IoT Security == Hygiene
IoT Security == Hygiene
The majority of cybersecurity work is not glamorous — it’s just good hygiene.
Join the DZone community and get the full member experience.Join For Free
Digi-Key Electronics’ Internet of Things (IoT) Resource Center Inspires the Future: Read More
Well, we have a long list of excuses. We are too busy, the product does not have enough budget, or the project margins are too small to justify significant engineering effort. As IoT devices become more prevalent in our homes and start to migrate into industry (as the new buzzword industrial Internet-of-Things seems to indicate they will), this approach will become less and less supportable. The odds of a significant lawsuit involving a compromised cloud camera trained on a driveway is much lower than that for a similar camera used to monitor water levels in a water treatment plant. Of course, we don’t need to wait for such a lawsuit to force us to start securing systems — we can just do things the right way instead.
Like most things, the majority of cybersecurity work is not glamorous — it’s just good hygiene. And today’s engineers need to be taught what this means. Most engineers are going to focus on ensuring a project is functionally complete and evaluate progress on how quickly and how well they can deliver that functionality. But good cybersecurity is related and doesn’t take that much extra focus. Students need to learn how to review code; what library calls aren’t safe; how to monitor a product’s technical basis once it’s delivered to ensure that it remains secure; and how important it is to be able to update products when things go wrong. They need to know where to look to find information on the security status of libraries or systems they might use, and what that information means when they find it. They need to understand system and application hardening and secure programming practices. And much of this information is available today — students just need to learn that they need to look for it and use it.
For the first time, we have a compelling argument for investing in the security of the systems we build. In the past, justifying effort on securing deployed systems was difficult as the investment had no real return. Today, things are changing. Executives are being held responsible for the security of their products, and this trend does not seem like it will reverse. More and more managers — technical, financial, or business —understand the real risks and impacts of insecure products. The time for engineered security is here. We just need to make it happen. And we can start with our systems today.
Opinions expressed by DZone contributors are their own.