Considerations for Securing and Optimizing the Internet of Things

Devices from smartphones to wifi-connected refrigerators represents what’s called the “Internet of Things,” billions of devices that are connected to the Internet. As the number of devices with Internet connectivity is set to expand significantly in the near future, it is worth examining how to best use the IoT for the future.

It is first of all worth noting that there will be numerous security vulnerabilities opened for consumers because of the expansion of the Internet of Things. Of the tens of billions of devices that will be added over the next several years, few of them will likely have regular security updates.

Security updates are important in computer security because they allow for vulnerabilities in software to be patched. While vulnerabilities in devices are known and persist as unpatched, it creates opportunities for adversaries to exploit them.

Billions of new vulnerabilities create problems because the way computer security tends to work, it may only one vulnerability on a network to compromise much else. That’s part of why defense in computer security has been so difficult — the attacker may only need one opening, while the defender may have to defend everything.

For example, say an adversary manages to compromise someone’s phone. The phone may then later connect to the refrigerator to prepare refreshments, further allowing the spread of malicious software from one infected device to another. This process may repeat itself again if the refrigerator were able to compromise the Internet-connected router, and once the router is compromised, the thermostat could be compromised too, making a home too hot or cold while driving up electricity costs.

There are a variety of realistic enough scenarios like this, which are more concerning when more sensitive items such as computers accessing bank accounts and home cameras are included. There are of course solutions to these concerns though.

It is probably better that some devices (such as pacemakers) are simply never designed to have Internet connectivity to begin with. Thermostats and refrigerators are the type of devices which clearly don’t require Internet connectivity to fulfill their intended purpose. Letting them be connected to the Internet may be convenient, but it may very well not be worth the increased potential of compromising other devices and being compromised themselves, leading to substantial costs in unintended heating or spoiled food.

For the devices that are for whatever reason connected to the Internet, it’s better if there could be multiple networks with strong security in a home or building if possible. That way, if an IoT device is compromised on one network, devices on another network have another barrier of protection against being compromised.

This relates to a concept in security known as security by compartmentalization. Since all of today’s software contains flaws — vulnerabilities that can be exploited — the approach of compartmentalization seeks to limit damage before it can spread too far.

In terms of optimization, some things are worthwhile to have connected. Different machines or robots should be communicating with each other on a task such as how many raw materials are needed. This will save humans the need to say this, allowing them to focus on more productive tasks than those that merely report details.

As cooperation can be powerful among humans, so too can it be among machines and other devices. It’s going to require strong security practices such as implementing compartmentalization, having standards on security updates, and using better encryption schemes for software, but it can be done, and it should be done. Since technology has no moral imperative, what humans do with technology will likely either create dystopias or utopias. It’s a question of whether the Internet of Things will lead primarily to chaos or to widespread benefits.