It takes an army of trained, licensed, and accredited professionals to build a skyscraper in most cities around the world. But what about the software platforms and machine learning tools that have become crucial components of the world’s financial, military, medical, and communications ecosystems?
The critical software and technical systems we rely on daily are like invisible skyscrapers all around us — yet we often don’t know who designed them, how they were constructed, or whether they hide defects that could lead to massive inconvenience, financial chaos, or catastrophic failures.
You’ve just been hired as an architect in an up-and-coming startup. The company has the most brilliant and innovative idea for a smart device that will make you all rich. Your job description is very interesting, and your first mission is to ensure that what the company builds is secure.
First of all, congratulations are in order: Just by thinking about security, your company is already miles ahead of everyone else in the internet of things (IoT) space. As the joke goes, the “S” in IoT stands for “security.”
Why would the IoT be a special case? What’s different about it from any other project? Pick a secure development life cycle (SDLC) framework, shift your security left as much as you can and surely the result will be secure by design, right?
…For all the many advances in IoT technology, security remains a thorny stumbling block.
“With IoT, companies face a monumental challenge: applying digital security to processes that have never before been digitized,” sums CompTIA’s Robinson in his “2019 Trends In Internet Of Things” study published in February of this year.
The problem is especially acute among small business that heretofore never thought their systems would fall prey to cybersecurity attacks.
“Small businesses are the least prepared for the security demands of IoT,” Robinson notes. “For many years, small businesses operated under the assumption that their digital assets were not at risk from cyberattacks. To some extent, this may have been true, but the situation has changed; all data has value, and breaches can cause more disruption than ever. The risk is magnified when physical assets and processes can be hacked.”
Embedded programming has a long history of making devices do what people need. However, it remains largely overshadowed by application programming. When application programmers were embracing relatively high-level object-oriented languages like C++ or Java, or graphical application development environments like MATLAB, embedded programmers were only moving from into C. They were always outnumbered by app programmers. Today, even hobbyists can develop an app using an easy language and share it with the world, while embedded programmers need to have deep knowledge of hardware and firmware, and how to write programs that can execute in often highly resource-constrained environments.
Have you seen the commercial where the mom of a sobbing child asks, “Alexa, when did Madison last have a tetanus shot?” And Alexa says, “Madison had a tetanus shot on 8/15/16, and is due for another one on 8/15/26, though the Mayo Clinic recommends a booster shot if she experiences a puncture wound.” And then the mom asks Alexa to locate the nearest open urgent care center that accepts the family’s insurance, and Alexa comes through with driving directions, travel time, and estimated wait time?
You haven’t? Neither have we.
About 40 percent of U.S. households — a number that grows every day — ask Alexa and Siri and “Hey Google!” to perform an astonishing variety of data-related tasks. But they rarely include those that have anything to do, except in the most general way, with health and medical care.
At the fifth annual MIT Enterprise Forum Connected Things event, the report card on the state of Internet of Things seemed to deliver mixed results. In the five years since the event kicked off, the IoT and Edge Computing space has evolved in some ways and not really materially changed in others.
However, one aspect of the event that struck me was that I didn’t see or hear much that looked like solutions in search of problems. This partly reflects a focus on technologies and applications that aren’t part of the consumer gadget space (which still seems to feature more IoT toys than genuinely useful products).
But it also reflects a maturing industry segment that has really started thinking about use cases and how to systematically apply IoT technology for business value. Let’s check in on five key areas:
Ottawa-based software as a service (SaaS) accelerator program L-Spark Corp. is launching a new Secure IoT Accelerator program, working with Telus Corp, BlackBerry Ltd. and Solace, the group announced on Wednesday.
The program will work with Canadian ventures developing Internet of Things (IoT) products and services. With communications vendor Cisco Systems Inc. predicting the global IoT market will be worth $1.1 trillion USD by 2021, there’s plenty of incentive to develop more advanced and secure IoT technologies.
The accelerator will not provide any funding to firms selected to take part, according to Leo Lax, the executive managing director at L-Spark. Nor do they have to pay any fee to take part or share any of the intellectual property they develop. But they do have to put their R&D resources towards developing a proof of concept on a hardware and software platform being provided by the three technology firms partnered with the accelerator.
Alex “Jay” Balan, Bitdefender’s Chief Security Researcher, begs to differ. “Internet of Things is not optional,” he said here at RSA. “It’s not the user’s choice. Everything is becoming smart.”
Every network printer is an IoT device, he pointed out. “People believe that the printer is secure because it’s a physical box. I can take the paper out, and nobody can print. But in reality, anyone on the network can access the printer, and most have a management console without a password.”
Getting access to every document a printer ever printed doesn’t even require an exploit, because the functionality is simply present and available.
The Internet of Things is everywhere, and it continues to grow as manufacturers add computing capacity to more and more of their products. All of these Internet-connected devices present a security risk, and it’s a lot bigger than an intruder adjusting a homeowner’s Nest thermostat a couple of degrees. We can all help reduce the security risk associated with IoT by adopting the concept of herd immunity.
The Internet of Things (#IoT) as a concept is fascinating and exciting, but the key to gaining real business value from it, is effective communication between all elements of the architecture so you can deploy applications faster, process and analyze data at lightning speeds, and make decisions as soon as you can.