IoT - The Internet of What?

What most people see at the internet (ok, for those that know, the world-wide-web) started in 1994 when Tim Berners-Lee invented the HTML protocol. Once this had started, the 'browser' wars between the likes of Netscape and Microsoft came into play with Microsoft winning because they put their browser in their OS by default! . Since the promulgation of the smartphone into widespread use, there has been a continuous battle between the likes of iOS, Android and the Microsoft OS's, as they strive to keep their users within their ‘eco-system.’ Call me controversial but Microsoft pretty much won the browser war, Google is winning the ‘search’ war and Apple is winning the smartphone war. But all their 'cloud' sharing stuff works on all platforms.

Cue the “IoT Wars”

In this continual cyber-war for domination, the next front is opening up it’s called; the ‘Internet of Things’ (IoT). This is where lots of devices (some which are small, big, domestic, industrial) all start interconnecting with each other for various reasons. There are two main factors that are in place that are enabling this change:

Factor One: IPv4 to IPv6

There are 4.3 billion IP addresses within the IPv4 range and they’ve nearly run out! Surprised? Shocked? Nonplussed? Well there are 340 trillion billion IPv6 addresses, so that means that any device can connect to the Internet with the new type of IP address. In simple terms, they’re changing the way ‘Internet postcodes’ are dealt with so that there are more of them!

Factor Two: Connectivity

Broadband and mobile connection speeds are getting faster so that they can communicate with other devices in various ways. This means that various devices are able to connect to the ‘mother’ device (usually a router) using a low power-connecting device that then sync’s with the other devices that are connected through the Internet. So an example of this would be lots of little devices connecting with your smartphone and then the smartphone connecting with the cloud hosted server

Having understood the basic premise of what the Internet of Things needs to do in order to work in the mainstream, we are in the process of connecting our devices and lifestyle more than ever before. The IoT will have devices that control our heating, order milk that’s about to go out of date, vacuum the floor, measure our heartbeat and tell the doctor that we’re having one too many ‘one for the roads’.

This might sound slightly far-fetched but did you know you can buy Wi-Fi controlled vacuum cleaners, the new apple watch will measure your heartbeat and there is a mobile app made by NEST which can control your heating in your house. There is also an explosion in the health tech gadgets which monitor heart beats, number of steps, body fat, weight, BMI etc. All of these have been in place for a while, but now these devices are connecting with smartphones and web-based accounts. This is a growing phenomenon and sources say that by 2032, there will be 5,000 IoT devices interacting with an individual as part of their ‘smart’ life, quite what they will be doing to enhance our lives is beyond anyone’s guess.

Some might say that the creation of IoT will create a global, cyber panopticon where the Internet can measure and observe every movement in our lives. If there aren’t enough concerns about privacy today, this problem will only get worse.

‘Who really wants to know how many times an individual boils a kettle or changes the temperature in their house?’ I hear you ask.

But for marketers, this data is gold dust.

Security, Privacy and Trust.

There are three main principles that will underpin almost anything that happens amongst the IoT;

1) Security in the sense that all the devices that are associated with your life will not cause inconvenience or harm to you…i.e. your data isn’t used in a fraudulent way.

2) Privacy in the sense that how your data interacts with the IoT does so in the way that 3rd parties cannot see it unwittingly, thus disclosing information that you want to keep private.

3) Trust in the sense that your digital identity is kept intact as a result of the interaction. The last thing that someone wants is what we call in the industry is a ‘false positive.’

The concept of a digital identity is also an interesting one as it spans the question of ownership and we see this coming to the fore today. There was a prediction that by 2015, there will soon be 1 smartphone for every 5 people in the world[1], but yet they put corporate information on these smartphones…and vice versa. Therefore there are two digital identities that come into play here, the personal identity and the corporate identity. The personal identity will always remain with you, but the corporate identity is with you as long as you are working for that organisation. Some might have a ‘hobbies’ identity that will associate them with other like-minded people but keep it separate from the true personal identity.

Reading this shouldn’t be taken as another reminder to come up with a crazy and inventive way of running security awareness training sessions, but it is far more in depth and profound than this.

There is no doubt that the IoT will emerge as the next evolution of the internet, but is our data protected in the same way that we expect it to be? The EU will be undergoing the biggest change in Data Protection legislation in the next couple of years and so will our interaction with devices. For example, 10 years ago, email was a messaging system that was on a desktop (or laptop) that was connected mainly by a physical cable; now email is one of many messaging systems and when was the last time that you looked at your email at home on a desktop? My guess is that before you got home, you had over 10 emails / Facebook / LinkedIn / Whatsapp / Snapchat messages alerting you on a smart device.

It seems clear to me the Information Security industry needs to go beyond the bland risk assessment and the security awareness training. It’s time to ask ourselves, do we all need to become Information Security experts so that we can track, monitor and retrieve our identities whenever we need to. Or are we sleepwalking into a cyber panoptic society?

[1] http://www.businessinsider.com/15-billion-smartphones-in-the-world-22013-2