RSA 2015: IoT could compromise critical infrastructure

News by Lee Sustar

Role playing during an RSA 2015 session highlighted security issues associated with the Internet of Things.

The Internet of Things may soon encompass everything from a Wi-Fi-enabled Happy Meal toy to unsecured devices installed in critical infrastructure—and security pros must prioritise accordingly. That was the consensus of speakers at a Wednesday panel at the 2015 RSA Conference titled, the "Internet of Things: Revolutionary, Evolutionary or Fad?"

To flesh out the debate, moderator James Lewis of the Center for Strategic and International Studies assigned each speaker to role-play as advocates for each position. Afterward, they agreed that the key to distinguish between an IP-enabled household appliance and network-enabled equipment in industrial settings without regard to security. Often, people "have no idea that they have just opened up critical functionality to the Net," said Jeffrey Greene, Symantec's director of government affairs.

For now, the risks associated with IoT are less to critical infrastructure than to the continued diminution of privacy, said Sameer Bhalotra, a former US government staffer currently at work on a startup. Encryption, seen as exotic not long ago, now comes standard for node-to-node links on wireless networks, Bhalotra pointed out.

Victoria Yan Pillitteri, advisor for information system security at the US National Institute of Standards and Technology, made a similar observation, adding that the industry and consumers alike must understand the value of the data generated at IoT.

"We need to have a risk based approach of looking at privacy," Pillitteri said.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews