New IoT security body launches

Today sees the launch of a new industry body created to vet smart devices for vulnerabilities and flaws. The Internet of Things Security Foundation (IoTSF) consists of more than 30 companies, including BT, Intel and Vodafone, and will look to encourage smart device manufacturers to think about security as hardware is being developed.

The creation of the body has been welcomed by industry. Among them, French Caldwell – a former fellow at Gartner and now “chief evangelist” of GRC at MetricStream – who believes that as the security challenges of the Internet of Things (IoT) are so great, they can no longer be a design afterthought.

“It’s often the case that laws and regulations come after major failures, so it’s a welcome change to have these leading companies coming together proactively,” Caldwell said. “After all, the security challenges are mammoth. It’s not just the volume of data, but the rate of creation of data, and the number of end points that create greater security challenges. Information is being collected from your social and online activity, data from your smartphone on your health, data from your car, your shopping history from your credit cards, and data from your smart TV to create an extraordinarily complete digital profile. The predictive nature of these profiles could be used to discriminate or even to target individuals.

“Consumers will also be jailbreaking these devices for one reason or another. This could create security problems, but also creates safety issues. Perhaps someone wants their self-driving car to go faster than the speed limit – they may jailbreak it, and modify the programming to enable it to go well over the speed limit.”

Caldwell says the industry also needs to think about compatibility. “Some IoT services may require integration of devices that may be operated by different vendors, with different operating systems, and written in different programming languages,” he said. “Glitches will abound. Also, what about when one vendor pushes out an update or patch, and that creates an incompatibility with other devices in the network. There’s a large potential for inadvertent failures – not so bad for your smart TV, but pretty awful for a failure of your smart fridge when you’re out of town, and perhaps deadly for the medical devices that are monitoring and assisting your elderly parent.”

Smart cities are set to change our lives in ways we have little chance of predicting. Martin Allen-Smith examines the opportunities and challenges for risk professionals

Read Tech and the city from the March 2015 issue of CIR Magazine.

    Share Story:

Recent Stories