Sponsored By

Why IoT Security Is Like a Time Machine from Dr. WhoWhy IoT Security Is Like a Time Machine from Dr. Who

Everyday, there seems to be new headlines warning of IoT security disasters, little of it is really new. Meanwhile, there are relevant security lessons to be gleaned from the classic British science-fiction series.

Brian Buntz

August 19, 2016

2 Min Read
The Tardis time machine / spaceship in Dr. Who was disguised as a police box.
tardisbuilders.com

While there are real problems to be addressed with IoT security, much of the proposed solutions seem to be generic, failing to take into account the human factor of hacking and the economic factor, says Derek Kerton, founder of the Kerton Group and founder and chairman of the Telecom Council of Silicon Valley.

The Economics of Hacking

“If nobody cares about hacking your device, that is more important than how good your encryption is,” Kerton says. “Economics dictates security. But it also dictates the cost-benefit analysis for the hacker. If you are doing security merely from an engineering perspective, it is like coming up with the world’s best technology but not having a business plan or a value proposition.”

Of Hacking, Time Machines, and Bike Locks

Instead of giving up on the plans for ambitious technology because of an inherent security risk, Kerton recommends that companies ask: “what is in it for the hacker?” and “how can we make it so that there is less in it for him and make it hard enough for him not to do it.” You don’t want to be the lowest hanging fruit for a hacker.

“This reminds me of the TARDIS time machine and spacecraft in Dr. Who,” Kerton says. “It looks like a normal police box from the outside. But if you knew what it was, you would probably steal it.”

An important trick to avoid getting hacked is to design your application so it doesn't look appealing to a hacker—so it looks more like a police box than a time machine. 

The parallels between hacking and theft is often overlooked. Ultimately, IoT security—or any kind of security—isn’t all that different than, say, locking up a bicycle in a public place. “I don’t have to have the perfect lock for my bike; I just have to lock it up better than the next bicycle. The worse the bicycle is, the better my security is. That’s just economics. If you have a crappy bike with a decent lock, nobody is going to steal it.”

That doesn’t mean companies should aspire to have subpar technologies to bolster their security, but that they should aspire to understand the mindset of a hacker rather than focusing solely on technological solutions.

In the economics of hacking, everything isn’t necessarily about money. Prestige or bragging rights are often a part of hacker’s payback.

To improve your IoT security, try to understand what would drive a hacker to target your technology in the first place.

As Sun Tzu said millennia ago: “To know your enemy, you must become your enemy.”

About the Author(s)

Brian Buntz

Brian is a veteran journalist with more than ten years’ experience covering an array of technologies including the Internet of Things, 3-D printing, and cybersecurity. Before coming to Penton and later Informa, he served as the editor-in-chief of UBM’s Qmed where he overhauled the brand’s news coverage and helped to grow the site’s traffic volume dramatically. He had previously held managing editor roles on the company’s medical device technology publications including European Medical Device Technology (EMDT) and Medical Device & Diagnostics Industry (MD+DI), and had served as editor-in-chief of Medical Product Manufacturing News (MPMN).

At UBM, Brian also worked closely with the company’s events group on speaker selection and direction and played an important role in cementing famed futurist Ray Kurzweil as a keynote speaker at the 2016 Medical Design & Manufacturing West event in Anaheim. An article of his was also prominently on kurzweilai.net, a website dedicated to Kurzweil’s ideas.

Multilingual, Brian has an M.A. degree in German from the University of Oklahoma.

Sign Up for the Newsletter
The most up-to-date news and insights into the latest emerging technologies ... delivered right to your inbox!

You May Also Like