RSA 2015: IoT could compromise critical infrastructure
To flesh out the debate, moderator James Lewis of the Center for Strategic and International Studies assigned each speaker to role-play as advocates for each position. Afterward, they agreed that the key to distinguish between an IP-enabled household appliance and network-enabled equipment in industrial settings without regard to security. Often, people "have no idea that they have just opened up critical functionality to the Net," said Jeffrey Greene, Symantec's director of government affairs.
For now, the risks associated with IoT are less to critical infrastructure than to the continued diminution of privacy, said Sameer Bhalotra, a former US government staffer currently at work on a startup. Encryption, seen as exotic not long ago, now comes standard for node-to-node links on wireless networks, Bhalotra pointed out.
Victoria Yan Pillitteri, advisor for information system security at the US National Institute of Standards and Technology, made a similar observation, adding that the industry and consumers alike must understand the value of the data generated at IoT.
"We need to have a risk based approach of looking at privacy," Pillitteri said.