Our subject today comes from an arresting sentence in a recent eWeek article entitled, “Internet of Things Security Issues Have Consumers Worried.”
Well, there’s nothing too surprising about that. The security issues that accrue when connecting the things you care about to the Internet are worrisome indeed.
Matters get more interesting with the subheading: “Survey results indicate a lack of information about the security safeguards in place is fueling respondents’ worries about Internet of Things (IoT).”
Oh, it’s the lack of information that is fueling worries, is it?
I have been working in the field of security — with side trips into coding for industrial control systems such as nuclear reactors — for almost 30 years. I have implemented TCP stacks on embedded devices, written device drivers and microprocessor control routines, and secured large enterprise networks. I was an early adopter of “Smart Home” automation technologies — X10, anybody? — and even spent years at Sun Microsystems. (“The network is the computer.”) Believe me, I am down for the IoT cause. But I’m not just worried, I’m terrified.
To be clear, when I talk about the Internet of Things I mean ubiquitous computing.
Coming soon — we are almost there, really — massive numbers of everyday objects will be connected to the Internet. A worldwide meshed network will include only your refrigerator, the thermostat in your home, and of course many parts of your car; but most everybody else’s stuff, too. While you’re visualizing that, toss in onboard medical devices such as implanted insulin pumps and pacemakers; car keys, boxes of Jell-O in some celebrity’s pantry, gondolas in Venice, and sex toys in places I don’t want to speculate about.
All will be connected. Some of them will be flashing and beeping incessantly, too, dammit; but let’s not go there. That’s one curmudgeonly step too far.
WHAT BAD THING CAN HAPPEN?
For a clear and very entertaining description of a simple domestic nightmare, check out the brilliant “Homewrecker Virus” fantasia written by Michael Schrage in 1993.  (That’s right, 1993. Did you think Cisco invented this concept?)
For more exalted worrying, imagine 10,000 cars being driven under computer control. Now imagine a teenage hacker who is mad at you directing those 10,000 cars off the freeway and up your driveway. If you would like nation-state kind of scenarios, imagine bad guys in petroleum-rich countries subtly raising millions of thermostats in the United States to drive their oil profits up. (Oh, you prefer your malefactors to be corporate fat cats? Feel free. You are, after all, about to turn over more control than ever before of your used-daily devices to corporate manufacturers you do not know and could never identify.)
Let us set aside the unprecedented opportunities for mischief and malfeasance the Internet of Things presents. Surely, earnest competent engineers will be able to build reliability, security, and assurance into the new devices and the meshes that envelop them?
It’s possible, I suppose. But, realistically? We should plan for failure — common, frequent, sometimes catastrophic failure.
WHY IS “THING” SECURITY SO HARD?
Here are four reasons why I am so skeptical we will see a secure, reliable, and resilient Internet of things in the foreseeable future.
- Although most people think of confidentiality and privacy losses when they visualize security failures, in the world of industrial control systems and embedded devices the bigger threat is generally downtime. It is going to be very hard to protect Internet-connected pacemakers from denial of service attacks and buffer-overflow-induced crashes. We already have botnets (malicious networks of compromised systems) with hundreds of thousands of nodes. When the Internet is a billion times larger, should we not expect the attack vehicles to be concomitantly massive and powerful? (Yes, large adaptive networks may be built that can shift resources and self-heal. But individual devices like your Internet-connected insulin pump? Intrinsically less flexible and more vulnerable.)
- Good people write bad code. There are technical, psychological, and economic reasons why the security quality of the world’s software is so terrible. I should know: I have committed most of the common security blunders myself. I also wrote, with Ken van Wyk, one of the first books on the subject. We called it — rather cheerfully, in retrospect —Secure Coding.  Follow the provided link to read the first chapter, which lays out key barriers to secure design in detail.
- Perhaps the greatest reliability challenge for a complex system (and we are talking about the largest, most complex “device” ever undertaken) is errors of composition. Briefly, these occur when disparate elements entailing differing design assumptions are combined together. The entire history of technological advancement tells me that the Internet of Things will never be a holistic homogeneous composition of like devices with consistent and well-defined interface conditions. It will be a hodgepodge! Within a very few years, the Internet of Things will surely exhibit an attribute I call “heterotechnochronocity,” being comprised of subcomponents from varying technical versions, releases, and even eras.
- Cars, planes, toasters, chemical processing plants, and vibrators: they will all be mixed together. Some of them may have good security, but all of them certainly will not. And generally, of course, the resistance of any complex system to attack sinks to the level of its least secure component.
In sum, I worry that making an Internet of Things “secure” — in the common meaning of the word — is just not possible.
Let’s hope I’m wrong.
I can’t leave this topic without referring you to the marvelously apposite First Law of the revered science-fiction author Arthur C. Clarke. “When a distinguished but elderly scientist states that something is possible, he’s almost certainly right. When he states that something is impossible, he is very probably wrong.”
So, not impossible, perhaps; but, surely, worrisome. Q.E.D.
Sources and Resources
 Nathan Eddy, eWeek, Internet of Things Security Issues Have Consumers Worried, http://www.eweek.com/small-business/internet-of-things-security-issues-have-consumers-worried.html
 Michael Schrage, “The Day You Discover That Your House Is Smarter Than You Are”, Los Angeles times, the 25th, 1993. http://articles.latimes.com/1993-11-25/business/fi-60788_1_house-networks
 Mark G. Graff and Kenneth R. van Wyk, Secure Coding, O’Reilly Publications, 2003. Chapter 1 is online at http://www.oreilly.de/catalog/securecdng/chapter/ch01.pdf.
 Arthur C. Clarke, “Hazards of Prophecy: The Failure of Imagination” in the collection Profiles of the Future: An Enquiry into the Limits of the Possible (1962, rev. 1973), Astounding, February 1942. As cited in Wikipedia, http://en.wikipedia.org/wiki/Clarke’s_three_laws.
(c) 2015 Tellagraff LLC