IoT Security in an Age of Insecurity
Amanda LopezAmanda Lopez
Discussions about the Internet of Things (IoT) often focus on a âSecurity vs. Privacyâ paradigm. However, last month author Susan Landau emphasized instead that discussions should focus on âSecurity vs. Securityâ at a New America event entitled Listening In: Cybersecurity in an Insecure Age.
[caption id="attachment_7281" align="alignnone" width="1632"]
New America event[/caption]In her same-titled book, Susanâs historical perspective, legislative knowledge, and cyberattack descriptions make a convincing case for the need to secure our data. She describes how security has matured slowly leading up to todayâs strong-encryption found in corporate, government, and military environments.
During her talk, Susan states that we havenât really adapted to the digital revolution of the past 10 years. During the industrial revolution, securing access to a machine on the factory floor was much simpler, âWith in-person authentication in factories, everybody knew everybody. But our mental models havenât moved.â
âWhen you talk about building a front/back door into security, everybody has access to it eventually. When you make phones easy to open, itâs open to everybody to get at the software and the data. Instead, you have to educate everybody. Encryption is what will protect us.â
âYou cannot outlaw encryption; Itâs in applications. that battle is over.âMost importantly for IoT, Susan argues that opening up security for FBI, DOJ and others âremoves long-term the ability to use your phone as one of the factors in 2-factor authentication.â
âCivil society is really threatened, for example an LGBT or a climate-change group. These organizations donât have the funds to provide their own security and encryption. They need to rely on phone companies, and other tools to do it for them. Thereâs all kind of microdata thatâs being collected. For example, Google and Apple collect the swipes on your phone to help design a better user experience. But theyâor othersâcan use that microdata for negative reasons also.â
Susan doubts whether blockchain technology with 2-factor authentication will alleviate security challenges. âThere are certain advantages to anonymous devices, but I donât see it catching on for IoT devices. I donât see it useful here with security encryption.â
[caption id="attachment_7074" align="aligncenter" width="970"] "IoT Security Spending Compared to Device Growth" ©Gartner / TelecomTV[/caption]
In 2014, the Presidentâs Council of Advisors for Science and Technology (PCAST) also concluded that, âNotice and choice donât work. What you need to do is control use.â
Susan ends her talk with, âThe most important arguments are about privacy. [Civil society] cannot protect themselves without encryption.â So essentially, security is a means to a secure end: protecting consumers' privacy.
The Most Comprehensive IoT Newsletter for Enterprises
Showcasing the highest-quality content, resources, news, and insights from the world of the Internet of Things. Subscribe to remain informed and up-to-date.
New Podcast Episode
Related Articles