With the IoT Tech Expo (23-24 January) just around the corner, and MWC and Embedded World not far behind, the great and the good of the Internet of Things are getting ready to wow us with their latest offerings in the IoT space. For people like me who like nothing better than to get their hands on the latest IoT toys these are good times.
In the early days I had my doubts that the IoT would be all it was cracked up to be. However, while predictions have downgraded from the early days of IoT hype, there’s no doubt that we’ve passed an inflection point: IoT is now a reality. Devices are being deployed en masse and what was once considered ‘pie in the sky’ is becoming almost prosaic in some quarters.
Yet as we move into the Second Age of the IoT, and with millions of devices already deployed, a critical question is rearing its head – the thorny issue of IoT security. It turns out that the IoT presents a unique security challenge. Many manufacturers have not exactly been, shall we say, ‘stringent’ in the security precautions they have integrated into their devices. What’s more, IoT companies have famously short lifecycles, and as the early prospectors in the IoT goldrush have collapsed they’ve left huge numbers of unsupported devices in the field.
The sheer scale of IoT device deployment, twinned with poor security measures and unsupported devices, presents an opportunity for DDoS Botnet attacks on a scale hitherto unseen. Sure enough, in later 2016, the website of a prominent security blogger, Brian Krebs, was brought down by a gargantuan flood of requests from compromised devices such as webcams, DVRs, etc. Krebs’ site was shortly followed by a prominent US ISP, causing a serious slowdown in the US net infrastructure, as well as services like Spotify, Netflix and others. Most analysts predict IoT security to present a major issue across 2017.
This is clearly no longer an issue the industry can afford to ignore. The opportunity for brand damage is enormous. And while visitors to shows like IoT Expo will still be impressed by the latest shiny Internet-Enabled Doohickey, this year security will be front of mind for show attendees. Shortly after the question ‘What can it do?’ will be the questions ‘How secure is it?’ and ‘What’s the plan for long-term support?’
Just to declare an interest, we’ll have a few IoT clients at these shows. One of them, the IoT arm of OS provider Ubuntu, is heavily promoting its view that security will be best addressed, first-and-foremost, at the device-OS level. While I agree that this is probably the most effective starting point I suspect any eventual solution will also, in fact, involve a combination of device and network/ISP-level measures as well as better user education and government-imposed legislation.
It seems that, now that the IoT has grown up, it’s time for us to put away childish things, (arguably few people really wanted a smart fridge in the first place), and face up to the (perhaps slightly less exciting) reality of making it all work. And yet oddly, now that the IoT is more of a known quantity there’s never been a time at which I’ve found it more exciting.