Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Symantec Analyst Relations

Securing the Internet of Things

Created: 16 May 2012 • Updated: 25 Jun 2013
Jon C's picture
0 0 Votes
Login to vote

Earlier this month, the European Commission's Digital Agenda lead Neelie Kroes launched a consultation - a.k.a. an online research study - into the Internet of Things (IoT) and its ramifications. Given that the EC has been talking about "identifiable smart objects", i.e. "things" for several years now, the obvious question is, what has prompted another consultation on the subject?

Two reasons spring to mind - the first, as Neelie herself says, "An Internet of Things with intelligence embedded into everyday objects is the next big thing." As we all know, when technologies reach the mainstream, we need to rethink what risks they pose and what can be done about them. And as IoT becomes more front of mind, such consultations are likely to get a better (and more comprehensive) response.

The second reason concerns just how much has changed since the EC first looked at IoT back in 2007. Then, the concern was mostly around Radio Frequency Identifier (RFID) tags and the potential privacy and confidentiality concerns associated with them. Across the past four yes however, we have seen two major trends, consumerisation and data aggregation, both of which have an impact on how people consider smart devices and other information-generating objects.

Taking consumerisation first, the propensity for people to bring their own devices to work isn't only about the 'things', but also the apps/services and data they contain. To extend this into an IoT world, it's feasible that employees start to introduce new types of device, say a 'smart' cooler that can read the use-by date on the milk and ping a message via email. The fact that such an appliance poses several security risks (it could be a classic Trojan horse, for example) won't stop people wanting to bring them into the office.

More challenging perhaps is the potential for data aggregation across smart devices, internet-based services and existing data pools. This threat is highlighted in the study, which talks about "persons whose social identity is not known, but might be indirectly revealed." For example, consider the plummeting cost of camera-type devices, which enable such innovations as anti-theft systems. You can imagine the privacy issues that arise if every car on the high street was to capture a constant stream of images, linking to geolocation or potentially, online face recognition software.

These are real issues, and the EC research goes a long way towards asking the right questions - even if it does skim over the potential for certain types of misuse such as socially engineered attacks, which will be an inevitable consequence of the consumerisation trend. Nonetheless, the time is right for such a consultation.

Feedback welcome below – and of course, if you want to add to the debate, you can do so here.