Modern field guide to security and privacy

Preparing for a future where everything is connected to the Web

At an Atlantic Council event on Thursday, experts said that Internet-connected devices need to be more rigorously defended from hackers to realize their potential.

Tony Avelar/AP/File
Google's self-driving prototype car seen in May 2015.

It’s no secret that the Internet of Things is exploding: Already, things like medical devices, cars, and electric meters connect to the Web.

But before companies put billions more devices online – thermostats, ovens, and refrigerators – experts speaking at an Atlantic Council event Thursday that the cybersecurity industry needs to do more to enhance public safety controls on connected machines.

"Someone has to fill this void and we have to act quickly," said Joshua Corman, founder of I am the Cavalry, a grassroots organization focused on securing Internet-connected devices. "A critical element is that the public trusts these technologies."

The adoption of Internet-enabled devices could be hampered, said Mr. Corman, by recent news of software vulnerabilities and malicious attacks. In February, for instance, Google’s self-driving car ran into a bus in Mountain View, Calif., in the first reported instance of a vehicle causing a crash without a driver at the wheel.

Although a ransomware attack on Hollywood Presbyterian Medical Center in Los Angeles earlier this year targeted data – not medical devices – Corman worries that a spate of 2016 hacks on hospitals could impact public trust in medical software.

So far, confidence in IoT devices seems to be mixed. In an Intel Security survey released Wednesday, 75 percent of the 9,000 respondents selected from nine countries, including the US and Britain, expect smart homes to improve their quality of life – but 66 percent worried that criminals could hack their Web-connected gadgets.

Right now, few frameworks exist to enforce security on smart devices. In January, I am the Cavalry proposed a "hippocratic oath" that would also apply to medical devices. After security researchers remotely hacked a Jeep last year, Sen. Ed Markey (D) of Massachusetts and Sen. Richard Blumenthal (D) of Connecticut proposed legislation that would require carmakers to abide by higher standards to hold up against attacks.

A report on smart home technologies released by the Atlantic Council last month called for IoT device-makers to help establish trust with buyers by providing secure remote updates, mechanisms that prevent the spread of software failures, and safer default settings. 

Experts who spoke Thursday said that companies need to do more to integrate cybersecurity into the product cycle.

"Security is not a Band-Aid that can be layered on, it needs to be inherent in the broader structure of the device," said Andrea Matwyshyn, a professor of law and computer science at Northeastern University. 

Additionally, panelists suggested that the lack of guidelines for Internet-connected devices in the home could be used against consumers.

"In the future, if you’re behind [on payments], you could be locked in your house until you pay back your bills," said Greg Lindsay, a senior fellow at the New Cities Foundation.

Experts said both consumers and companies will need to stay alert to potential hazards for consumers of putting devices online.

“Just because you can connect it to the Internet, it doesn’t mean you’re required to,” I am the Cavalry’s Corman said. “We’re going to have some minimum standard of care.”

 

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.