The Broadband Internet Technical Advisory Group (BITAG) released a report titled “Internet of Things (IoT) Security and Privacy Recommendations” about a week ago that outlines their observations about the IoT and their recommended solutions. The IoT press have hailed this as a great event, either referencing the report or “coincidentally” publishing their own thinkpieces parroting its conclusions.
The executive summary of the report is here, along with a link to the full report. The summary is very accessible and clear and I recommend you look at it.
But it’s also a bit naive.
My executive summary of the executive summary…
We don’t have an IoT security problem, we have a threat comprehension problem
This week, everyone on the internet who styles themselves any kind of expert is talking about the Internet Of Things, and in particular “botnets” formed from thousands of poorly secured IoT devices, as a potential threat to the Internet. Unless you broaden the term “Internet of Things” to mean “all computing devices except desktop PCs” then it’s not really an IoT problem, it’s a more general problem of threat comprehension.
In the 1970s and 1980s it was common for servers to have default passwords for maintenance that were often left unchanged. …
In three previous articles I’ve written about the challenges of managing Internet of Things (IoT) rollout while minmising risk.
Now the genie is out of the bottle, the Mirai Botnet today wreaked havoc by attacking a key DNS provider used by many major internet sites.
There are a lot of things we could have done better to ensure that IoT devices are designed to be secure, and deployed in a way that allows them to be managed and tracked. …
Bruce Schneier writes this article on IoT calling for a regulatory framework to enforce security standards in IoT devices where the market will not. I agree with his main point, the market will not fix the problem, because (cheap) bad security drives out good.
I would add an amplification, however, that home routers, DVRs and many other appliances generally do have a firmware update capability. What we need is a standard framework for making owners aware when there is a vulnerability affecting them, and when there is an update available.
I think we can achieve this with the DNS global…
Quite a few people are worried that Apple’s latest product, the iPhone 7, lacks a 3.5mm headphone jack. I’m here to tell you, “Come on in, Wireless audio is fine!”.
As someone who has used Bluetooth wireless headphones for nearly a decade, the death of the analog audio socket on the iPhone doesn’t really bother me. Going wireless a few years back was a massive relief, I’ve probably saved days of my life through not spending 10 minutes each morning untangling headphone cords. Besides, as fast as I can buy new apple headphones, my kids abscond with them. I’m looking…
Three pointers on bringing the Internet of Things into your workplace without inviting chaos too
The “Internet of Things” is about tiny, cheap, ubiquitous devices that inhabit (some would say “infest”) your workplace and/or home, and quietly provide or display information.
To help imagine how IoT will change our lives, I use the “coffee rule”. Think about something that wastes your time in the physical world. Would you spend the cost of a cup of coffee to fix it? Is the meeting room down the hall occupied right now? Did I close the front door when I left home this morning? Has the mail been delivered yet? Is it business hours in the Dubai office…
If you are contemplating a smartphone app to complement your IoT product, remember, an App is for Life, not just for Christmas. A slapdash, barely usable, or unmaintained mobile application is probably worse than none at all. If you are not prepared to invest ongoing effort into a mobile application, give serious consideration to just not making one.
The first question you should ask, is “does my product really need a dedicated app?”. Are there system-level services that you can support that will make your product integrate into the mobile platform? …
It puzzles me when businesses decide to change their strategic direction and begin by laying off staff, while promising shareholders and the public that the savings will be “reinvested”.
Most recently, Cisco has announced eliminating over 5000 staff (“positions”), 7% of their workforce, to shift focus toward IoT and Cloud and “reinvest substantially all of the cost savings”.
These are relatively new technologies; there aren’t exactly 5000 cloud experts hanging out at the mall waiting for you to hire them tomorrow. …
Three challenges that we’ll need to tackle unless we want the future of the IoT to to be a dumpster fire.
The Internet of things is here. To borrow a phrase from Gibson, it’s just not evenly distributed yet. From the right vantage point, you can observe enough of the future to forsee some looming problems. These are challenges before us that we ought to solve soon, before unfocused enthusiasm carries us into an Internet of Incomptatible, Insecure and Unmaintainable Things.
The core problem is interoperability. Right now if you have smart objects in your home or business, you’re lost in a maze of twisty little walled gardens, all, well, entirely different. Your Philips lightbulbs use one app. Your Nest thermostat…
Christopher Biggs
“Any sufficiently advanced technology is indistinguishable from magic”. I help teams do magic, and write about Insufficiently Advanced Technology.
