These IoT security predictions are based on our experiences throughout the past year, as well as our observations of consumer behavior and the IoT marketplace in general. While there are some clear trends that we predict will gather momentum, the future of IoT security has some uncertainties that are also discussed below.
New, Unexpected Things in the Internet of Things Will Increase Security Breaches
There will be more and more things connected in the Internet of Things. While this is hardly a surprise, the key is that many of these newly-connected things will be devices we have not thought of connecting before. Product managers in nearly every major consumer and industrial market are realizing the competitive advantages of sensing, locating and controlling devices via the IoT. This will lead to some truly innovative and game-changing IoT-enabled devices and services – and some that will flop as well.
However, security breaches will multiply along with smart devices because security remains an afterthought for many manufacturers. Fallout from breaches, including revenue loss and consumer backlash, will move security to the top of the priority list. Manufacturers will be driven to incorporate effective authentication and data protection into their devices without making them more complicated and expensive.
IoT Will Be a Fact of Life – and Pose Increased Risks for Homeowners
We will move from early adopters to a more mainstream acceptance of connected devices in the home. It will no longer be a novelty to have a connected household where, for example, residents use Amazon Dash buttons to easily re-order products, or use a single voice-activated device to control the lights, locks, and kitchen appliances. Many manufacturers at January’s Consumer Electronics Show (CES) demonstrated appliances with Amazon Alexa and Google Assistant built directly into their interfaces.
While these connected devices will provide homeowners with many conveniences, they will also pose increased risks. A single breach of an inadequately secured device could have devastating consequences for an entire structure. For example, a bad actor could hack into household appliances and heat the oven or turn on the refrigerator’s water dispenser, creating the risk of fire or flood. Manufacturers that fail to address these security risks before a high-profile breach occurs will likely experience their own devastating consequences in due time.
IoT Security Standards Will Emerge
The need for securing IoT devices will grow, but what’s uncertain at this time is who will ultimately be responsible for securing them, and how security will be deployed and managed. Even a relatively simple product like a smart light bulb has a long supply chain that includes a chipmaker and a software vendor. As of yet, there is no industry consensus about which entity will be responsible for security. We predict that some standards will emerge, but the issue will be far from settled.
IoT Product Developers Will Increase Their Focus on Security
We predict that product developers will sharpen their focus on device security. In 2016, we saw increased interest in our security solutions from developers of products like sensors, door locks, and other IoT-connected devices. Many developers are realizing that legacy products with insufficient or no built-in security need to be redesigned. Where feasible, in-the-field updates will be made available to add security features.
Quantum-resistant Cryptography Goes from “Nice to Have” to “Must Have” Status
The National Security Agency has publicly stated that impending quantum computing-based attacks will break existing security protocols like RSA and ECC. Quantum computers capable of executing these attacks are expected to be available in 10 to 15 years, though governments and some large institutions may acquire them sooner. Hence, manufacturers of products with extended lives in the field like airplanes, cars, HVAC systems, and traffic lights will show growing interest in securing them with quantum-resistant methods. IoT product developers will increasingly pursue quantum-resistant security solutions like those from SecureRF to ensure that their long-lived IoT devices will be secure today as well as in the not-so-distant future when quantum attacks become feasible.
Chip manufacturers are also showing heightened interest in quantum-resistant security methods for low-resource devices because current cryptographic protocols like ECC, used in many chip families, are vulnerable to quantum attacks. We predict more and more chipmakers will seek quantum-resistant security solutions for fear of losing sales to competitors that make such protocols available for use in their products.
There Will be a New Focus on Educating Consumers About IoT Security
The PC industry has long been educating consumers on how to secure their computers. A similar effort by IoT industry stakeholders to educate the public on securing smart devices will gather steam. This effort will occur on a larger scale than it has for computers, as IoT products are more numerous, used by more people, and require little or no technical literacy to operate. As part of this effort we expect that user manuals will provide more information on security.
In addition, major retailers like Home Depot may start offering classes on securing smart devices such as thermostats and door locks, just like they offer classes on installing floor tiles. It’s also likely that retailers and consumer brands will highlight IoT security as a product feature, creating preference in the market for devices that are labeled hacker-resistant.
In addition to these predictions, we are certain that there will be a host of other IoT security developments in areas including device/software upgradability, password management services, multi-factor authentication, and government rules and regulations.