In recent months there have been many scare stories about national power networks in some countries being open to hacking along with many other glaring opportunities for hacking in other systems.
With the IoT offering huge advantages in terms of cost and convenience it is inconceivable that people will not use it, but there could be some major pitfalls.
One of the major issues with the IoT is security. Many people are starting to realise this, but there will be many smaller organisations and applications that will not include security measures sufficiently.
To illustrate its importance, the concept of security was one issue that was at the heart of many discussions at Mobile World Congress 2016 in Barcelona. Simon Segars, CEO or ARM, in an opening keynote warned against making security and afterthought.
Security is not something that can be added by buying some software after the design is done and using it to protect against hacking – that will not succeed. It needs to be a key part of the basic design of any system. The approach that ‘nobody would want to hack this’ will not work.
To show how important this is all becoming, elsewhere, one industry expert said that there are two types of business on the Internet: those that have been hacked; and those that don’t know they have been hacked.
It is widely believed that many of the issues that could arise from the use of many billions of devices on the IoT have not yet been identified. The way in which the Internet of Things will actually work out will depend upon applications, usage and many other factors. With the IoT in its early days, the landscape has not been fully defined.
Segars warned that the issues that could arise has not yet been seen. The security issues are going to be very different to those that are currently experienced where businesses on the Internet are hacked and data is stolen.
One of the downsides to the use of security is that it can make things more difficult to use – a simple example of this is the multitude of passwords we all have to carry around. To make the IoT useful, security must be easy to implement and use.
That said, security measures must work effectively. With critical infrastructure depending upon secure communications it is not possible to take a half-hearted approach to it. Additionally all elements within a system must be secure otherwise just one vulnerability could provide an entry point into the system.
Many companies are looking at the issue of security. It needs to be at the very core of the IoT. The hardware needs to adopt security techniques as does the software – it is not just a software application that can be loaded on top. System design needs to incorporate security as well.
Sadly security is a topic that many developers are not sufficiently familiar with. Development needs to take on board security from the beginning. It then needs to be tested, possibly by those with experience of hacking, and then finally processes need to be properly implemented. It should be remembered that the UK Bletchley Park code breakers often managed to gain access as a result of poor operating practices by the German Enigma and wireless operators.