What is the Internet of Things? Is it safe?

Written By Todd Mitchell

The problem with the internet of things is that in an effort to flood the market with shiny new toys security is forgotten. For example, how many security or firewall settings does the wireless security camera you bought to watch the dog while a work have embedded in it? About the same amount as your thermostat that you can control with your smartphone, none.  What about the camera inside your fridge to check if you need groceries while out shopping? Where is that data stored? Who owns it?

There are expected to be 50 billion connections of devices by 2020 (Castelluccio, 2015). Securing these devices will become a high priority in the future.  The Internet of things is made up of devices that have no method of authentication, are not encrypted, have poor physical security, and no audit logs (OWASP, 2015). This means the credentials are exposed, and the storage of data is in open text.

I think it will take a massive awareness with backing of many respected experts to make these issues important and get the public involved. As an example, the say no to drugs and other public awareness efforts took decades to make an impact on public opinion.

I believe in the meantime, policy and standards must drive the industries to protect cybersecurity for the consumers and keep the internet safe.

References

Castelluccio, M. (2015). Emerging cyber threats. Strategic Finance, 97(4), 55-56. Retrieved from http://ezproxy.umuc.edu/login?url=http://search.ebscohost.com.ezproxy.umuc.edu/login.aspx?direct=true&db=bth&AN=101901017&site=eds-live&scope=site

 Cloud Standard Customer Council. (2012). Security.

DOE. (2015). Research Call To DOE/Federal Labs RC-CEDS-2015. Retrieved from DOE: http://www.netl.doe.gov/business/solicitations/details?title=5ed8702c-fda9-4e84-be1d-81f51c3cab44

OWASP. (2015). OWASP Internet of Things Top Ten Project. Retrieved from OWASP: https://www.owasp.org/index.php/OWASP_Internet_of_Things_Top_Ten_Project

SANS Institute. (2010). Cloud Security and Compliance: A Primer. SANS Institue.

 Castelluccio, M. (2015). Emerging cyber threats. Strategic Finance, 97(4), 55-56. Retrieved from http://ezproxy.umuc.edu/login?url=http://search.ebscohost.com.ezproxy.umuc.edu/login.aspx?direct=true&db=bth&AN=101901017&site=eds-live&scope=site

Todd Mitchell
Previous

it cost less than the $2mil in damages
Next

Who is responsible for securing the critical infrastructure?