Act now, or live in a world with 45 trillion IoT security holes
SAN FRANCISCO – The security of Internet of Things devices was a popular topic here at the RSA Conference. In fact, there were more than a dozen sessions on IoT security, even though there was not a separate track for IoT at the conference.
The session topics ranged from connected product security to connected car vulnerabilities and enterprise IoT security.
Perhaps the most interesting discussion on IoT security did not even take place at RSA, but at a nearby after-hours event sponsored by Virginia's Center for Innovative Technology and the Herndon, V.A.-based Mach 37 Cyber Accelerator. The event was kicked off by Virginia Governor Terry McAuliffe (D), who encouraged companies to set up shop in his state. He stressed that Virginia has a strong background in defense technologies, including cybersecurity (as well as more than 300 wineries, if you enjoy wine).
The IoT security panel was led by Mike Murray, vice president of security research at mobile security firm Lookout, and included Dave King, chief technology officer for cyber systems at General Dynamics Mission Systems; Dmitry Dain, founder and chief technology officer at Virgil Security; and Steven Chen, founder and CEO of PFP Cybersecurity.
The consensus of the panel was that companies and developers are rushing to get IoT devices developed and deployed at low costs without building in security. With billions or even trillions of connected devices expected in the coming decades, this creates a security nightmare with each device being a potential entry point for hackers.
Dain said that "when we are building IoT systems today, we have to look at what it is going to become." He cited an estimate by Fairchild that there would be 45 trillion IoT devices by 2033.
King warned: "If we misstep here at the beginning with IoT security, I think there is going to be ramifications down the road that we haven't even thought about yet."
Chen added: "It is almost impossible to protect IoT devices, which need to have low cost, low CPU power, low battery power, low resources and don't even mention the ignorance of the low-cost designers."
The proliferation of IoT devices in the enterprise, at home and at school will create millions of security holes that not only security professionals but everyone who has smart devices in their home will need to deal with. Let's hope we take security seriously at the start before we live in a world with 45 trillion security holes. - Fred, @FierceFred1