IOT: A TALE OF OPPORTUNITY AND RISK
BLUF (Bottom Line Up Front)
- IoT is still at the “Peak of Inflated Expectations”, and marching full speed ahead
- The “Security of Things”, however, will be an afterthought, again
“The Venturesome Economy”
If I had told you in the early 1990s that an emerging technology was going to be the next best thing since sliced bread, that it would have the potential to dramatically reduce communication barrier, increase your productivity, and add a lot more digital fun to your life (whatever that means to you then), with the caveat being your personal/sensitive information (identity, bank account, etc.) may be easily stolen on this platform, and you may face significant monetary loss and or psychological stress therefore. Would you have approved the development and deployment of this technology?
Fast forward. It is bizarre today to imagine a world without the internet. And it is fair to speculate that, in 25 years, it will be just as strange for our kids to imagine a world without all physical things being connected. IoT, as it stands today, may just be the new best thing since sliced bread, especially considering its synergistic potential when combined with AI and blockchain. (And how many would bother to bring back the precautious, overly conservative security debate we are having today at that point? After all, I am one of those people that are grateful for the fact, venture capital has become a legitimate asset class, and a small group of risk takers among us is willing to put capital behind unproven value propositions with unknown risks, and eventually to push civilization forward.)
Venture Scanner, a startup research firm, released its Q2 report on IoT in July this year. According to its market intelligence, the numbers were spectacular in the most recent quarter [1]. The IoT sector has gathered a cool $55B in total funding (cumulative through June 2018), impressive for a young/emerging space. Security tech, a closely related space that has been around for longer, pales in comparison with a cumulative funding number of $23B [2]. Investors are literally voting with their dollars, betting on a bigger upside promised by the reach and implication of IoT technologies.
Admittedly, many investors are not even shy about the likely fact that many facets of IoT technologies are going through the peak of its hype cycle as we speak [3]. While a good majority also reckon there are unresolved security concerns looming around the corner, across all layers of IoT from raw material to decommissioned product [4]! It is indeed fascinating to witness — all of those risk factors cannot deter the venturesome (animal) spirit when there’s (appearance of) massive opportunities ahead. (And who can argue that was not the case for internet?)
- IoT displaces Big Data at the “Peak of Inflated Expectations.” Source: Gartner. [3]
Security: A Predictable Afterthought?
“Are you ok?”
I remember pulling my Jeep Cherokee into the driveway and being totally confused when greeted by my roommate’s concerned face.
(Yes, it is extra embarrassing to admit that I worked in the automotive industry back in 2015, making sensors that will contribute to the growing intelligence of modern automobiles, and I did not pay attention to the remote Jeep Cherokee hack [5] that would steal the headline for a long time to come.)
What happened next was not pretty (could make an interesting documentary one day though), 1.4 million Cherokees were recalled [5]. For the first time (though a blip in history only), the heat around IoT was cooled off and the Security of Things was on everyone’s mind. (“Boy, connectivity has outpaced security!”
The bigger question is, why is security always an afterthought?
An oldie but goodie by Larry Dignan sheds some light on this question [6]. Short-sightedness. Focus on topline growth first. Preference of ease and performance over security on the user side. All of the above contribute to the predictable oversight of security vulnerabilities.
And after all, one may argue that had we worried that much about the security issues (and negative unknown unknowns of the internet), we would never have made it where we are today.
My guess is we will charge full speed ahead here with IoT just like last time. (And make security catch up [7] and fight fires as they come up. Cannot observe the counterfactual. Hence cannot argue this is not the best way to make progress.)
Thoughts?
===
[1] IoT Q2 2018 funding highlight
https://www.slideshare.net/NathanPacer/iot-q2-2018-startup-highlights
[2] Security Tech Q1 2018 funding highlight
https://www.slideshare.net/NathanPacer/security-tech-q1-2018-startup-highlights
[3] IoT displaces Big Data at the “Peak of Inflated Expectations.” Source: Gartner.
https://www.upguard.com/blog/internet-of-things
[4] NXP IoT Security Brochure https://www.nxp.com/docs/en/supporting-information/IoT-Security-Broschure-Final.pdf
[5] Five Lessons Jeep Cherokee Hack
[6] Why is security usually an afterthought
https://www.zdnet.com/article/why-is-security-usually-an-afterthought/
[7] IoT Security Technologies
