First steps of a consortium creating a consensus on IoT security
Security surrounding the IoT (Internet of Things) is often criticized and rightly so. That state in which it exists right now is just not acceptable for the kind of applications it is being used for. While consumer facing IoT companies continue to bicker about different standards and platforms, the industrial IoT may have some good news coming its way soon.
The Industrial Internet Consortium (IIC) is one of the most influential groups in the world relating to the internet. It is made up of some of the biggest names in the industry like IBM, GE, AT&T, Intel, and Cisco. The people that work on projects for the consortium are not limited to these companies and in fact, are taken from other influential companies as well.
Earlier this week, the consortium rolled out a framework detailing the recommended security practices as they relate to IoT. It is directed at manufacturers, developers and even users to be able to help understand the security risks that are out there as well as the unique solutions required to combat them.
One thing that should be remembered is that the IIC is not a licensing or regulatory or any other kind of authoritative body but is instead trying to build industry consensus through dialogue and affiliations.
This latest IoT framework, for example, is freely available to everyone and has authors from all its partners plus people from Fujitsu, Schneider Electric, Professors from universities and college and other well-respected industry members.
The people at IIC are firm of the opinion that IoT implementation at a larger scale is being stymied because of poor security that will make critical projects vulnerable if it stays the way it is right now. They have a point too because IoT applications are now coming up for use in infrastructure critical projects, power, agriculture, transport and more.
The framework focuses on 5 pillars to make IoT foolproof. They are safety, resilience, reliability, privacy and security. They also acknowledge the fact that the pace of development in IoT has been so rapid that a lot of the components being discussed right now, did not exist at all a few years ago.
There is a chance that the same pace of development will continue in the future and require minor amendments however the basic principles of security should remain mostly the same.
One of such developments is the onset of ‘edge computing’ which was first mooted by Cisco as an addition to cloud computing designed for time-critical IoT systems. These systems need to be secured against potential hackers otherwise they risk large-scale disruption and even physical harm to people around.
Just think what would happen if a nefarious organization managed to get control of an emergency response service that was being run on the IoT.
IIC will also work with governments all over the world and try to influence policies that ensure that more and more companies are incentivized to take up these best practices and push the IoT in a more secure direction.