IoT was a hot topic for attendees at the Embedded Systems Conference in Boston this week. And security was the biggest concern of IoT subjects. This was true across numerous sessions at the conference as well as down on the expo floor. Cybersecurity was an unexpected focus during the discussion at the IoT Meetup facilitated by Rich Quinnell, an editor at Design News' sister publication, EDN.
Quinnell opened up a conversation with the attendees by asking how many were presently involved in IoT projects. One hand out of a few dozen went up. He quickly ascertained that the balance of the audience was either about to begin IoT projects or were expecting they would soon be asked to deploy IoT. With that in mind, he asked about their concerns. A hand shot up from a woman saying security was her main concern: “I want to know about the security of medical information. Could it be readable or changeable?” She noted that security seems like an afterthought in IoT.Quinnell agreed that the rush to deploy IoT has often revealed a lack of concern over security. “People have been relying on security by obscurity.” In other words, they have moved forward with IoT thinking that nobody knows or cares about their data. He characterized that as misguided. “They’re going to have to create multilayered security. That has to include device security, network security, authentication, and upgrade-ability.”
One attendee noted that even when security is embedded in the device, and even if the security is layered, safety can still be an issue. “If the device can be hacked, you can borrow the authentication of the device to go where you want to go.”
Quinnell said he anticipates the government will eventually get involved in protecting security and privacy, especially when it involves medical data. “There will be regulatory bodies that will weigh in on how the data is used,” he said. “The government is now looking at what its role might be. They‘re looking for input from those involved in IoT.”
Why Break into Personal Data?
Absolute security is not always desirable. In some cases, the medical field could utilize patient IoT data without intruding on individual patients. “You could study all of the cancer patients using a particular drug without violating individual privacy,” said Quinnell.
He referred to another use of personal data that is less desirable. “A company was able to hack into the electric metering for households whose power usage correlated with TV use,” he said. “They were able to see the broadcast signal so they could determine what the residents were watching.”
Rob Spiegel has covered automation and control for 15 years, 12 of them for Design News. Other topics he has covered include supply chain technology, alternative energy, and cyber security. For 10 years he was owner and publisher of the food magazine Chile Pepper.