::: nBlog :::
When discussing Spimes and the Internet-of-Things with a customer, partner or journalist, cybersecurity usually comes up within two to five minutes. There are now even conferences dedicated to IoT security. IoT auditing firms are also popping up.
Some four years ago while presenting our first production Smart Home implementation Adjutantti with Fortum and ABB, I carelessly replied to a journalist something like ‘security is important and built in to our architecture.’ I then quickly continued with describing the improved quality of life, energy efficiency and sustainability. The result? ‘Hurri does not take cybersecurity seriously’ was the analysis in the next day’s paper. Well, I’ve learned the journo-talk better since.
Cybersecurity is a fashionable topic, and fear sells. The issue is that most of the currently used analogues, such as ‘firewalls’, ‘gateways’ or ‘intrusion detection systems’ are outdated and flawed. Security does not magically appear when you add more boxes, or install some well-branded software into your environment.
After a few botnets exploited connected washing machines, media players and other consumer grade electronics this year, even some researchers suggested non-connectivity as a solution. I find this Luddite approach very counterproductive, as it merely hides bad designs and throws the responsibility towards the user instead of the designers and engineers.
In BaseN philosophy, security is a multi-layered, continuously evolving process that touches every piece of our platform. One of the fundamental principles is the assumption that we’re always under attack, meaning that vulnerabilities must be analyzed and fixed in real time. Even more importantly, every transaction is recorded and verified, so that new types of attacks and anomalies can be detected and mitigated.
With the advent of more and more efficient wireless technologies utilizing software-defined hardware, connectivity can’t really be avoided. Soon from now most equipment will contain general purpose hardware that can easily be reprogrammed to operate e.g. as WiFi, Bluetooth or 4G radio.
We must update our thinking, and analogues, to match the Spime world. There will always be crime, espionage and acts of war – they just now happen globally and digitally. Therefore we as the creators of next-generation systems must embrace a new kind of responsibility for our products and services, spanning over their entire lifecycle. With Spimes, product and service liability might be perpetual.