Security an afterthought in internet of things designPosted On: Mar. 5, 2018 12:00 AM CST
Many devices connected through the “internet of things” are not secure simply because they were not designed with security in mind, say experts.
The internet of things was designed “without any real attention to security, which is the same thing we did with the internet 30 years ago,” said Larry Clinton, president and CEO of the Arlington, Virginia-based Internet Security Alliance trade association.
“Much of the world’s infrastructure is built on older, less secure operating systems and models,” said Marcin Weryk, New York-based vice president and underwriting manager at XL Group Ltd., which does business as XL Catlin. Their interconnectedness “was just a piece of hardware that people didn’t think about,” he said.
“The whole point is that IOT risks weren’t really understood until millions of IOT devices were already fielded … and, in many cases, we’ve allowed these to become part of our networks,” said Alan Brill, senior managing director at Kroll Associates Inc. in Secaucus, New Jersey.
Economics, not security, has been the main driving force, say experts.
“The main driver for the IOT is the enormous economic benefits that it can drive for corporations and consumers,” Mr. Clinton said. “But the economics mitigate against embedding adequate security in many of these devices, and as result, the widespread deployment of these devices could dramatically increase the overall vulnerability of the system.”