However, real-world IoT isn’t without its challenges. As more devices connect to the internet, IoT security will continue to pose a problem for hardware and software developers.
For the Internet of Things to reach mass-adoption in the real world a truly mature, security has to become a primary concern—because to this point, companies have been fairly lax on protecting IoT devices.
The Recent Reality Check for Internet of Things Security
If you think back to the morning of October 21, 2016, you might recall having trouble visiting some of the world’s largest websites and services—Twitter, Netflix, Spotify, Reddit, The New York Times, GitHub, and more.
Large-scale cyber attacks are frequent in the news now, but none have been able to affect so many premier companies all at once. And insecure IoT devices were the major cause.
For nearly 4 hours on October 21st, the managed domain name service (DNS) infrastructure at Dyn was hit by a distributed denial of service (DDoS) attack that flooded the servers with traffic to the point that people couldn’t connect to the services they use on a regular basis.
The reason this DDoS attack was so different from others is the fact that attackers used the Mirai botnet to execute the threat. The Mirai botnet scans for Telnet ports (an avenue for remote device connection that was created in 1969) and compromises devices by cycling through default usernames and passwords such as admin/admin.
This simple attack allowed hackers to take control of over 100,000 IoT devices (for example, security cameras and in-home DVR devices) that could flood DNS servers with traffic.
The large-scale attack on IoT devices showed the world what many hardware and software developers already know—that we’ve sacrificed some security for the sake of IoT adoption.
Balancing Security with Internet of Things Innovation
Unfortunately, attacks like the one involving the Mirai botnet will continue to happen. The reality is that we have to give up some security if we want to get IoT innovation out into the world.
If new products were built with every possible IoT security measure in the initial release, they would likely be too expensive for early adopters. The key is to embrace iterative development—get a minimum lovable product out into the world and as adoption grows, you can distribute the price of iterative security updates across more people.
This kind of iterative, agile development is essential for IoT innovation, especially if we want to overcome the obvious security challenges.
What Can We Do About Internet of Things Security?
The current IoT situation isn’t so different from where we were with email back in the late 1990s. Spam was overwhelming email servers to the point that people were calling for the death of email altogether.
Most enterprise organizations typically have 99.5% of their email traffic actually filtered as spam—and the remaining 0.5% is still a 50/50 split between unfiltered spam and actual email.
Spam was a serious problem, but we programmed our way out of it and email lives on. The same thing will happen for Internet of Things security.
The security issue we have to overcome with IoT is that these devices are built to be small, efficient, and send as little data as possible. The more security we build into an IoT device, the more inefficient and power-hungry it becomes.
We already have to gauge constraints, make devices as small as possible, and maximize battery life—these have typically come at the cost of security. However, we will fix these issues with technology:
- Blockchain: While blockchain has helped make transactional processes (real estate, art auctions, etc.) more secure, it is still too “chatty” for IoT. However, as it becomes more scalable and lightweight, the public keychain security method will become an integral piece of IoT.
- Verizon’s CAT-M Network: Verizon is working on introducing an IoT-specific network by the end of 2016. Competing with other types of IoT connectivity, the CAT-M network will enable less expensive modules, greater coverage both underground and in buildings, and longer battery life. While these benefits aren’t directly connected to security, the CAT-M network will make new security innovation possible.
- Intermediate IoT Gateways: The CAT-M network and other purpose-built IoT networks will make it easier to create purpose-built security gateways for IoT security. Trying to use a traditional firewall or gateway with today’s IoT connectivity options would require too much battery power to actually balance innovation with security. A dedicated security gateway could create a secure aggregation point for a set of specific IoT endpoints.
The Internet of Things isn’t just a passing fad. Universal connectivity of our everyday things is a reality that we must adapt to—and part of that means finding new, more efficient ways to implement security features.
While IoT security attacks are troublesome, they are growing pains that we’ve seen with other networked tech innovation in the past. The key is to understand the greater IoT landscape, how the technology will fit into your business, and what you need to do to prepare for its growth while making the right security decisions.
If you want to learn more about the Internet of Things and challenges we’ll face as it continues to mature, download our free ebook, Real World Internet of Things.