Not before long, everything’s going to be connected to the Internet. We’ll have smart cities where water, power, and even traffic are all automated online. We’ll have hospitals that leap forward into a new era of patient care, and government agencies that are able to gain more visibility into their infrastructure than ever before.
There’s just one problem - when something is connected to the Internet, it’s inherently vulnerable. People can try to attack it, either to exfiltrate data or cause destruction. Indeed, that’s already happened on more than one occasion.
'For years, security experts have been warning that hackers can disable systems that control critical infrastructure we all rely on, such as dams and power plants,' writes MIT Technology Review’s Marin Giles. 'The rush to hook up legacy systems to the web can leave them vulnerable to attack.'
It doesn’t help that, where security is concerned, the Internet of Things is very much still the wild west. Although some headway has been made in legislating away the security failings of the connected world, it still represents a very real threat. And it’s a danger to more than just our data or our finances.
Certainly, we’ve seen a bit of damage already. Massive botnets capable of wiping out vast swathes of the Internet. But that’s tame compared to what might be in our future.
'We’re creating a world where everything is a computer,' explained privacy specialist and author Bruce Schneier at the SecTor conference last November. 'Governments are already involved in [regulating] physical systems [such as the automotive, transportation, health and other industries] and when the Internet actually starts killing people there will be a call for action. Nothing motivates government like fear.'
That may sound like hyperbole, but it isn’t. We’re well past the point where cybersecurity could be considered solely a business problem. With the Internet of Things, it’s a public safety issue. And if government organizations - which use IoT to a very large extent themselves - can’t get on top of the problem, we could enter into a whole new era of cyberwarfare and digital terrorism.
Imagine a world where an enemy government can employ hackers to shut down a nation’s power grid. Imagine a black hat capable of disabling the traffic lights in a city or taking control of a fleet of self-driving cars. Imagine what could happen if a hacker were able to gain access to a nuclear power plan.
These are all very real problems, and all underscore the dangers inherent in the Internet of Things. Mind you, those dangers don’t outweigh the potential gains. IoT is poised to change the world in some fantastic ways.
It’s just that if we can’t figure out some way to take control of its security failings - if governments don’t hash out the finer details - it’s also going to change the world in some less-than-fantastic ways. That said, it’s not like businesses can always take a direct role in how government agencies legislate and manage new technology. What exactly can we do while they play catch-up?
Simple - lead by example. Make sure you don’t use any IoT products with known security issues in your home or office. Hold vendors accountable for the security of the products and services they sell, and ensure your security infrastructure is prepared to manage and monitor all endpoints - not just smartphones and desktop computers.