The challenge of hyper-connected devices and the 'internet of things' will see billions of devices connected by the end of this decade, and all need to be secured.
Speaking at the RSA Conference in San Francisco, Philippe Courtot, chairman and CEO of Qualys, said that we are entering a new dimension with 12 billion connected devices, which is estimated to be 20 to 50 billion within a decade. He cited the introduction of smartphones and connected bracelets for the explosion, and said that there is a tsunami of devices coming our way that will change life in a way that business cannot predict.
“Quite silently, the hyper-connected network will offer major security challenges and increase the attack surface as it takes advantage of the adoption,” he said.
“It is already there with the barrage of security breaches that we read about in the press and we are constantly under attack as cyber criminals automate their attack tools. Security is a problem of scale and speed and we cannot continue bolting on security to prepare against invasion.
“We are faced with a dual challenge of not only a secure infrastructure that is rapidly changing, but we now have to prepare for the 'internet of things' as it is already here and clearly a huge challenge.”
He said that the security model is not designed for this, but thanks to industry progress, resources can be shared with millions or billions of devices.
Also speaking on this topic was Vinton Cerf, vice president and chief internet evangelist at Google, who set delegates 'homework' to establish secure communications on devices. He said that the 'internet of things' is historically not part of the internet, but with things such as an internet-enabled fridges, picture frames and surfboards, these can offer benefits to users.
He said: “You can know what is inside the fridge and get a list of what you can make with what is in there, or it can tell you while you are on holiday that milk has gone off and is about to crawl out. Sometimes the bathroom scales are on the same network so you get a diet display!
“This should be very thought through and should be managed and controlled, and you don't want to be interfered with, so it should be strongly authenticated. Those of you familiar with the notion of a smart grid will know that this must be strongly authenticated. Imagine every device asks for public key and talks in a secure way, tens or hundreds or billions of devices to be managed, it may be fairly reasonable at any one time, but we can build strong authentication into the core ability.”