How Cybersecurity Will Be Defined In A Hyperconnected Future

Self-driving cars connected to intelligent, city-wide traffic grids. Smart homes where everything from the thermostat down to the coffee maker is Internet-connected and app-controlled. Sensor networks that give manufacturers unprecedented visibility into their products and the capacity to continually enhance the end-user experience.

The world has, for several years, been gradually marching towards a world defined by hyperconnectivity. A world where the Internet of Things will underpin and explain every facet of our day-to-day, from our home to our workplace and everything in-between. A world where everything is online and our lives are that much better for it.

It almost feels as though we live in a science fiction novel — though whether or not it constitutes a dystopia perhaps remains to be seen.

As you've no doubt surmised, this hyperconnectivity is not without its risks—quite the contrary. Multiple experts have described the growing Internet of Things as a cybersecurity nightmare.

A threat surface larger than any we've ever seen before. Manufacturers with no software or security expertise are frantically loading poorly-developed firmware onto their products to be first to market. Endless access points for cybercriminals, and botnets the likes of which the world has never seen.

"IoT device manufacturers have not prioritized security to date, mostly because they are motivated by profit," wrote Matt Toomey, marketing manager at IT research firm Aberdeen. "Embedding adequate levels of security into IoT devices would cost more, require specialized expertise, and may even involve product redesigns to accommodate different types of processors that power the security features. Therefore, the vulnerabilities proliferate."

It has been two years since Toomey penned those words. An eternity in the tech sector. And yet nothing has changed.

Insecure IoT devices continue to increase, their numbers now in the tens of billions. Vendors continue to ignore cybersecurity, continue failing to understand even the most basic design principles of creating a secure system. And consumers are, for their part, either ignorant or unconcerned.

Some efforts have been made to develop IoT security frameworks, of course. But as is often the case, these efforts are proceeding at a glacial pace relative to the technology. In the meantime, the problem continues to worsen.

As you might expect, the short-term outlook isn't great. Businesses that seek to use IoT devices internally will primarily be responsible for carrying out their due diligence, seeking vendors that prioritize security and deploying endpoint management software that allows them to retain visibility into and control over their infrastructure. DDoS mitigation will likely become critical as botnets grow increasingly in size, and guest networks for Internet-connected appliances like refrigerators will become the norm in the workplace.

The automotive industry may provide a glimpse of how IoT security may look in an ideal world in the long-term. There, security operations and computation are primarily managed at the edge, with all network communication wrapped in the highest encryption level possible. Automotive manufacturers know that if their products are compromised, the consequences will be far worse than exfiltrated or lost data.

Lives will be lost.

As more and more of the world is brought online, vendors will need to start subjecting their software and hardware to ever-increasing scrutiny. Extensive code reviews, automated edge security tools, and development life-cycles that prioritize safety over profitability will need to become the norm. Because I can say, without any hesitation, that the alternative is not a world I want to live in.

About the Author

Tim Mullahy is the Executive Vice President and Managing Director at Liberty Center One, a new breed of data center located in Royal Oak, MI. Tim has a demonstrated history of working in the information technology and services industry.