What is the biggest barrier to the adoption of the Internet of Things (IoT) systems? Hands down – it is security. A new collaborative initiative among industry players and academia - the Internet of Things Security Foundation (IoTSF) - is set to publically launch on September 23. The initiative will focus on increased concerns over security in the IoT and strive for “security excellence in IoT applications.”
While more details about the initiative’s program won’t be shared until the launch date, the driver behind the initiative came about in part at an IoT Security Summit held earlier this year. The initiative will be vendor-neutral, global and collaborative, and is already backed by more than 30 organizations, including global brands and academic institutions, according to the IoTSF.
“The opportunity for IoT is staggering. There are a great many possibilities for businesses in all sectors including manufacturing, transport, health, home, consumer and public services. However, there are ever-real security challenges that accompany those opportunities,” said John Moor, representing the IoTSF, in a statement. “It is vital to the adoption of existing and new systems that security is addressed from the start, that it is fit for purpose and it can be managed over the lifecycle of the system. Our intention is simple – drive excellence in IoT security. By creating a dedicated focus on security, IoTSF aims to be the home for providers, adopters and beneficiaries of IoT products and services.
“Given the nature of IoT systems, this can only be done by working internationally and with others,” he continued. “We will therefore be inviting organizations throughout the IoT ecosystem, who have a commitment to secure products and services, to join IoTSF. We also intend to work with colleagues in other IoT alliances and the standards bodies, so we can effectively achieve our common goals.”
Industry analysts agree that one of the biggest challenges in the IoT space, is security, along with related privacy issues, when it comes to smart home and IoT device users. Which is why many institutes and organizations are working on standards for privacy policies for sharing data over the Internet.
Admittedly, semiconductor companies have made great strides in developing security protocols and technologies. Look at Intel’s Enhanced Privacy ID (Intel EPID) identity technology with more than 1.1 billion EPID certificates deployed. The company recently announced that both Atmel and Microchip are collaborating with Intel on security for the IoT. Both companies are adopting Intel’s EPID identity technology to help improve interoperability in securing IoT solutions, said Intel.
There are also security partnerships. For example, IBM’s partnership with Texas Instruments (TI) was formed “to develop a secure, cloud-hosted provisioning and lifecycle management service for IoT devices.”
That’s not to say there isn’t open security work going on in the industry. Last year, technology leaders, including Atmel, Broadcom, Dell, Intel, Samsung, and Wind River, formed the Open Interconnect Consortium (OIC) to develop an open and secure connectivity framework for the IoT to ensure the interoperability of devices.
In addition, the AllSeen Alliance, a cross-industry nonprofit open source consortium, has about 170 members, at the last count. A few months ago, the alliance announced its fourth major code release for the AllJoyn open source code - AllJoyn 15.04 - with “higher performance, extended scalability and enhanced security features.”
Semiconductor companies have a big play in the IoT. The semiconductor industry expects the IoT to be one of the three biggest growth drivers in upcoming years, according to a joint study conducted by McKinsey & Company and the Global Semiconductor Alliance. The report finds that the IoT industry is set to grow quickly in the long term.
However, the study, again, found that one of the biggest challenges, according to survey respondents, is using available technology to implement end-to-end security solutions for the entire IoT stack—cloud, servers, and devices. Interestingly, they also said they would not get the full value of the IoT if they only focused on silicon. They also need to look at software, security, and systems integration.
The IoTSF said: “As more and more devices are being attached to the Internet, for a multitude of reasons, the potential attack surface and corresponding security threat increases dramatically. Adversaries with wide-ranging motivations have an ever-rich target where security gaps, sometimes caused by a basic lack of knowledge, are being exposed on a daily basis.”
Do you think the new initiative will be a major step forward in IoT security? Please leave a comment or email me at firstname.lastname@example.org.