- December 2024 (1)
- November 2024 (2)
- August 2024 (2)
- June 2024 (3)
- May 2024 (3)
- April 2024 (1)
- March 2024 (3)
- February 2024 (2)
- January 2024 (2)
- December 2023 (1)
- November 2023 (2)
- October 2023 (2)
- September 2023 (1)
- August 2023 (1)
- July 2023 (2)
- June 2023 (3)
- May 2023 (2)
- April 2023 (1)
- March 2023 (4)
- February 2023 (1)
- January 2023 (2)
- November 2022 (2)
- October 2022 (1)
- September 2022 (1)
- August 2022 (2)
- July 2022 (2)
- June 2022 (2)
- May 2022 (1)
- April 2022 (3)
- March 2022 (1)
- February 2022 (3)
- January 2022 (2)
- December 2021 (1)
- November 2021 (1)
- October 2021 (2)
- September 2021 (3)
- August 2021 (1)
- July 2021 (4)
- June 2021 (1)
- May 2021 (2)
- April 2021 (2)
- March 2021 (2)
- February 2021 (4)
- January 2021 (3)
- December 2020 (1)
- October 2020 (1)
- August 2020 (1)
- August 2019 (1)
- January 2019 (2)
- September 2018 (5)
- June 2018 (1)
- November 2017 (1)
- September 2017 (1)
- July 2017 (1)
- May 2017 (1)
- January 2017 (1)
- October 2016 (2)
- August 2016 (1)
- July 2016 (1)
- June 2016 (1)
Subscribe by email
IoT Security has to be planned and designed into products from the beginning and not tacked-on as an afterthought. Period.
The reports of cars that have been taken over by hackers, medical devices that are allegedly not as secure as they need to be, and other security oversights, put people and their data at risk and frighten away potential buyers (and even suppliers) of those products, slowing down the realization of a connected world with more efficient industry, better population health, and arguably safer roads.
While yes, it will always be a cat and mouse game that we as an industry play and products may never be 100% hacker-proof, we as service providers and IoT developers have a responsibility to apply common sense and follow security best practices from the outset. After all, you wouldn't design a laptop without security, why design a medical device that way?
Zipit knows a thing or two about product design.
In fact, we have an extensive background in product design and development stretching back for more than a decade. Our first branded product was a Wi-Fi instant messaging device, used primarily by teens and pre-teens in early 2003.
From the beginning, we took the proper precautions to design-in security, and not just because we wanted to protect the company's infrastructure and intellectual property. It was the right thing to do, especially because our devices would be used by teens and pre-teens, people that are now routinely identified as targets of everything from cyber bullying, spyware attempts, or worse.
In the first release of the Zipit Wireless Messenger product, we actually designed in a special hardware encryption chip that we would enable through an Over the Air (OTA) software update upon first connection to the Internet. This upgrade path was designed so that we could securely provide new features to our product as the needs of our customers evolved. Lo and behold, we were amazed at how quickly the repurpose (read: hacking) community started to modify the original device using the upgrade facility we built into the solution. Let's be clear about what we are saying here. The device and the software on our device was never compromised through this upgrade path. People were able to modify the device for their purposes but never able to touch or modify the core functionality of our product and the market we were serving. People repurposed the device for uses outside of what we envisioned would be possible. There were some very creative applications that were created as part of these efforts.
We did not envision that this device would attract genuine interest from enterprises or professional groups mainly due to its hardware and software limitations. It was an inexpensive device at $99, with 8MB of RAM, a 16-bit CPU, running embedded Linux. It just happened to be the first sub-$100 embedded Linux computer and many people had ideas for it that we did not originally conceive of. Eventually, a software company licensed our hardware for an education market which we fully supported.
In our 2nd version of the product, we added all the technical requirements to keep tinkerers busy but with the proper support from us: an SD expansion slot with the ability to boot into a different version of the operating system, an expansion port with documented pinouts, a color screen and a lot more CPU and memory, and a development wiki and license agreements. We liked the idea of being an enabler for other markets even back then but the right plan and support infrastructure needed to be put in place.
Fast forward to the IoT products we work on today.
We continue to develop them with security in place, not just for the same reasons I stated earlier (protecting infrastructure, IP, content and the physical devices) but also because now that more people are developing for the IoT than ever before, companies can no longer accurately predict the use case opportunities available to their products. This means security must be put in place, even if it initially does not seem logical to design-in encryption in say, an outdoor trail camera used by the hunting community.
The same outdoor camera designed to capture images of wildlife scurrying through the woods, could easily end up being used in different locations like the back of a home as part of an overall security system. In the wrong hands though (and without implementing proper security) people with nefarious ideas could try to compromise the content on that device and that could hurt the product and companies behind it.
Even State and Federal government entities are working to ensure IoT security measures are being taken, legislating patient privacy laws to ensure connected medical devices which may transmit protected health information, are kept secure and encrypted at all times.
In addition, there are many companies and standards bodies working on IoT security initiatives like this to ensure that the Internet of Things is a world we can all benefit from.
We've asked Lee Stogner, certified PMP, and member of the Future Directions Committee of The Institute of Electrical and Electronic Engineers, The IEEE, to share info on the IEEE's initiatives that focus on addressing security challenges:
With resources from around the world, the IEEE has divided the problem into areas that can be more easily addressed.
These include:
- The Smart Grid
- Transportation Electrification
- The Internet of Things
- Cloud Computing
- Big Data
- Smart Cities
- Artificial Intelligence
- Hardware and Software Standards
- Cybersecurity
Within these areas, experts have created Publications, Training, Standards, Conferences and Forums where people, companies and government can talk and find ways to solve security problems. The result is an international team that is working together. The IEEE does not work by itself but works with other international private and government groups to ensure that cybersecurity solutions are universal and can be used by everyone.
For a quick introduction into what the IEEE is doing, go to http://theinstitute.ieee.org/static/special-report-cybersecurity
For ongoing IEEE cybersecurity information, go to http://cybersecurity.ieee.org/
We cannot predict how all IoT products will eventually be used or what amazing possibilities they will enable. What we can predict is that there will always be creative people finding new ways to utilize them and in ways we may never have considered. Some good, some bad.
We just need to prepare for both.
If your company is interested in leveraging IoT technology, or has questions about the security considerations that need to be taken to provide a best-in-class IoT solution, get in touch with us today so we can assist you.
Related Content
The latest IoT insights and platform updates from Zipit.
The Internet of Things (IoT) has transformed industries by creating a network of i...
As you explore cellular connectivity solutions, finding a partner equipped to help...
Having spent over a decade in the constantly evolving Internet of Things (IoT) ind...