Connected devices: wealth of opportunity carries enormous ri
Source: Hannah Kuchler
High quality global journalism requires investment. Please share this article with others using the link below, do not cut & paste the article. See our Ts&Cs and Copyright Policy for more detail. Email ftsales.support@ft.com to buy additional rights.
One sober voice stood out amid the whizz-bangs of the International Consumer Electronics Show, the technology industry’s annual world fair.
Edith Ramirez, chairwoman of the Federal Trade Commission, the US regulator, warned that the plethora of internet of things devices filling the show floor were a risk to consumers’ privacy and security.
High quality global journalism requires investment. Please share this article with others using the link below, do not cut & paste the article. See our Ts&Cs and Copyright Policy for more detail. Email ftsales.support@ft.com to buy additional rights.
Cars, fridges, thermostats and even massive machinery are all going online, often being shepherded by start-ups more excited about their potential than worried about ensuring they are protected from the hands of hackers. About $1.9bn was spent on connected devices for the home in 2014, according to the Consumer Electronics Association that hosts the Las Vegas show.
“These potential benefits are immense, but so too are the potential risks,” Ms Ramirez says. “We have an important opportunity right now to ensure that new technologies, with the potential to provide enormous benefits, develop in a way that is also protective of consumer privacy.”
The number of internet-connected devices first outnumbered the human population in 2008. It is set to grow to 50bn or more by 2020, generating global revenues of more than $8tn, according to a report by the US president’s National Security Telecommunications Advisory Committee (NSTAC).
A 2014 study by Hewlett-Packard found that more than 80 per cent of these devices did not require passwords of sufficient complexity and length, and 70 per cent of devices tested used no encryption when transmitting data online.
High quality global journalism requires investment. Please share this article with others using the link below, do not cut & paste the article. See our Ts&Cs and Copyright Policy for more detail. Email ftsales.support@ft.com to buy additional rights.
Jeff Greene, senior policy counsel at Symantec, the cyber security company, and co-chair of the NSTAC task force, says policy makers are paying more attention to the threat posed by internet-connected devices, which are often connected to each other ― creating new vulnerabilities for cyber criminals to exploit.
“We have created a whole new playground for attackers to dream up things to do ― whether it is nuisance, whether it is theft, or whether it is violence.”
The report, still a draft, warns that not only could devices be used to harvest huge amounts of personal information, they could also be used to cause physical destruction that could lead to “significant consequences to both national and economic security”.
Amit Mital, chief technology officer for Symantec, says the proliferation and affordability of the sensors used in internet-connected devices could result in a “very, very, very large-scale broad attack.”
High quality global journalism requires investment. Please share this article with others using the link below, do not cut & paste the article. See our Ts&Cs and Copyright Policy for more detail. Email ftsales.support@ft.com to buy additional rights.
He adds: “If there are tens of millions of automated thermostats that could be targeted with one compromise it could affect all, either as a nuisance for notoriety and fame, or, in an industrial setting, controlling critical infrastructure could cause significant risk and damage to life and property.”
One of the key problems for securing the internet of things is that devices are made by a large range of manufacturers, often with security as a bolt-on rather than integral to the platform, says Mr Mital. But progress has been made in trying to set standards in the past few months, with much less variation in how they are now designed than even six or seven months ago, he says.
Another potential difficulty is that because sensors are so cheap they could soon be attached to almost anything, employing people to monitor their security is unaffordable. When devices can speak to other devices with no human intermediary, it becomes harder to ensure they are behaving the way they are designed to.
“When you’re paying $1 for a device, it doesn’t make sense for a human to manage. It doesn’t scale so human intervention is often not feasible; it needs to be handled in a very automated, but managed way,” Mr Mital says.
While the internet of things is often seen as devices for the connected human and the industrial internet, offices face both the challenges and opportunities that come with the proliferation of internet-connected devices.
Adam Conway, vice-president of product management at Aerohive, which provides wireless networking to offices, says workplaces may have internet-connected devices that their IT departments do not know about. “Video surveillance, installed by physical security [guards] not data security. It is a huge issue.”
High quality global journalism requires investment. Please share this article with others using the link below, do not cut & paste the article. See our Ts&Cs and Copyright Policy for more detail. Email ftsales.support@ft.com to buy additional rights.
Hackers tend to seek out the easiest access point into an organisation and once inside, travel through the network to find the information they are seeking. If a device is allowed to roam online, rather than restricted to reporting one data point to one place, it could be a prime target.
“Even if the [information technology department] is fully aware of it they often don’t have the resources to work on it,” says Mr Conway.
“Their work is oriented towards big software systems . . . so they are not deploying their resources to the way we put this device on the network.”
| }
|