Making Security Part of the Plan

I wrote a blog a few weeks ago about the need for manufacturers and distributors of Internet of Things (IoT) devices to tighten up their security. My post was one of many expressing concern about the apparent lack of even basic security protocols surrounding these devices.

Last week a number of top tech companies came together to put their (considerable) influence behind this worrying issue. The Broadband Internet Technical Advisory Group (or BITAG) set out a number of recommendations for IoT devices that would make them more secure.

Let me be clear, I think it is great that these heads of industry are calling for better security, but I have to admit that I was a little concerned when I read their list of recommendations. Software updates? Password protection? These are security basics, things these manufacturers should already have been doing.

The devices we’re talking about aren’t just the smart running shoes and smartphone connected climate control that the super techy are pining for this Christmas. These are webcams, wifi routers, baby monitors; objects that people use all the time.

How did we get to a point where so many people were using so many devices that were, essentially, completely unsecure?

We can talk about regulation and the importance of innovation all day long, but the biggest issue, at least as far as I am concerned, is a complete lack of planning.

This isn’t a problem because the companies were unregulated, it’s a problem because the companies were so excited about making a device that let you check your baby monitor on your smartphone that they didn’t really think about the potential security issues that went along with it, or more troubling, were more concerned with an easy way to help administer the device and seem to have thrown away security logic in making this decision.

I’m glad attention has been brought to this issue, but the real change is going to have to come from the innovators. They are going to have to start thinking about the potential security ramifications of their inventions and plan for them, right from the start.

It is what software engineers have been doing for decades, planning and patching for potential threats. It’s time the IoT engineers got on board.