>> TWITTER @Cisco_IoT #IoTChat - TOPIC: IoT SECURITY
I do not normally get into online debates - but I joined this weeks #IotChat!
@Cisco_Iot hosts an online discussion around specific IoT related topics where
users can answer a set of questions posted and open up discussion around
such points. The topic for yesterday (3rd September) is a hot favourite
right now - security within IoT. I joined in the discussion and was happy
to see so many interested in this topic.
The discussion started at 9pm CET (11am PT, 2pm ET) and continued for
just over an hour - while it isn't feasible to post every comment here,
I figured it would be good to provide a list of question and discussion
links on twitter directly which you can then dig around in.
twitter has a great little advanced search capability to let you search for a
topic/keywords within a specific date range which makes summarizing this for
everyone to view a much easier task (enjoy). But what exactly are the takes
from this small online discussion?
@SecureRF highlighted very early on (correctly so) that
security is not just encrypting data - while encryption
plays an important role in security, topics such as authentication,
integrity, confidentiality and non-repudiation all fall
under the security bucket. It can all be managed with well thought out
design and architectures put in place - "think" like a hacker.
It is clear that while there is a major concern with IoT security, the
industry is a long way from really addressing the problem. Consortium
groups are being established to set standards on how devices should talk
to each other, or companies are offering "secure" cloud services - but
as I have said in earlier posts, that's not enough.
There needs to be an industry wide focus to make security the most important
aspect of IoT - not only from an implementation point of view, but also from
a consumer awareness point of view; consumers are the ones that will suffer
when their privacy is compromised or their appliances are high jacked for
No system is 100% fool proof, given the right amount of resources, motivation
and skill - someone will find a way; all that is needed is to stay two steps
ahead and be prepared for making changes to adapt as security needs change.