What Are You Going To Do About IoT Security?

Everyone agrees there’s a big problem. So now what?

popularity

We’re almost inured these days to cybercrime—the frequency of the hacks, the incomprehensible scale of compromised accounts, their contents vulture-pecked clean. It’s estimated that cybercrime steals half a trillion dollars each year from the global economy.

Much of this is enabled by us as users, succumbing to phishing attacks and just being lazy about good password hygiene. The cyberpsychologist Mary Aiken reminded us at the recent Arm TechCon that we are not all IT experts, and security is not always built into devices and systems by default. As users, we assume too much and often have a false sense of protection – fake safety, she called it.

Editors here at Semiconductor Engineering and at other industry publications write about IoT security issues more now than ever because the problems are growing. Indeed, this publication now devotes an entire section to it, a level above this article.

Technology companies bear a responsibility for ensuring devices and systems are secure, especially now as we ramp toward a trillion connected IoT devices. And companies need to step up their game to think beyond the terms and conditions of their contracts with users.

Seeing outside the tunnel
We’re so tunnel vision-focused on product development and innovation that it can be difficult for companies to look up from their work for a moment and see there’s a bigger problem brewing. It threatens to swamp us unless we try a new, bold approach.

As part of this, we created the IoT Security Manifesto as starting point on an important journey. It lays out the challenges of designing for security as we hustle into the future; it describes fascinating technological directions for IoT security (Digital immune systems? AI-enabled mobile devices that know it’s you based on your usage patterns? Yup); and it includes a call to action for companies to adhere to a digital social contract for security.

Arm CEO Simon Segars laid it all out in his keynote at our annual Arm TechCon event this week.

“Cyber security’s a mess, if you ask me,” he said. “There is this patchwork quilt of stuff glued together, and the bad news here is unless we do something, it’s going to get worse.” (Segars has blogged about the topic as well).

Arm CTO Mike Muller, in his keynote, said, “You’re not going to get IoT to scale unless people trust their devices. To make them trustworthy, they have to be secure and, in IoT, I say security cannot be optional.”

I’ve covered this industry, in one form another, for 25 years and I’m not sure I’ve ever heard a bolder rallying cry, especially around security. Now you’d expect me to say that because I work with Arm, but if you can come up with a better example, I’m all ears.

Collective effort

In any case, this isn’t just an Arm issue and isn’t something that Arm alone can solve. To be sure, Arm has offered its security solutions for many years, the most recent being the Platform Security Architecture technology unveiled at TechCon. (Arm has more details here, as well). But overcoming security vulnerability is a challenge that extends beyond individual companies, and, if left to fester will threaten our future.

We all know we need to act collectively and stop pushing the problem over to the next guy. How do we begin to evolve from this model?

The good news is the technology sector is crowded with brilliant people. We’ve identified the challenge and now we’ll begin to frame and build the solutions. Together. Because that’s the only way.

So, I put the question to you: How, as an industry, do we proceed? What’s our next step? And how do we work together effectively to confront a problem that’s sucking hundreds of billions of dollars from the economy every year?


Tags: