IoT Security in an Age of Insecurity
- Last Updated: December 2, 2024
Amanda Lopez
- Last Updated: December 2, 2024
Discussions about the Internet of Things (IoT) often focus on a “Security vs. Privacy” paradigm. However, last month author Susan Landau emphasized instead that discussions should focus on “Security vs. Security” at a New America event entitled Listening In: Cybersecurity in an Insecure Age.
[caption id="attachment_7281" align="alignnone" width="1632"]
In her same-titled book, Susan’s historical perspective, legislative knowledge, and cyberattack descriptions make a convincing case for the need to secure our data. She describes how security has matured slowly leading up to today’s strong-encryption found in corporate, government, and military environments.
During her talk, Susan states that we haven’t really adapted to the digital revolution of the past 10 years. During the industrial revolution, securing access to a machine on the factory floor was much simpler, “With in-person authentication in factories, everybody knew everybody. But our mental models haven’t moved.”
“When you talk about building a front/back door into security, everybody has access to it eventually. When you make phones easy to open, it’s open to everybody to get at the software and the data. Instead, you have to educate everybody. Encryption is what will protect us.”
“You cannot outlaw encryption; It’s in applications. that battle is over.”Most importantly for IoT, Susan argues that opening up security for FBI, DOJ and others “removes long-term the ability to use your phone as one of the factors in 2-factor authentication.”
“Civil society is really threatened, for example an LGBT or a climate-change group. These organizations don’t have the funds to provide their own security and encryption. They need to rely on phone companies, and other tools to do it for them. There’s all kind of microdata that’s being collected. For example, Google and Apple collect the swipes on your phone to help design a better user experience. But they—or others—can use that microdata for negative reasons also.”
Susan doubts whether blockchain technology with 2-factor authentication will alleviate security challenges. “There are certain advantages to anonymous devices, but I don’t see it catching on for IoT devices. I don’t see it useful here with security encryption.”
[caption id="attachment_7074" align="aligncenter" width="970"]
In 2014, the President’s Council of Advisors for Science and Technology (PCAST) also concluded that, “Notice and choice don’t work. What you need to do is control use.”
Susan ends her talk with, “The most important arguments are about privacy. [Civil society] cannot protect themselves without encryption.” So essentially, security is a means to a secure end: protecting consumers' privacy.
The Most Comprehensive IoT Newsletter for Enterprises
Showcasing the highest-quality content, resources, news, and insights from the world of the Internet of Things. Subscribe to remain informed and up-to-date.
New Podcast Episode
Related Articles