When everyone seems to be having the same problem, it may be time to start evaluating where solutions can be found to correct the problem. Like vaccines for illnesses, the need for universal distribution and process agreement is critical. Variations just present holes that can be taken advantage of by the nefarious types. Hence the recent call for a universal coding practices that will produce a standard of security for the Internet of Things (IoT).
The IoT is the interconnection of devices, wearables and things across the internet. As the massive market shift has occurred toward connected things rather than simply computers, the complexity of the internet has increased exponentially, and therefore the security risks have increased exponentially as well. Every new device presents a new point of attack for would-be hackers, and because of the great interconnectivity over so many devices, a single-entry point represents a veritable open door for hacking into more sensitive information. Hence, from a cybersecurity perspective, the IoT is the stuff of bad nightmares and horror movies. And, as the IoT continues to grow rapidly, entire cities may one day become ‘smart’, providing even greater risks for hacking and security breaches.
The solution is not simple. There is no way to maintain a fully secure system over so many devices without a very careful analysis of risk points across an entire network system. Because of this morbid complexity, current attempts at security have come up short. There are many ways to enhance security (VPNs, APIs, etc.) which will no doubt come into play, but recent research suggests some other options.
Last week, a number of different publications (InnovationAus.com, tacnetsol.com, dzone.com) started calling out for some specific changes to the way security is approached on the IoT. The main call for these writers is universal secure coding for connected devices. This call is for more careful and secure coding for these devices so that they cannot be hacked. Where secure coding is standardized, developers protect their products from simple hacks and also protect the users who have put their trust in them. Without this sort of standard, devices can be easily hacked and ‘owned’. “Secure coding practices – that were used heavily in the past – create the foundation for secure IoT products,” said Terry Dunlap (CEO of Tactical Network Solutions).
Such practices will require some clear definitions of what secure code is, as well as a field-wide discussion and agreement to use the coding standards for the purpose of increased security. Without such clearly defined practices being spelled out and adhered to, the complexity of the IoT will continue to stupefy security experts. The IoT development community must make note of the increasing risk factor and respond well for security to even be a hoped-for reality in the future.
With so many changes coming in connectivity, the time is right for companies to carefully evaluate what standards the use and what standards they expect in their connected devices. Getting ahead of the game can only serve to help in the long run.