The ‘post-apocalyptic, post-technology, hackers took over the world and burned it down because someone took over the IoT,’ thing isn’t going to happen. I know; we’re all disappointed. I wanted a Mad Max Ford Falcon Interceptor, too.
It’s fun to speculate, and security is important as M2M technology develops, but, as Syed Zaeem Hosain, CTO of M2M-specific cellular network host Aeris Communications, told me in a recent conversation, “We’re all overreacting or avoiding the issue” when it comes to how to make the enterprise IoT more secure.
“We have a tendency to let specific incidents inform our broad opinions in ways that aren’t always warranted,” he said. So, we overreact by making old ladies take their shoes off at the airport for a decade, as an example.
Ultimately, nothing is perfectly secure and the best that we can do is be prepared for what we can expect and improve over time. “We need to stop worrying about the ‘ultimate protections’ and start by assessing the potential results of a breach,” he said. “You’ll never find a perfect or ideal solution and you’ll waste resources trying to make one. Instead, protect what you can and assess what the outcome of a breach would be and how you will react.”
Deciding on a security strategy for the IoT comes down to a cost versus benefit analysis. Figure out how much security you really need to protect your mission critical assets, whether those are confidential data points about users or consumers, or control code for a power plant. Protect what you can protect, and then make sure your plan includes contingencies for how your system will react in the event of a breach.
“The biggest real issue is control, not data,” Hosain said. “The only way to be completely secure is not to be connected. Failing that, set checks and balances to make sure the right people are accessing your controls and data sets.” M2M technology can even help with this, by setting breach sensors into security code that alert key personnel in the event of unauthorized access and even take protective action automatically before a human could even have reacted.
The process of building the IoT is still developing, although more rapidly than ever before. The development of M2M security measures is even more immature, but there is little reason to freak out.
“Most people who are thinking about this are just beginning to get educated about how and what measures to implement,” he said. “We have an interesting opportunity to prevent problems before they become huge problems. We need to think about security before we get to the billions of devices that have been predicted.”
At that scale, if security hasn’t been thought about and built in, it will become untenable to even make headway. In fact, it’s possible that if a common standard of security isn’t developed, the M2M marketplace won’t develop to those levels at all. “Security and scaling are the two major barriers to M2M adoption right now,” he said. “This is going to be very important.”
We need to be prepared to avoid ending up Beyond the Thunderdome. You know the law: Two men enter, one man leaves. But we can easily avoid that future by getting to work on simple security plans and standard practices.
Roll out.
