Will the IoT Be Secure? 3 Factors That Impact Security (Part 2 of 5)
November 27, 2017
This blog is the
second of a five-part series that looks at the impact of the
Internet of Things (IoT) on society.
“Will the IoT be secure?” It’s a loaded question, but one that I hear often.
The honest answer is probably “no.” In the same way that life and the internet aren’t secure — the Internet of Things (IoT) won’t be secure.
But that’s not a very satisfactory response, so let’s explore this further. What are the parameters of IoT security? How do these parameters interact, and what can be concluded? Specifically, we’ll look at these three factors:
- The cost of IoT security
- How security changes over time
- The scope of IoT security
The economics of IoT security
Let’s start with a cost/value perspective. The typical scenario (and anyone who’s been in the security business will recognize this) is that everybody starts out wanting “the best” security, but that position usually softens pretty quickly if it comes with a hefty price tag. Security follows the usual economic laws: the higher the security, the higher the cost. And cost includes not only the security measures themselves, but also the convenience toll: multiple password entries, repeatedly requested, quickly expiring.
So what’s an acceptable cost? In accordance with typical economic laws, the cost of something should be in balance with its value. So the cost of the security measures should be in balance with the value of the item that’s secured and the risks associated with a security breach. Logically, then, the higher the value of something and/or the larger the risk of a security breach, the higher the price that someone should be willing to spend securing it.
Logical, yes — but it isn’t quite that simple. How do you
determine the value in an IoT scenario? It’s a simpler question when
asked about something that can be replaced with a single trip to a store, but
more difficult here. Ask a museum director for the value of a painting, or a
parent about the value a child home alone. And what about evaluating the risk?
Spend a few minutes reading about the continuing string of data security
breaches and it quickly becomes clear that we’re underestimating the
risk.
Technology progress: The risks of more and more complexity
The second parameter is technology — or to be more precise, the progress of technology. Something that’s secure today can be broken tomorrow, and something that was out of reach in the past is solvable today.
Over the last few decades, security has been in a race with hackers. System
complexity, and the lack of absolute end-to-end oversight, also play roles.
Systems today are becoming so complex that holes in security are easily
introduced — and when they’re identified, those holes need to be
rapidly patched. Some suggest that this increasing complexity, and the costs
associated with it, are the largest risk for being able to build secure
systems. In any case, the progress of technology at any given moment is an
important factor in overall IoT security.
The scope of IoT security
This is a tricky one. There is no scope around security as a whole, no level playing field. Every security solution is an answer to a (possible) particular security breach, and it assumes that breach plays by certain rules, staying within that issue’s scope.
The problem with this, and as perhaps best said here, is the only real rule is that there are no rules.
Let’s look at a few examples:
- Security systems. Consider a house with a security system that calls a dispatch center when an alarm is triggered. When the power is down, the security system won’t work. Adding a battery backup would work, unless the power is also down at the dispatch center. And even if the security system is working as expected, the truth is that the house still has windows that can be broken and items grabbed and stolen before security personnel can arrive at the home.
- Wireless technology. All the data going through the air is fully encrypted. But someone recording the encrypted data (like a username and password) and then replaying that data will gain access. No need for decrypting.
- Wi-Fi patterns. Or imagine that someone is listening to the Wi-Fi traffic of a house for a few days. Soon it would be easy to know when someone is in the home — or not. In other words, even with all of our secure Wi-Fi connections, we’re still essentially broadcasting information about when and if we’re at home.
Pulling it all together
Even these simple examples should give you a feel why security is such a challenging issue — and internet security in particular — and why there’s no reason to think it will be any simpler with the IoT.
Technology progress and the ongoing redefinitions of scope create a dynamic situation that forces us to constantly revisit current security measures. We don’t know what’s coming next and we can’t see the whole range of threats looming on the horizon. So how can we possibly know that we’re secure?
Despite how it may sound, there’s no need to despair. We all live our daily lives making reasonable assessments of how to stay out of trouble. This applies to the IoT as well.
And what’s happening today in technology also comes with great new
opportunity. The IoT will enable us to collect more data, to know more, and to
make better (“more qualified”) decisions faster. This new
territory will improve the quality of our lives and create further prosperity.
Of course, we do need to learn how to maneuver in this new world — and
how to stay out of trouble. Progress isn’t free.
Read all the blogs in our series about the IoT's impact on society:
- Part 1: Labor and jobs
- Part 2: Privacy and security (this post)
- Part 3: Energy efficiency
- Part 4: Electric motors
- Part 5: Sports and health
Have another topic that you would like Qorvo experts to cover? Email your suggestions to the Qorvo Blog team and it could be featured in an upcoming post. Please include your contact information in the body of the email.
The Impact of the IoT Demystified
Explore how the Internet of Things will affect society, from jobs to artificial intelligence and more.
Read the White Paper >