IoT Security Challenges. What’s Really Our Role?

IoT security challenges.

Sometimes things become so great that they exceed the expectations of the clever clops that created them. They take on a life of their own and grow and expand organically; connecting in ways that we would never have thought of and becoming so much bigger than the original parts and idea. The IoT is one such “thing”. Its applications and growth are improving businesses, personal lives and indeed governments on all levels, in ways one couldn’t have originally imagined. IoT security challenges are however, already on our radar with news of attacks reaching us regularly.  Usually, it is the responsibility of the creator of such a “thing” to ensure safeguards to protect the people that are using it. However, sometimes growth is so rapid, connectivities are so complex and the impact so wide reaching, that safety concerns become second place to growth. The sheer size of it means that the notion of who is responsible for “it” becomes very ambiguous.

Is the IoT the marvellous beast that has gotten away from us?

The IoT has the potential to make lives significantly better, particularly in the areas of telehealth, accessibility, personal emergency response systems (PERS) and smart cities. It offers unprecedented connectivity, efficiency and personalised care. It is predicted by Gartner (generally considered to be the most cautious in its estimates) that there will be 20.8 billion connected devices in use by 2020. This poses a billowing opportunity to really make a difference to the lives of people. However, the looming security issues seem to be casting a murky shadow on that potential for greatness.

Whose responsibility are IoT security issues really?

Traditionally, the tech sector takes pride in its ability to self-regulate. This allows for freedom, creativity and significant economic gains. However, in this instance, is there a need for greater government intervention?  The dynamic monolith that is the IoT, is growing so rapidly, organically and in unprecedented ways, that perhaps it is bigger than the individual devices and apps that operate on it and indeed bigger than the infrastructure that fuels it?  Its growth is fed by start-ups, big business, governments and the general consumer’s voracious appetite for the benefits that it has to offer. As such, the very benefit of connectivity that makes the IoT so great, is also the very big elephant in the room which makes  it so vulnerable.

In a report by the Center for Strategic and International Studies, Australia was identified as the country that felt the most vulnerable in terms of a lack in cyber security professionals. The federal government’s $230 million dollar cyber security strategy is generally felt to be comprehensive enough in its offensive tactics to protect us from major attacks in the future. It’s looking for collaboration in creating national security measures.  Although, there plans are  as yet untested. However, what we are perhaps lacking is in defensive strategies.

To have a decent defensive program in place the start-up or tech company has to implement defensive programs and safeguards at production and update stages. Currently, the Australian Government has released voluntary standards which companies can adopt as they see fit. From some start-ups and businesses’ perspectives  it’s much like knowing you should eat kale and exercise regularly. Yet, you continue to eat the hamburger and chips because it tastes so great and it’s much more exciting. Besides, that heart attack will never happen to you right?

This adhoc adoption has no cohesiveness and in most cases is the last thing on the radar of a start-up busting at the seams to launch. Surely, a better strategy  for our industry  is to adopt self-regulated minimum standards  to ensure adequate security safeguards in both devices and infrastructure. Better this, than wait until an attack happens on Australian shores and the consequent debris results in prohibitive legislation that will add considerable expense and time to product launches.  Particularly, when it comes to high risk industries such as telehealth and PERS.

The devices and apps we create have the potential to make a real contribution to the quality of people’s lives. That is what makes this industry so exciting and rewarding to work in. For this to work though, there is no point ignoring the giant grey-trunked beast in the room. We need to do the work to  protect our apps and devices. This, combined with the offensive and precautionary broader range strategies proposed by the Australian government, will ensure a level of comprehensiveness that will certainly help us make the difference to people’s lives that we are striving for. Let’s make sure we do our bit.