Internet of THINGS

Recent explosive progress in electronics miniaturization is changing our world. It is clear to me that Internet of Things (IoT) will soon, sooner than we think, make our lifes DIFFERENT. (Better or worse, depending on your attitude – personally I think it will be better).

And – like with anything new – there are worries, criticisms, doomsday conspiracy theories – that’s just LIFE!

One of the issues that do need addressing though is security. Intuitively it is clear that filling your home with THINGS that are in communication with the rest of the world requires a bit of thought.

“Cyber Security” and “Internet Security” or “Data Security” are such woolly terms! If we want to deal with any practical applications, we need to be much more specific.

The potential security issues with IoT could be grouped like this:

  • Your gadget talks to some cloud provider and sends reports – like contents of your fridge or minute by minute power consumption in your house. You may be all right with this, but it would be nice to have some control.
  • Your provider talks to your gizmo and tells it what to do – like re-program your central heating schedules.
  • Someone hacks your provider and gains access to your THINGS and their reports – and they may defrost your freezer.
  • As all your IoT gadgets are on the same network as all your home computers, media centres, phones and tablets – gaining access to your IoT may give someone access to your PC – so your microwave may decide to wipe out your hard drive.

You may think that all of these are just hysterical speculations, but this is the nature of security consideration – we need to worry about scenarios that are POSSIBLE. If you deal with billions of transactions and you want to make sure that not ONE goes wrong, then you have to consider unlikely scenarios as well. (Although – in practice, we try to make sure that as few as possible go wrong and design the way of dealing with the cases when that happens – that is Disaster Recovery)

I feel that the last of the scenarios above is both most destructive and in principle easiest to prevent. One well established way of preventing a security breach of spreading is “sandboxing” or “isolation”. There is no reason why IoT must be on the same network as all other devices in your home. They could be well isolated from your computers and data storage. This would prevent them from damaging your stuff and – at the same time – it could allow you more granular control of them to deal effectively with the other threats listed above.

So – the thing to do, I feel is SUBNETTING – isolate IoT first!