It takes an army of trained, licensed, and accredited professionals to build a skyscraper in most cities around the world. But what about the software platforms and machine learning tools that have become crucial components of the world’s financial, military, medical, and communications ecosystems?
The critical software and technical systems we rely on daily are like invisible skyscrapers all around us — yet we often don’t know who designed them, how they were constructed, or whether they hide defects that could lead to massive inconvenience, financial chaos, or catastrophic failures.
You’ve just been hired as an architect in an up-and-coming startup. The company has the most brilliant and innovative idea for a smart device that will make you all rich. Your job description is very interesting, and your first mission is to ensure that what the company builds is secure.
First of all, congratulations are in order: Just by thinking about security, your company is already miles ahead of everyone else in the internet of things (IoT) space. As the joke goes, the “S” in IoT stands for “security.”
Why would the IoT be a special case? What’s different about it from any other project? Pick a secure development life cycle (SDLC) framework, shift your security left as much as you can and surely the result will be secure by design, right?
…For all the many advances in IoT technology, security remains a thorny stumbling block.
“With IoT, companies face a monumental challenge: applying digital security to processes that have never before been digitized,” sums CompTIA’s Robinson in his “2019 Trends In Internet Of Things” study published in February of this year.
The problem is especially acute among small business that heretofore never thought their systems would fall prey to cybersecurity attacks.
“Small businesses are the least prepared for the security demands of IoT,” Robinson notes. “For many years, small businesses operated under the assumption that their digital assets were not at risk from cyberattacks. To some extent, this may have been true, but the situation has changed; all data has value, and breaches can cause more disruption than ever. The risk is magnified when physical assets and processes can be hacked.”
Embedded programming has a long history of making devices do what people need. However, it remains largely overshadowed by application programming. When application programmers were embracing relatively high-level object-oriented languages like C++ or Java, or graphical application development environments like MATLAB, embedded programmers were only moving from into C. They were always outnumbered by app programmers. Today, even hobbyists can develop an app using an easy language and share it with the world, while embedded programmers need to have deep knowledge of hardware and firmware, and how to write programs that can execute in often highly resource-constrained environments.
Ottawa-based software as a service (SaaS) accelerator program L-Spark Corp. is launching a new Secure IoT Accelerator program, working with Telus Corp, BlackBerry Ltd. and Solace, the group announced on Wednesday.
The program will work with Canadian ventures developing Internet of Things (IoT) products and services. With communications vendor Cisco Systems Inc. predicting the global IoT market will be worth $1.1 trillion USD by 2021, there’s plenty of incentive to develop more advanced and secure IoT technologies.
The accelerator will not provide any funding to firms selected to take part, according to Leo Lax, the executive managing director at L-Spark. Nor do they have to pay any fee to take part or share any of the intellectual property they develop. But they do have to put their R&D resources towards developing a proof of concept on a hardware and software platform being provided by the three technology firms partnered with the accelerator.
Alex “Jay” Balan, Bitdefender’s Chief Security Researcher, begs to differ. “Internet of Things is not optional,” he said here at RSA. “It’s not the user’s choice. Everything is becoming smart.”
Every network printer is an IoT device, he pointed out. “People believe that the printer is secure because it’s a physical box. I can take the paper out, and nobody can print. But in reality, anyone on the network can access the printer, and most have a management console without a password.”
Getting access to every document a printer ever printed doesn’t even require an exploit, because the functionality is simply present and available.
The Internet of Things is everywhere, and it continues to grow as manufacturers add computing capacity to more and more of their products. All of these Internet-connected devices present a security risk, and it’s a lot bigger than an intruder adjusting a homeowner’s Nest thermostat a couple of degrees. We can all help reduce the security risk associated with IoT by adopting the concept of herd immunity.
The Internet of Things (#IoT) as a concept is fascinating and exciting, but the key to gaining real business value from it, is effective communication between all elements of the architecture so you can deploy applications faster, process and analyze data at lightning speeds, and make decisions as soon as you can.
Last Monday, a bipartisan group of Congressional members introduced in the Senate and House The Internet of Things (IoT) Cybersecurity Improvement Act of 2019. Sponsored by Senators Mark Warner (D-VA), Cory Gardner (R-CO), Maggie Hassan (D-NH), and Steve Daines (R-MT) and Representatives Robin Kelly (D-IL) and Will Hurd (R-TX), the bill is a revised version of an earlier bill of the same name introduced in 2017 with different co-sponsors.