5 Security Truisms for the Connected World

Thanks to the Internet of Things, computer security is becoming everything security, says security guru Bruce Schneier.

Brian Buntz

March 16, 2017

2 Min Read

In the novel Foundation's Edge, Isaac Asimov describes a planet known as Gaia that is a super-organism. Every person and object on the planet are connected, creating a sort of group consciousness.

While clearly in the realm of science fiction, the notion of a world with legions of connected objects and people is very real. “We are creating an internet that senses, thinks, and acts,” said American cybersecurity expert Bruce Schneier at RSA this year. “And this is a classic definition of a robot. I argue that we are, together, creating a world-sized robot and we don’t even realize it.”

But if we are to think of the Internet of Things as a robot, it is more siloed than it is cohesive. This robot of things also lacks a central brain or a singular goal or design.

All of this make IoT difficult to secure. Towards that end, Schneier offered five cybersecurity truisms at RSA for the Internet of Things:

1. Most software is poorly written and insecure. A popular project management motto proclaims: ‘Your product can be good, fast, or cheap. Which two do you want?’ “Fast and cheap” has been the default answer of the software industry for decades. “We might want to rethink that,” Schneier says.

2. The extensibility of computing systems enables weaponization. “Computers can be programmed to do anything. The computer in your toaster can get additional features, or it can be reprogrammed, or it can get malware in a way that manual systems can’t,” Schneier explains.

3. The complexities of computerized systems cause new insecurities. Complex computing systems are difficult to secure, and it’s difficult to come up with one-size-fits-all methods to test them. “You can’t just do an Underwriters Laboratory test in the way you could do for a light bulb,” Schneier says.

4. There are new vulnerabilities in new interconnections. It seems evident that securing an office building with hundreds of doors and windows would be easier than securing a small house. But in the computing world, we see hackers exploit this basic fact. In the Dyn attack, cybercriminals shut down a chunk of the internet by enslaving video cameras and DVRs. The same principle enabled a hacker to gain access to Target’s corporate network by way of a vulnerability with their HVAC supplier. “This is really hard to fix,” Schneier says, “because no single system might actually be at fault. You could have two secure networks, put them together, and you get residual insecurity.”

5. Computers and networks are vulnerable in different ways. The failure modes are different between computer systems and the mechanical systems they replace. The internet is naturally empowering—it allows things to scale, including attacks. Schneier explains: “We know that driverless cars will be much more secure than regular cars—until they are not.”

Check out the rest of Schneier's talk here:

About the Author(s)

Brian Buntz

Brian is a veteran journalist with more than ten years’ experience covering an array of technologies including the Internet of Things, 3-D printing, and cybersecurity. Before coming to Penton and later Informa, he served as the editor-in-chief of UBM’s Qmed where he overhauled the brand’s news coverage and helped to grow the site’s traffic volume dramatically. He had previously held managing editor roles on the company’s medical device technology publications including European Medical Device Technology (EMDT) and Medical Device & Diagnostics Industry (MD+DI), and had served as editor-in-chief of Medical Product Manufacturing News (MPMN).

At UBM, Brian also worked closely with the company’s events group on speaker selection and direction and played an important role in cementing famed futurist Ray Kurzweil as a keynote speaker at the 2016 Medical Design & Manufacturing West event in Anaheim. An article of his was also prominently on kurzweilai.net, a website dedicated to Kurzweil’s ideas.

Multilingual, Brian has an M.A. degree in German from the University of Oklahoma.

Sign Up for the Newsletter
The most up-to-date news and insights into the latest emerging technologies ... delivered right to your inbox!

You May Also Like