The Internet of Things is projected to add up to $11.1 trillion annually to the global economy by 2025, a veritable gold rush that’s drawing designers and entrepreneurs keen to get in on the action.
But the stampede has also contributed to a free-for-all stemming from the absence of centralized security standards around IoT.
That’s resulted in a market littered by literally hundreds of protocols addressing different aspects of the IoT ecosystem, from application development to machine-to-machine communications.
In the absence of real oversight governing the development of the more than 6 billion devices in use today, the onus falls on enterprise customers to make sure there’s adequate security for the new devices getting added to their networked infrastructure.
Back to the future
Here’s the crux of the problem. Security is a relatively new concept for many of the manufacturers making IoT devices nowadays. But without uniform guidelines and practices to guide them, they are likely to go their own way when it comes to matters such as baseline guarantees of interoperability or long-term security support for their products. And because there are still no de facto standards, many IoT devices wind up using proprietary technology.
The fragmented status quo also promises more opportunity for cybercriminals. Because companies are not required to adhere to design security in their products, many give it short shrift. We’re reminded of that each time a new incident demonstrates how easily cybercriminals can take advantage of weaknesses in IoT devices. The industry received a reminder last October when a massive Mirai DDoS attack revealed the ability of hackers to exploit IoT devices as platforms to launch powerful cyberattacks.
Without a change in direction, security executives should brace for more of the same. Indeed, by the end of the decade, more than 25 percent of enterprise attacks are expected to involve compromised IoT devices, according to the latest AT&T Cybersecurity Insights report.
IoT Alliances Forming
Improvements in IoT security will require uniting around a common set of practices governing design and implementation. While there are growing calls for regulators to play a larger role in IoT, security alliances are already forming in the private sector to forge frameworks that help developers build security into the development of their IoT devices.
Last September, for instance, the Industrial Internet Consortium proposed a set of best practices as part of a security framework companies can use to build IoT devices. However, while it can identify what standards might be needed, the IIC is not a standards body.
AT&T, IBM, Nokia, Palo Alto Networks, Symantec and Trustonic this past February formed an alliance where the founding partners announced plans to collaborate on work to influence the development of IoT security standards and policies.
These different initiatives are still in the early innings and history shows that standards food fights typically take a long time to get resolved. The videotape format war, which began in the mid-1970s, didn’t conclude until the late 1980s — though the last Betamax recorder got built in 2002. Any progress these various IoT groups make hashing out a common standards approach would provide a major fillip for a technology that’s so vital to the future success of digital organizations in the 21st century.
Charles Cooper has covered technology and business for the past three decades. All opinions expressed are his own. AT&T has sponsored this blog post.