This article is published in the March 2017 issue.

CCC White Paper- Safety, Security, and Privacy Threats Posed by Accelerating Trends in the Internet of Things

The Internet cartoon Joy of Tech’s interpretation of the future of IoT

CCC Executive Council Member Ben Zorn from Microsoft Research contributed to this post. 

The Internet of Things (IoT) is already transforming industries, cities, and homes. The economic value of this transformation across all industries is estimated to be trillions of dollars and the societal impact on energy efficiency, health, and productivity are enormous. Alongside potential benefits of interconnected smart devices comes increased risk and potential for abuse when sensing and intelligence is embedded into every device. A major challenge of having a proliferation of IoT devices is the increased complexity that is required to operate them safely and securely. This increased complexity creates new safety, security, privacy, and usability challenges far beyond the known challenges securing a single device.

The Computing Community Consortium (CCC) Computing in the Physical World Task Force recently published a white paper on Safety, Security, and Privacy Threats Posted by Accelerating Trends in the Internet of Things. The co-authors include Kevin Fu from University of Michigan, Tadayoshi Kohno from University of Washington, Daniel Lopresti from Lehigh University, Elizabeth Mynatt from Georgia Tech, Klara Nahrstedt from University of Illinois at Urbana–Champaign, Shwetak Patel from University of Washington, Debra Richardson from University of California–Irvine, and Ben Zorn from Microsoft Research.

In the report, the authors highlight some of the new challenges created by smart devices and collections of devices and they argue that issues related to security, physical safety, privacy, and usability are tightly interconnected. Research is needed in helping manage complexity and that connects usability concerns with safety, security, and privacy. More comprehensive safety and security standards for individual devices based on existing technology are needed. Likewise, research that determines the best way for individuals, small businesses, and small organizations to confidently manage collections of devices must guide the future deployments of such systems.

Their broad conclusions include:

  • Problems of security, privacy and usability cannot be considered separately – they need to be considered together and federal investments should prioritize solutions that focus on augmenting a person’s ability to understand and manage complex systems.
  • The potential for risks to physical safety requires that new minimum levels of cybersecurity assurance be defined and required for widespread device deployment.
  • Milestones must be established for determining the level of analysis and testing required for smart device products (akin to EPA emission requirements). Specifically improve:
    • The transparency of the software the devices are running for inspection and analysis
    • The level of testing and analysis required for certification
    • The level of hardening of the critical components (crypto, secure communication, secure update channels)

Technology is rapidly evolving and having enormous impact on society with sensing and intelligence starting to be embedded in every device. The advances bring significant benefits to people, companies, and organizations, but until the technology is better understood, there are also associated risks. Changes are happening with such speed that the level of risk and uncertainty remains high . Investment in research that helps mitigate potential problems should be prioritized because short-term improvements can have long-term benefits. The potential benefit to human lives, our national interests, and the economy is sufficient to warrant substantial research investments in making future IoT technology as robust as possible.

See the full report to learn more and the CCC Computing in the Physical World Task Force page to see other IoT white papers that have been published.