Can We Secure the 'Internet of Other People's Things'?

The IoT, and the security thereof, represents the greatest business opportunity for the IT industry in the second half of the second decade of the 21st century.

The "Internet of other people's things" is simply another way to describe the Internet of things in the hands of bad actors.

The Internet itself has always been a playground for hackers, but the IoT—with all the inanimate, automated devices about to come online in the next few years—multiplies attack surfaces and network access points tremendously.

So the playground will become a bigger greenfield for the bad guys and increasingly risky for everybody else.

The Internet of other people's things, or IoOPT, really translates into the "Internet of everybody's things." While we enjoy the online benefits of buying goods and services, sharing documents and photos, playing games, watching videos and listening to music, the tradeoffs involving personal data privacy and the risk of online fraud or theft are always present.

Biggest New Potential Market Since the Internet Itself

This is the greatest opportunity for the IT business in the second half of the second decade of the 21st century: How exactly to keep the lines of Internet communication secure and trustworthy—that's the key term—so that business and personal (as well as machine-to-machine) interactions can be conducted safely and without interference from any outside party?

The company that can come up with that solution could become king of the IT world. Many are trying, but nobody has come up with a bulletproof solution for every type of hack attack.

Sound like a pipe dream? Can this be accomplished? Those who see themselves as realists in an industry that is loaded with dreamers do not think so.

Jeff Moss, a celebrated former hacker and founder of both the DevCon and the Black Hat security conferences, told eWEEK at the RSA Conference 2015 that he believes conventional security will never jump ahead of the hacker community with an ability to completely shut out all data breaches or other types of attacks.

"I'd be really good with like 80 percent security, because we're never going to get to 100 percent security," Moss said. "And we don't have anywhere near 80 percent yet. But if we got to 80 percent, that means we only have to work on the remaining 20 percent."

Hot Topic at All Levels

The security of the Internet of other people's things is becoming a hot topic at all levels and sizes of business, mainly due to national and international news stories about multimillion-dollar attacks on familiar companies, such as Home Depot, Michael's, Target and others.

Sami Luukkonen, global managing director for the Accenture's Electronics and High Technology business, is seeing vendors of all shapes and sizes coming to his organization asking about IoT, and they're all worried about security.

"Security concerns have really been raised by industry players, due to media attention around cyber-attacks," Luukkonen told eWEEK's Sean Michael Kerner. "All the attention has really woken vendors up to the risks and consequences of an attack."

In the past year or so, the biggest security issue involved the privacy of consumer data, he said. Luukkonen sees the shift in focus to security as a sign of maturity in the IoT business.

For many of the top vendors in electronics, IoT is at the top of their agendas for new initiatives, Luukkonen said.

"The opportunity for IoT is tremendous, and everybody is going after it," he said. "At the same time, vendors realize that they are introducing a huge number of open interfaces that could be open to attack."

Not Only About the Bad Actors

However, the IoOPT isn't only about bad actors. People, and not always bad guys, will be connecting (often by accident) with other people's devices more often, and not just with phones and tablets. The sheer number of new URLs will fan this flame. Network flaws and crossed wires in networks also will contribute to this. Security will work well for some devices and networks and less well on other networks.

IoT devices will mostly be embedded systems with lightweight operating systems, such as Linux. Each device will thus be a fully accessible server on the Internet with access to the rest of the Internet. There are already too many possible points of entry for security to be airtight, and with the IoT, these will be multiplied a hundredfold or more.

Chris Preimesberger

Chris J. Preimesberger

Chris J. Preimesberger is Editor-in-Chief of eWEEK and responsible for all the publication's coverage. In his 15 years and more than 4,000 articles at eWEEK, he has distinguished himself in reporting...