Security vs. Convenience

I am the IT department for my family and extended family. When my father-in-law’s monitor began displaying everything upside-down, he called me. I told him to stand on his head and then hit the Ctrl+Alt+Up arrow keys. When my brother-in-law clicked on a sketchy browser pop-up window that said “Your computer is infected with a virus, click here to remove it,” thus infecting his computer, he called me. I told him he should have called sooner. When my mother-in-law bought a new cellphone, she didn’t call me; she stopped by before turning it on so I could show her “how to text smiley faces.”

Things have gotten better. The calls are fewer and further between now that most consumer technology vendors are focusing on making their products easier to use, even for consumers who are not technically inclined. My sister called me the other day after buying a new router, not to bribe me with dinner if I would come and set it up, but to brag that she did it herself. I asked if she changed the admin password.

Security Isn’t Easy

Technology may be easier to use than ever, but that’s a detriment to security. Manufacturers want to make it easy for people to use their products, not burden or scare them with layers of security. That can mean default passwords with no requirement to change them and logging in via unprotected sites. If the goal is to a make a high-tech product easy enough for a kid to use, what does that mean for security? Headlines calling out security lapses in Mattel’s Hello Barbie Wi-Fi connected doll and hackers stealing the personal information of 6 million customers from V-Tech are the most recent answers.

Stealing a child’s pictures and chat logs is one thing, but with the explosion of the number of connected devices collectively referred to as the Internet of Things (IoT), more products will be collecting personal information, connecting to local networks and controlling everything from coffee pots to cars, which means hackers have more targets. ABI research predicts the number of “active wireless connected devices” will reach 40.9 billion by 2020. According to Gartner, there will be 250 million connected vehicles on the road by then. Many of those connected devices will be used in industrial settings like factories and power plants, which leads us to imagine all kinds of nightmare scenarios that could happen as the result of a security breach.

How can companies design products that are easy to use and secure? It will require bringing even more expertise into the product development pipeline. I don’t mean just bringing together electrical and mechanical engineers or even making software developers part of the design engineering team. Seemingly simple collaborations like those can be incredibly difficult to pull off, but that won’t be enough. I mean hiring and collaborating with hackers, technology suppliers and standards bodies to develop and maintain products that fit into a secure ecosystem. It’s a daunting task.

Designing Systems, Not Just Products

The good news is, like my family with their technology issues, there is somewhere to turn for help. In addition to security firms and security focused technology vendors, a number of organizations are taking on the challenge of IoT security.

For example, the Internet of Things Security Foundation (IOTSF) describes itself as a non-profit, international initiative with the goal of helping to secure the IoT. In its “Insecurity in the Internet of Things” report, it writes: “The concept of security by design must be given a higher priority in order to avoid security flaws being compounded as the IoT matures ... The IoT will be a transformational, disruptive technological movement, but carries a spectrum of risks that affect more than just the IT department.”

The Industrial Internet Consortium (IIC) has released a reference architecture intended to provide a common language for the elements of Industrial Internet systems and the relationships between them. “The Industrial Internet Reference Architecture is an important first step toward establishing new IoT capabilities in the industrial space, enabling developers to operate faster,” said Bradford Miller, senior scientist at GE and co-chair of the IIC Technology Working Group. “With the IIRA (Industrial Internet Reference Architecture), we are creating new ways to organize industrial applications that move toward a usage-driven, rather than a design-driven approach. We believe collaboration is essential to achieving Industrial Internet success, and organizations like the IIC help drive best practice sharing through global partnerships with industry leaders.”

We’re in the early days of IoT security, but it’s already clear that collaboration with more stakeholders than ever is the key to keeping up with demand for easy-to-use, smarter products.