Risk and the Internet of Things must not be left unmanaged. It is a real threat, and the consequences can certainly be severe. Fortunately, work is underway in the area of managing risk for this growing dynamic; I call it “RIOT Control” as a concise way to explain the complex topic of information security for IoT.
RIOT needs to be designed within small home networks, and of course to the largest global carriers. Today, threat intelligence is mostly based on observation, and through sharing this data, appropriate actions can be taken. This can mean blocking, limiting resources, or limiting access. McAfee provides Global Threat Intelligence with our solutions to provide this data, so policies can be enforced to stop known malicious activities and those identified by reputation. But when there is an estimated 24 billion IoT devices projected in 2020 by Machina Research, this may not scale very well. For some interesting ideas about how IPv6 can be coupled with threat intelligence within the network packets themselves to make the IoT a safer place, check out this Internet Engineering Task Force draft about “packet staining” that’s in progress.
McAfee is also participating in the development of international standards related to the IoT. OneM2M is a collaboration between several associations to ensure the most efficient deployment of M2M communication systems with the goal of global functionality. McAfee is a contributor to this effort in the definition of IoT requirements to ensure security and risk across global boundaries. The International Standards Organization (ISO), famous for defining a wide range of management (versus technical) standards, especially in the security and risk management domains with the ISO 27xxx series of standards used around the world, has initiated a special working group to address IoT that McAfee will contribute to. The objective is to address the rising importance of IoT in the broader Information and Communications Technology (ICT) sector.
IoT will be a crossover issue that encompasses consumer, business, telco\carrier, and device and system manufacturers, and addressing the Risk of Internet of Things (RIOT) will require the collaboration of all of these entities. We must all look at how to be prepared for the future without compromising security and safety.