By the end of the decade, self-driving cars will be on the roads in many developed countries. The electric grid will tell our heaters when it is more economical to run, “learning thermostats” will be in many homes, and we will track the movements of people, pets, packages, and many other things. By some estimates, the number of devices connected to this “Internet of Things” (IoT) will pass the number of connected human users by 2016.
The question is: will serious accidents be necessary before people take the risks seriously and harden this infrastructure?
Because the IoT senses and controls physical objects, serious harm can happen — either accidentally or intentionally. We need devices to be authenticated. They in turn need to authenticate the control systems from which they receive commands, and man-in-the-middle attacks need to be prevented – and that’s without exploring the infinite possibilities for industrial spying based on monitoring the signals that traverse this network.
If you make or use Internet-connected devices, you should already be thinking about the identification and authentication of individual devices and control systems, and about the end-to-end encryption of signals and commands. Otherwise, things will go bump (or “boom”) in the night and it won’t be very funny.
[Editor’s Note: This post is part of the annual “Cutter Predicts …” series.]