The terms "Internet of Things" (IoT) and "connected home" are two of the trendiest buzzwords in the technology world today. And while both clearly offer very real potential, they also introduce their own share of risk, particularly if they're not approached with caution, according to Jerry Irvine, an owner and CIO of IT outsourcing services firm, Prescient Solutions.
Irvine, who is a member of the National Cybersecurity Partnership (NCSP), a "public-private partnership...established to develop shared strategies and programs to better secure and enhance America's critical information infrastructure," says his expertise is general cybersecurity and system communications. And he has the certifications to prove it. The Prescient CIO's resume includes CISM, CISA, CISSP, MCSE, CCNA, CCNP, CCDA, CCDP, CNE, CBCP, CASP, CIPP/IT, IAPP/IT, ITIL, CGEIT, and Cisco Wireless Professional certifications.
"Any security cert that's out there, if I don't have it, if you find one, you let me know, and I'll go get it," Irvine told CIO.com Senior Editor Al Sacco.
Irvine spoke with Sacco about IoT and connected-home security, as well as how both consumers and enterprises can prepare for the flood of coming device — and protect themselves from hackers looking to leverage the IoT to steal sensitive personal or corporate data.
Al Sacco: What exactly does the term "Internet of Things" mean to you?
Jerry Irvine: It means the interconnectivity of things. It's not just the Internet in general, but the ability for devices, all types of devices, to communicate. They communicate across a publicly-accessible, unsecure Internet. Basically everything we have today is being configured for us to remotely control and manage it. And the infrastructure is the Internet.
What do you think of first when you consider IoT?
Truthfully, it's scary as hell. The Internet in and of itself is an insecure and highly-risky environment. It's like walking down an alley at night without the appropriate security measures.
The first remotely-controlled devices were manufacturing devices, heating and air conditioning, things of that nature. They were not very intelligent. They were simply a means to gather information and provide remote connectivity of manufacturing equipment so that technicians could manage more devices and get alerts when something was going wrong.
No security measures were ever put in place. The manufacturers of these "Internetable" home devices are doing the same thing that the manufacturing companies did years ago, and they're making these unintelligent, insecure pieces of equipment that are designed to do one or two things with very little security measures put in place. They may have an individual user ID and password, but there's very little else they do for security. So when you start "Internetting" all of this equipment, you're really leaving yourself susceptible to it.
Sign up for CIO Asia eNewsletters.