The Internet of Things may soon encompass everything from a Wi-Fi-enabled Happy Meal toy to unsecured devices installed in critical infrastructure—and security pros must prioritize accordingly. That was the consensus of speakers at a Wednesday panel at the 2015 RSA Conference titled, the “Internet of Things: Revolutionary, Evolutionary or Fad?”
To flesh out the debate, moderator James Lewis of the Center for Strategic and International Studies assigned each speaker to role-play as advocates for each position. Afterward, they agreed that the key to distinguish between an IP-enabled household appliance and network-enabled equipment in industrial settings without regard to security. Often, people “have no idea that they have just opened up critical functionality to the Net,” said Jeffrey Greene, Symantec’s director of government affairs.
For now, the risks associated with IoT are less to critical infrastructure than to the continued diminution of privacy, said Sameer Bhalotra, a former Capitol Hill staffer currently at work on a startup. Encryption, seen as exotic not long ago, now comes standard for node-to-node links on wireless networks, Bhalotra pointed out.
Victoria Yan Pillitteri, advisor for information system security at the National Institute of Standards and Technology, made a similar observation, adding that the industry and consumers alike must understand the value of the data generated at IoT.
“We need to have a risk based approach of looking at privacy,” Pillitteri said.