Toward the end of last year, disturbing cyber security news tied to IoT cast a pall over the industry, and things haven’t magically improved in 2017. The most recent black eye for IoT security came in the form of a directory traversal vulnerability. It was discovered and reported on a “smart” professional-grade dishwasher months ago, but it’s still being left unaddressed. According to ZDNet, “an unauthenticated attacker may be able to exploit this issue to access sensitive information to aid in subsequent attacks.” Furthermore, the Computer Incident Response Center Luxembourg’s Common Vulnerabilities and Exposures (CVE) board, where the vulnerability is documented, notes that the manufacturer has failed to respond to repeated requests for updates on a fix.
Why IoT Security is Important:
I wrote an article explaining why security is the categorical imperative of the Internet of Things for ReadWrite at the start of the new year. I think it’s worth revisiting the main points again — and again and again. To paraphrase myself:
- The focus on speed to market, cost minimization, and ease of use in the IoT ecosystem has led to poor IoT security implementation, which has fueled the level of destructive capability for threat actors.
- IoT manufacturers must adopt and meet baseline security standards, enforce procedures that prevent infiltration, help detect inappropriate access to connected products, and provide ways to mitigate damage should unauthorized access or exploitation occur.
- No matter what, IoT security must be “baked directly into every IoT solution; incorporated into the development process of all devices and systems and suppliers; normalized across every application.”
- For guidance, the Internet of Things Consortium (IoTC) Privacy and Security Committee (which I co-chair) and similar organizations seek to establish and disseminate principles for minimum viable products and policies to strengthen privacy and security.
My rallying cry in the ReadWrite article remains relevant: “If it isn’t secure, it shouldn’t be allowed on the Internet.”
If you’re interested in learning more about IoT security and how to successfully embed IoT security processes into your IoT solution, you can find more information on the subject by clicking the button below.