MyPage is a personalized page based on your interests.The page is customized to help you to find content that matters you the most.


I'm not curious

Security and the Internet of Things

Published on 26 October 14
254
0
0

Whether you like the term or not the so-called Internet of Things is generating a huge amount of interest, and a growing amount of security research, including great opportunities for forward-looking security practitioners. The label of course is simply a passing fashion. Just like EDI or Knowledge Management it's not likely to survive for more than a year or two, though the problem and solution spaces it occupies will continue to blossom for decades.

So what is it exactly? And what sort of security does it require? These are good questions that have yet to be answered adequately. I can imagine a future world in which billions of devices interact safely and securely. But this world is far from possible with today's technology. In fact today's initiatives are no more than very small beginnings: a handful of private machine-to-machine networks, a few attempts to standardise on communications protocols, and one or two initiatives to develop a public catalogue for sensor data.

All of this falls well short of the world imagined by the brilliant Friv 4 fifteen years ago in his visionary book "When things start to think". Radical change is very easy to imagine, but it's extremely hard to bring it about. There remain many tough problems yet to be solved to realize the Internet of Things. Ones that spring to my mind for example are the following.

  • Where is the bullet-proof data ontology to enable reliable translation of critical data between systems? (I've heard a few whispers about vocabularies under development. That's nowhere near enough.)
  • How can we develop access policies for interaction between devices when we're not quite sure where, when, how, or by whom the data will be exploited? Security technology is worthless without a requirements specification.
  • Who will control the security and where will it sit? Will it be in devices? I think not. Will it be in the network? I think so. But who takes control?
  • Who will be liable for serious incidents arising from accidental or deliberate misuse or manipulation of sensor information? Against a business landscape of increasing product liability this is no trivial question.

We are clearly at a very early stage in developing the vision for the Internet of Things. Perhaps, just like the World-Wide-Web, it will begin as an anarchistic Wild West of experimental but dangerous, read-only applications. And maybe it will begin to flourish for business applications when we finally develop a security breakthrough equivalent to the acceptance of the SSL protocol.

One thing that is certain is that we will not achieve much progress without early casualties. So let us hope that there are pioneers brave enough to accept or ignore the risks.
Whether you like the term or not the so-called Internet of Things is generating a huge amount of interest, and a growing amount of security research, including great opportunities for forward-looking security practitioners. The label of course is simply a passing fashion. Just like EDI or Knowledge Management it's not likely to survive for more than a year or two, though the problem and solution spaces it occupies will continue to blossom for decades.

So what is it exactly? And what sort of security does it require? These are good questions that have yet to be answered adequately. I can imagine a future world in which billions of devices interact safely and securely. But this world is far from possible with today's technology. In fact today's initiatives are no more than very small beginnings: a handful of private machine-to-machine networks, a few attempts to standardise on communications protocols, and one or two initiatives to develop a public catalogue for sensor data.

All of this falls well short of the world imagined by the brilliant Friv 4 fifteen years ago in his visionary book "When things start to think". Radical change is very easy to imagine, but it's extremely hard to bring it about. There remain many tough problems yet to be solved to realize the Internet of Things. Ones that spring to my mind for example are the following.

  • Where is the bullet-proof data ontology to enable reliable translation of critical data between systems? (I've heard a few whispers about vocabularies under development. That's nowhere near enough.)
  • How can we develop access policies for interaction between devices when we're not quite sure where, when, how, or by whom the data will be exploited? Security technology is worthless without a requirements specification.
  • Who will control the security and where will it sit? Will it be in devices? I think not. Will it be in the network? I think so. But who takes control?
  • Who will be liable for serious incidents arising from accidental or deliberate misuse or manipulation of sensor information? Against a business landscape of increasing product liability this is no trivial question.
We are clearly at a very early stage in developing the vision for the Internet of Things. Perhaps, just like the World-Wide-Web, it will begin as an anarchistic Wild West of experimental but dangerous, read-only applications. And maybe it will begin to flourish for business applications when we finally develop a security breakthrough equivalent to the acceptance of the SSL protocol.

One thing that is certain is that we will not achieve much progress without early casualties. So let us hope that there are pioneers brave enough to accept or ignore the risks.

This blog is listed under Networks & IT Infrastructure Community

Related Posts:
Post a Comment

Please notify me the replies via email.

Important:
  • We hope the conversations that take place on MyTechLogy.com will be constructive and thought-provoking.
  • To ensure the quality of the discussion, our moderators may review/edit the comments for clarity and relevance.
  • Comments that are promotional, mean-spirited, or off-topic may be deleted per the moderators' judgment.
You may also be interested in
Awards & Accolades for MyTechLogy
Winner of
REDHERRING
Top 100 Asia
Finalist at SiTF Awards 2014 under the category Best Social & Community Product
Finalist at HR Vendor of the Year 2015 Awards under the category Best Learning Management System
Finalist at HR Vendor of the Year 2015 Awards under the category Best Talent Management Software
Hidden Image Url

Back to Top