Toward a Safe and Secure Internet of Things

Policy Paper
June 7, 2016

About 540 million years ago, our planet saw a sudden and major diversification of organisms, with a vast number of species suddenly appearing in the fossil record. Paleontologists call this event the “Cambrian explosion.” The computing world is currently experiencing its own version of the Cambrian explosion. Two decades ago, computers were primarily large beige boxes that came with a monitor, keyboard, and mouse. Today, computers come as smartphones, tablets, glasses, cars, watches, clothes, fitness trackers, health monitoring devices, parking meters, electronic locks, smart mirrors, drones, and more.

This Internet of Things (IoT) represents the third wave of computing. The first wave focused on computation, making the basics of computing work. The second wave centered on networking, connecting all of these computers together in a global network. The third wave, of which we are in the early stages, looks at making computers part of the physical world in which we live. Computation and communication are being embedded into everyday objects. These computers can also use different kinds of sensors—such as accelerometers, cameras, microphones, GPS, heart rate sensors, and more—to perceive the physical world. In some cases, they can even interact with the physical world, by automatically changing the heating and lighting in an office building to balance comfort and energy usage, adjusting orders based on realtime inventory to keep supply chains smooth, or modifying the shape of smart hospital beds to apply proper support to patients who may be resting or trying to get up.

Gartner estimates that there will be over 20 billion connected IoT devices by 2020. Cisco predicts the global Internet of Things market will be $14.4 trillion by 2022. The vision of IoT is rapidly becoming a reality due to advances in processors, sensing, displays, storage, wireless networking, and battery life. IoT also offers tremendous opportunities for education, energy, healthcare, transportation, and more. 

However, these same technologies pose many new and daunting challenges for cybersecurity. What happens if an attacker compromises a self-driving car? How can we prevent people from snooping on implanted medical devices? We can barely manage the security of the laptops, corporate networks, and cloud infrastructure we have today. How can we protect the billions of smart toys, smart appliances, and smart buildings of tomorrow?