By making devices work together, the Internet of Things (IoT) is changing the way we work, move around, and live our private lives. However, very often, security is the missing ingredient with the latest innovations, despite this being a key consumer concern. A major survey by Accenture found that nearly half of 28,000 interviewees are “concerned about privacy and security issues” online. Given that so much sensitive data powers the IoT concept, a solution is needed.
Hundreds of technology entrepreneurs are pushing the boundaries of what IoT can achieve. Systems are becoming smarter, more efficient, and better designed. However, too often the exacting, technical work of making these processes fully resistant to data leaks and hacking is of secondary concern. Reputations, revenue, and potentially lives could be at risk if something goes wrong.
Consider the following potential scenarios suggested by Gartner Research:
- Meetings could be disrupted as digital signage has to be turned off after obscenities are posted on meeting-room doors.
- A major shopping mall would need to be evacuated if hackers turn off the air conditioning during a heatwave, and put the heating to maximum. This would put the health of shoppers and staff at risk, as well as hitting revenue.
- A school could need to go into emergency lockdown if students break into the security management system.
- A national legislative assembly could be shut for several hours if hackers are able to turn off the debating chamber lights.
There is no need to be alarmist, and these are worse case scenarios. Nevertheless, they highlight the many implications of hacking, and how the need for better security is becoming key. Should you need more convincing here, are additional examples of how IoT can go wrong:
- “What someone learned about IoT from hacking the Tesla’s Model S”
- “It’s insanely easy to hack hospital equipment”
Whether devices are monitoring processes (such as smart electricity meters) or are fully autonomous (self-driving cars, for example), there is potential for mischief, blackmail, theft, and more. Even systems originally designed to monitor could eventually be used to analyse and trigger activity in the physical world. Thus, even what seem like dumb systems have the potential to become smart and dangerous. Yes, a $90,000 Tesla is much harder to break into and greater potential for disruption than a $100 automatic garage system, but every system has vulnerabilities.
No doubt, IoT system manufacturers have a tough job. Most of their focus is on realising exciting technical potential, but often they don’t have the IT security expertise to make systems fail-safe. As well, their systems have to be designed to take into account potential changes such as new ownership, new environments, and changed uses.
Public Key Infrastructure (PKI) could resolve these challenges by guaranteeing authentication, encryption and data integrity. (Click here for details about PKI) So why should PKI be deployed in all IoT devices?
- PKI has been used for many years to secure web browsing, document signing, bank transactions, identity cards, and e-governmental services.
- PKI is the only solution that can be scaled to support billions of devices while ensuring access to numerous vendors, service providers, manufacturers, owners, data pools, enterprises, and more.
- PKI is the only trust provider which is being meticulously audited repeatedly by many thousands of organisations in different contexts at national and international level. Being tried and tested over time has resulted in the highest level of reliability and security.
- PKI is the only solution that ensures full life-cycle management of private and public key pairs. Security is not impaired when ownership, software, and smart device use are changed.
- PKI is the only solution that already manages online identities. Hence it is directly applicable for ensuring secure identities, thus boosting the potential for IoT flexibility and functionality.
If you would like to know more about deploying a PKI solution for your smart systems, please get in touch.