Micro Focus is now part of OpenText. Learn more >

You are here

You are here

IoT security debate rages as tech, policy converge

Paul F. Roberts Founder and Editor-in-Chief, Security Ledger

The Department of Homeland Security (DHS) will weigh into the debate about securing the vast Internet of Things (IoT) this week when it lays out new guidelines for connected device makers at the third annual Security of Things Forum in Cambridge, Massachusetts on Thursday.

Robert Silvers, the DHS Assistant Secretary for Cyber Policy, will present a set of strategic security principles for manufacturers, designers and developers of connected, IoT devices to consider when designing new products. Silver will also talk about the steps that organizations should take to secure connected infrastructure and devices that have already been deployed.

The talk comes amid growing interest by government, industry regulators and private firms in the burgeoning population of connected “stuff” that's expected to number in the billions of devices by the end of the decade.

“The Internet of Things is a full blown phenomenon, and it’s here. It brings incredible value to consumers and industry, but it also comes with attendant risks.” –Robert Silvers, DHS

IoT putting security, privacy at risk

The Department of Homeland Security is just the latest government agency to take a swing at taming the storm of connected devices hitting store shelves and worming their way onto corporate networks. And there’s ample evidence of work to be done on both security and privacy.

Speaking alongside Silvers at the forum, Dr. Kevin Fu, co-founder of the startup Virta Labs and Associate Professor, Sloan Research Fellow Computer Science and Engineering
Electrical Engineering and Computer Science, University of Michigan, will discuss the challenges that hospitals face as they try to ensure continuity of operations with a population of medical devices that are often difficult, or impossible, to secure.

Travis Goodspeed, a world-renowned security researcher who has developed tools to research embedded systems and wireless devices, will talk about the ways in which small, subtle, hardware-based flaws can become major security issues as components are used and reused across products of many different types.

More than one presentation at the conference will highlight serious vulnerabilities in home automation systems of the kind sold online and at big box retailers such as Home Depot and Best Buy. In his presentation, Breaking BHAD, Scott Tenaglia,  Associate Research Director at endpoint security vendor Invincea Labs, will delve into security holes he discovered in home automation hubs from Belkin, including multiple vulnerabilities in its WeMo line of home automation products and the Android mobile app that controls it.

Separately, researchers with IoT security tool vendor Senr.io will unveil a range of vulnerabilities in inexpensive embedded devices used for home networking and to connect “smart” products.

Internet of Things: Security front and center

When we first started doing this event, security and IoT was kind of a novelty. We asked ourselves, "Can we really talk about these two things together?'" No more. Today, security is front and center, because concerns about security and privacy are perceived to be one of the biggest obstacles to the IoT’s growth.

A report by the U.S. Department of Commerce’s National Telecommunications and Information Administration (NTIA), released last May, found that public faith in the Internet has dimmed in the wake of data breaches, cybersecurity incidents, and reports critical of the privacy practices of online services.

The biggest threat came in the form of “negative personal experience,” the report found. In a similar vein, a report from Berkeley’s School of Information and the Hewlett Foundation noted that cybersecurity is on the cusp of “profound psycho-social impact” on human society.

The Security of Things Forum takes place in Cambridge, Massachusetts on Thursday, September 22. Information on the show and registration is available at SecurityofThings.com. Follow developments from the show on Twitter using the #secot tag and via @secthings.

Image credit: Flickr

Keep learning

Read more articles about: SecurityApplication Security