industry to rethink how we currently secure all digital technologies. We are beginning to see the successful deployment of these new security technologies today. If we are going to have deep learning in artificial intelligence and IoT we need to have deep security as well. IoT is pushing new security technologies toward achieving this goal.
The Enhanced Blockchain IoT Security Fit.
Today’s centralized security models require high infrastructure and maintenance cost associated with centralized clouds, large server farms and networking equipment. The sheer amount of communications that will have to be handled when IoT devices grow into the tens of billions will create bottlenecks and points of failure that can disrupt the entire network. Decentralized blockchain technologies could address these limitations, though blockchain alone is not a complete solution. As a principal in a company offering enhanced blockchain security, I am aware that blockchain alone is promising, but it is not the total answer. Just like current layered security architectures today, what we need in blockchain is a secure and safe IoT where privacy is protected. Enhanced blockchain-layered security technologies can offer this.
Revolutionize or Regulate
It is always better to self-regulate, and I hope the IoT industry gets that opportunity to find security solutions on its own. In working with cybersecurity entrepreneurs, I find that compliance and regulation seem to never catch up to the pace required by cyberdefense technologies. Billions were spent in security compliance of the smart grid. And while these security guidelines have value, at the end of the day, compliance does not mean you are secure. Hackers change things daily while compliance recommendations can take years. Cyberdefense needs to be more proactive, as does the matured working technologies that need to be used.
Preparing for Post-Quantum
Quantum computing and IoT have a very bright future. I stress “future” because there are a lot of issues that need to be addressed prior to quantum computing and IoT working together. Quantum computing in the short-term though will have the processing power to crack any static encryption algorithm. Solutions of more complex encryption algorithms with larger files sizes will work for IoT or really any other industry. In my last article, Is Cybersecurity Encryption Ready to Break?
, I discussed the importance of looking for new low-overhead encryption technologies.
The IoT security opportunity
IoT suppliers that have a future will be the ones that invest in the security of their products. Even venture capital startups are clearly aware that they need to secure their IoT applications. If they do not, they could lose customers, spend money on regulatory issues or, worse yet, be involved in legal action against them. The smart IoT suppliers are embarrassing security and advertising it, even if it involves a premium price. They are beginning to find that customers will pay the premium. There are even IoT enterprise, managed services and cloud computing companies getting into the game offering their own solutions. IoT security is not a matter of choice anymore, it is a requirement.
Larry Karisny is the director of ProjectSafety.org, an adviser, consultant, speaker and writer supporting advanced cybersecurity technologies in both the public and private sectors.