Security is not relevant, until it fails. This is the basis for many of the recurring cycles we have seen in cybersecurity. New technology rushed to market is easily compromised by attackers, resulting in impacts that drive the demand for security, and the bolt-on solutions begin to emerge. It is becoming evident this trend is not sustainable with the flood of more devices and significant growth of attackers capabilities. The bad guys have a growing advantage. It is time for the industry to change. Bruce Schneier reinforces the point in the CIO article “Schneier on ‘really bad’ IoT security: ‘It’s going to come crashing down’” about IoT security.
Although the problem is not limited to the Internet of Things, the IoT revolution promises a plethora of devices to integrate within our lives and in the process collect data, providing recommendations, extending what we can control, and serving up meaningful information right when it is needed. But these devices, just as the familiar computers we use everyday, are subject to vulnerabilities.
Hackers and responding faster at compromising new software, operating systems, and even hardware. The trend will become more prevalent and expand beyond heavy compute platforms to also include the smaller IoT devices, wearables, home automation, industrial controls, and vehicle technology which will proliferate in the coming years. The development of tools, practices, and best-known-methods for vulnerability inspection for these new use-cases will accelerate, allowing for attacks to occur faster and deeper into the stack.
We all play a role in how this cycle will unfold. Standards bodies can choose to institute strong security controls to establish a strong defensive baseline or they can default to lower barriers of entry to encourage rapid adoption. Device manufacturers and solution providers can choose to implement robust quality and testing as part of a secure design life-cycle or choose to cut corners in order get-to-market faster. Security firms can be proactive in developing solutions which anticipate attacker’s likely maneuvers or play it safe and wait for impacts to drive the demand from customers. Consumers can vote with their purchases to require good security of products or blindly buy without concern. We all have a role and can influence how the history of emerging technology will be written. Where do you stand?
For more of my rant, watch my Rethinking Cybersecurity Strategy video at the CTO Forum event where I challenge the top minds in technology to consider their responsibility and what is needed to change course to a more secure future.
IT Peer Network: My Previous Posts