Last week’s international political news was a dramatic reminder of how inextricably linked technology progress (in this case, 5G infrastructure) and high-stakes global intrigue and even warfare have become.
The speed-up in deployment of 5G networks in the US and worldwide can both dramatically increase the IoT’s benefits (with reduced latency we’ll get a significant increase in the volume of rich, near-real-time data, allowing autonomous vehicles and other hard-to-imagine advances) but also the dangers (the possibility of China, Russia or someone else launching a cyber attack through a “back door” that could cripple our critical infrastructure). That puts the IoT right in the middle of a very tense global diplomatic and technical battle, with the outcome potentially having a big impact on the IoT’s near-term growth.
The US government’s indictment of Huawei (coming on the heels of an as-yet un-corroborated Bloomberg story that Huawei had planted chips in Apple and Amazon devices that would allow “back-door” attacks not just on the devices but on overall networks) plus a little-noticed story about yet another Chinese manufacturer of cheap IoT devices that could let a bad actor install malware in its firmware are just the latest reminders that IoT privacy and security must be designed in from the beginning, using what the EU calls “privacy by design.”
Don’t forget that we’ve already had a very real preview of exactly how dangerous this can be: the 2016 DDoS attack on Internet infrastructure company Dyn that used IoS devices with inadequate protections as its the Trojan horses to launch the attack. Much of the Internet was crippled for several hours.
It also means, as I wrote in The Future Is Smart and elsewhere that it’s not enough to design in privacy protections into your own products and services: if the public and companies lose confidence in the IoT because of an attack aimed at anyone, even the irresponsible companies that don’t worry about security, I learned during my years doing corporate crisis management that there’s an irrational but nonetheless compelling guilt-by-association phenomenon that can destroy confidence in all IoT. Is that fair? No, but that doesn’t mean it’s any less of a reality. That’s why it’s critical that you take an active role in both supporting enlightened federal policy on both 5G infrastructure and IoT regulation, especially privacy and security regulations that are performance-based, rather than descriptive (which might restrict innovation), as well as joining industry organizations working on the privacy and security issues, such as the IMC, Internet of Things Association, and IMC.
In The Future Is Smart I wrote that, counterintuitively, privacy and security can’t be bolted on after you’ve done the sexy part of designing cool new features for your IoT device or service. This news makes that even more the case. What’s required is a mind-set in which you think of privacy and security from the very beginning and then visualize the process after its initial sale as cyclical and never-ending: you must constantly monitor emerging threats and then upgrade firmware and software protections.