A recent ComputerWorld interview with cybersecurity guru Bruce Schneier highlights his "doomsday" view of IoT security. Always blunt, Schneier's remarks are to the point.
As a teaser, here's a question and answer:
"What should enterprises worry about when it comes to the Internet of things?
Elegant in its simplicity and quite likely true. The prolific IoT devices are mostly low-margin, likely to be insecure and enable surveillance. As Schneier notes, in the computer world of the 90s, no one was paying any attention to security - the IoT world is now much the same. He comments, "it’s all really, really bad and it’s going to come crashing down."
I loved this bit: "Do you know the way you patch your home router? You throw it away and buy a new one. And that is going to be a freakin’ disaster."
Schneier believes (as I do) that companies will make the next new IoT thing and then the next and no one will do updates - heck, ultimately no one may know how the thing works. All of the devices will have vulnerabilities and most of them won't be able to be patched.
If your smart thermostat is connected to your network, that could be the entry point for attack.
Will employees bring their IoT devices to work, thereby presenting another point of vulnerability? Sure.
More vintage Schneier: "They no longer say you can’t bring in your own tablet. People would just quit. I think you’ll have a hard time enforcing any of those rules because [IoT] is so powerful. If the CEO says, “We’re saving 20% of our energy bill,” and the security guy says, “But it’s insecure,” the CEO will say, “Shut up. We’re saving 20% on our energy bill. Go away.”
After the crash, does he believe it will be better? Yes. "It’s going to be solved by weird stuff, like there’ll be security within the (network) because the endpoints are all crap."
One can never assert that Schneir is not a plain speaker. A fun read and he reads the goat entrails quite well from my foxhole.
E-mail: email@example.com Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology