By Daniel Price
Three Myths About The Internet Of Things And Security
Privacy and security is a hot topic at the moment. From heartbleed to the NSA and from government spying to Obama’s State of the Union address, it seems everyone is keen to have their say on what they think security and privacy in the online world should look like. It’s no wonder, therefore, that there are a lot of myths and untruths circulating. Here we look to debunk some of them…:
Myth 1: The private sector is capable of meeting security challenges by itself
President Obama and Prime Minister Cameron have drawn praise and derision in equal measure in recent weeks. Not long ago they stated they thought the government should have more ability to access private online communications to help combat terrorism – some regarded their views as sensible, while others took serious umbrage with the idea of the state having yet more intrusion into our privacy.
The truth is the private sector is unlikely to be capable of meeting the increasing challenges by itself. Whether or not you agree with the concept of state intervention, at the very least the private sector needs help in facilitating an information exchange that contributes to the public good. Ultimately individual companies are probably not motivated to care about the public good without guidance from public policy – though public policy will only be effective with proper feedback of what’s working and what’s not from researchers, enterprises and users.
Myth 2: More security means less privacy
Technically, security and privacy appear to be two sides of the same coin; both rely on encryption, both use design processes to help ensure their protection, and both suffer similar types of failures.
However, there is a distinction. Privacy is about providing information into a system and not being personally harmed by doing so, security is about creating value and then protecting that value. The recent IEEE Summit on Internet Governance saw several speakers claim we were currently dealing with security versus privacy, when in fact we should be looking at security blended with privacy. By taking the view of one versus the other, we do not allow the technical community to accurately describe the choices society is facing. Collectively we have to find practical levels of security and privacy that work in a cost effective way – not choose one over the other.
Myth 3: Traditional software security will work for the internet of things
One of the biggest challenges for the internet of things is getting the message to new adoptees that traditional, desktop security strategies will not work very well.
Methods that are now common practice among desktop users – such as rolling monthly updates, new software releases, and security patches – are not necessarily practical for the IoT, where some devices and technologies could be in place for many years before they are replaced or upgraded.
Scale is also an issue; where IT networks may traditionally comprise of hundreds, maybe thousands of devices, the number of IoT devices will dwarf it and continue to grow exponentially. Companies will be stepping into a world we they experienced before and that they haven’t engineered for – the dynamics are an unknown.