The security impact of IoT evolution

Francis Bacon, First Viscount St. Alban (1561 – 1626), wrote, “As the births of living creatures, at first are ill-shapen, so are all innovations, which are the births of time.”

While this probably doesn’t speak well of Viscount Bacon’s opinion of babies, it should give us pause as we think about the likely shape, and impact, of the IoT. Things, after all, rarely turn out the way we expect them to, and in the case of technology, the final form can often look very different from the first tentative shape.

Who remembers the Apple Newton? Clunky? Possibly. Quirky? Definitely. Yet, it laid the groundwork for the first generation of PDAs, opened the door for Palm, and was arguably, under the guidance of Steve Jobs, reborn as the iPhone. For those in doubt, note that we tend to use our phones far, far more for connecting to the Internet and other functions than we do as an actual phone.

Smartphones now play such a central role in our lives that the information on them is highly sought after. Hard to imagine back in the days when Doonsbury was mocking the Newton’s rather mixed record of data capture.

Look back a little further. That great definer of technological change in the 20th Century, the automobile, had far from an auspicious start. Even Henry Ford’s icon Model T was designed to be a car for farmers to use. Yet, the automobile now defines how we plan cities, represents the most tangible and public of status symbols, and is rapidly evolving to carry more computing power than was available to entire governments only a handful of decades ago.

So, it is likely that our estimation of the final form for the Internet of Things is likely to be as ill-shapen as the innovation itself. What we assume to be the shape and impact of this most disruptive of technologies will, if history is a guide, likely be far from the reality of where we end up. So, we should be equally cautious in our planning for the security impact of such a set of technologies.

The battle between the FBI and Apple, regardless of which side you come down on, is really only the beginning of what will inevitably be a new phase in the constant contention between privacy and security, and the IoT will both define the battleground and the tools.

More devices, more data, and more ways for information to be stored, analyzed and used, all of which will increase the pressure to define some standards for what is, and isn’t, private. Yet for all the current angst over the IoT, we may only be seeing the very frosty tip of a much larger security iceberg.

It would be very dangerous to assume that the problems we face today are going to be the real challenges that we must overcome in the future. While hacking cars, (or smart scales) might seem cutting edge today, it’s unlikely that we’ll be facing such mundane problems once we are actually surrounded by the IoT, 24/7. The pervasive, immense scope of the IoT will require far more of us in the security industry than simply beefing up Wi-Fi security and making it harder to find the reset switch.

The IoT already has a reputation for being the home of security afterthoughts, but, it doesn’t have to be that way. We can define and build more secure systems, and even more importantly, we can implement tools that let us identify when the security we design into these devices has been compromised.

Attacks will evolve at least as fast as the IoT itself, and evolution, like time and tide, waits for no man. The birth of the IoT, like any birth, is filling with a mixture of hope and challenge. It’s not easy, and the noisy, ill-shapen thing we now find ourselves having to live with, may grow up very, very differently than we expect.