You assess the new technology, be cautious, anticipate the dangers, get confident and then scale the use of technology as a real business enabler. It is same for IoT.
Does that indicate IoT to become a larger nightmare for CISOs?
IoT is in infancy state with all connected devices have few controls in place first before we become more confident about the systems working for us.
The energy sector have sensors in place since long time. We see some homes in UK have connected thermostats to control heating temp that is programmed with the phone with geo location. The potential for IoT to improve our lives is limited only by the imagination as people are averse to implement new technology.
IoT is relatively new but malware authors are exploiting it. We have seen 'proof of concept' attacks on - connected vehicle taken off the road remotely, lightning turned off and the heating manipulated of a hotel, medical machines can be manipulated to administer wrong dosage to patients in healthcare sector (which is wide adopted of connected devices). These dangers are lurking as more connected devices (total of 50 billion devices expected in 5 years) will be additional risk.
It will be a combination for regulations and guidance for creators of these connected IoT devices to build in security by design and not as an afterthought. And of course as these connected devices are deployed in homes and Bsuiness, you need to make sure that they are not used as a platform to get access to other networks.
Securing various pieces (hardware, software, sensors, and services) from different vendors in IoT world sounds a difficult task too.
It will be a huge challenge. It is a wild wild west at the moment.
Many competing and even OS or customization of operating systems are implemented with no industry standards for IoT. There are association bodies trying for standardizations but internet by its very nature is an unique beast that no single entity can have complete control. The creators of connected devices have 'first to market' strategy with new style of device to sell lot of them. There is perception that if they take longer to install security codes and degrees on standard, they will not make more profits as desired.
IoT applications are like short term fashion statements. Some of them might have short life span with no updates, run on older OS and no patches. But people will have them in their homes perhaps using lot less than before. With a foothold on their network, it poses a real danger. Home Wi-Fi have been hacked in the past.
There are keyless door locks that are IoT connected. I even saw a barbeque which was IoT connected for temperature controls to cook the perfect meal. These is no end to all kinds of applications in the market.
Sign up for CIO Asia eNewsletters.