On The Road To A Safe And Secure Internet Of Things: What Companies Should Do – New Technology – United States
For companies that produce products, IoT is both an enterprise and product issue. From an enterprise perspective, if you are providing your customer with connectivity, you have a role in the consequences of that fact. Just like information technology (IT) companies that sell software and hardware, you have to plan for the expected bugs in the product, figure out how you are going to patch, update, and respond to reports of vulnerabilities, and make sure you are not putting an attack vector in your customer’s home or business. By connecting your previously unconnected product you have just become an IT company—congratulations! Now you have to act like one too. Assign an owner, create product integrity teams, use a software development lifecycle process, test or certify products before shipping, create a product-incident response team, determine your vulnerability disclosure process, determine how to patch or update products, and get ready for constant maintenance, response and exercise for crisis control. There are models in the IT industry to follow, and you now need to be able to move in internet speed to ensure a safe and secure ecosystem.
There is a big misconception about securing IoT systems: "who is interested in the data of this sensor?", for instance a temperatur. Probably only the owner of the sensor. But this might not be the right question to ask. It should also include "can I trust that data?", especially if the temperature is measured to control something else automatically. Manipulating the temperature can destroy a steel mill furnace, or a shipment of deep-freezed fish. Just knowing that someone can take over your sensor also leaves you open to extortion schemes; "we want $$$ to NOT destroy your shipment, or plant".
Internet banking is built on trusting the user, the online bank and the transaction. An Internet of Things connected world requires the same level of trust to work.