Communications of the ACM,
News: “Deep Insecurities: The Internet of Things Shifts Technology Risk”
By Samuel Greengard
“Security experts say a two-pronged approach is needed: manufacturers must change how they build their products, and new laws must support security and privacy.”
It is human nature to view technology as a path to a better world. When engineers and designers create devices, machines, and systems, the underlying premise is to deliver benefits. The Internet of Things (IoT) is certainly no exception. Smartphones, connected cars, automated thermostats, smart lighting, connected health trackers, and remote medical devices have made it possible to accomplish things that once seemed impossible. Everything from toothbrushes to tape measures are getting “smart.”
However, at the center of the tens of billions of connected devices streaming and sharing data lies a vexing problem: cybersecurity. It is no secret that hackers and attackers have broken into baby monitors, Web cameras, automobiles, lighting systems, and medical devices. In the future, it is not unreasonable to assume that cybercriminals could take control of a private citizen’s refrigerator or lighting system and demand a $1,000 ransom in bitcoin in order to restore functionality. It is also not difficult to fathom the threat of a vehicle that won’t brake, or a pacemaker that stops working due to a hack. Hackers might also weaponize devices and take down financial systems and power grids.
The thought is chilling, and the repercussions potentially far-reaching. “All these devices, which now have computing functionality, affect the world in a direct physical manner—and that just changes everything,” observes Bruce Schneier, an independent computer security analyst and author of Click Here to Kill Everybody: Security and Survival in a Hyper-connected World (W. W. Norton & Company, 2018). “Today, computers can actually kill you.”
Adds Stuart Madnick, John Norris Maguire Professor of Information Technologies at the Massachusetts Institute of Technology (MIT) Sloan School of Management, “We are entering a dangerous period. We have to wake up to the risks.”
Finding a Fix
At the center of this frightening scenario is a simple but profound fact: the technical resources largely exist to address the risk of a hyperconnected world, but the political, economic, and social impetus is lagging. “The fundamental problem is that companies are interested in getting products to market quickly. The market does not reward security,” Schneier says. Adds Madnick: “It has become apparent that we cannot rely on manufacturers and vendors to consistently include the essential security protections.”
About the Author:
Samuel Greengard is an author and journalist based in West Linn, OR, USA.