The Internet of Things has the potential to revolutionize every aspect of our lives and business by linking devices – such as baby monitors, industrial sensors, and smart phones. Already a reality (the Internet now links more devices than people), examples of its benefits range from bringing industrial jobs back to the U.S. in hyper-efficient factories to life-saving medical devices. Programs such as IBM's "Smarter Cities" demonstrate its transformative power for government.
However, on the heels of the NSA scandal, news of security problems’ threat to privacy may cripple the IoT before it achieves its promise.
The IoT’s greatest strength, its ability to harvest and relay vast quantities of real-time data about machines’ operations, cars in traffic, and even our own bodily health also constitutes its greatest vulnerability, if that data is easily obtained by those who would misuse it. Vanity Fair even raised the specter that criminals could hack life-saving IoT medical devices to kill us. Terrorists could hack the “Smart grid” to cripple the power grid.
The Obama administration has almost entirely ignored the Internet of Things (by contrast, it's frequently mentioned by the Chinese leadership, which has invested massive amounts in the technology) . The president has never mentioned it, and the FTC is the only federal agency that has begun to protect IoT privacy and security.
Chillingly, the only other government official who has expressed interest in the IoT was former CIA Director David Petraeus, who showed an interest of tapping into homes: “Items of interest will be located, identified, monitored, and remotely controlled,” he said.
Nor – while some IoT companies have made security and privacy a major priority – have others given it enough attention. The result? The Shodan search engine proudly announces it lets you “EXPOSE ONLINE DEVICES: webcams, .. power plants, iPhones, .. refrigerators.”
The European Union has focused more on IoT privacy and security, and there is serious talk in Europe of making personal data protection a fundamental human right.
But more must be done.
Individual companies must make privacy and security a priority. Opaque user agreements such as Facebook’s letting the service provider remarket or redeploy user data won’t be acceptable. A recent INEX study of one multi-billion industrial market revealing 96 percent of industrial equipment owner/operators believe they own data from their machines, and access to it is theirs to determine -- not the machine’s builder or service providers that connect it. Customers must legally own their online data, determine who has rights to what, and sharing must be “opt in”, with ZERO sharing as the default.
As for security, companies should explore Resilient Networking, a concept developed for the Department of Homeland Security framing new approaches to network/cyber security in more connected, distributed, automated, and dynamic digital networks.
But individual efforts aren’t as important as collaborative ones, again, because of the data-sharing that is central to the IoT’s transformative power. We’re encouraged by formation of the IPSO Alliance and the IoT Consortium, which make security and privacy a priority.
The president must also become involved in this issue. One reason is that the IoT will benefit government: cities worldwide are already applying the IoT, and it can make government in general more effective and responsive. Working closely with the private sector is a priority because 85 percent of the nation’s critical infrastructure, including the electric grid, pipelines and chemical plants, is in private hands, and is the focus of IoT initiatives such as a the “smart grid” to make them more interconnected and reliable – but also more vulnerable to a coordinated attack.
The Internet of Things has truly remarkable potential to help us address our grandest challenges and opportunities by creating new sources of data and intelligence from the physical world that we have not had: broadly, cost effectively, securely. IoT can help us reinvent agriculture, natural resource management, education, security, governance, retail, manufacturing, logistics and more. But if security and privacy standards aren’t top priorities for government and industry, all of those benefits may be squandered.
Rezendes is CEO of INEX Advisors (New Bedford, MA), an IoT strategy and angel investing firm. Stephenson is principal, Stephenson Strategies (Medfield, MA), who wrote SmartStuff, an e-book introduction to the IoT.