Should IoT security be regulated by industry or government?
August 24, 2015
After a day full of security presentations, the audience for "The Biggest Challenges Faced by Developers" panel at IoT Evolution Developers Conference...
After a day full of security presentations, the audience for “The Biggest Challenges Faced by Developers” panel at IoT Evolution Developers Conference wasn’t changing gears. Whether the questions posed to David Kleidermacher of Blackberry; Cisco’s Chuck Byers; Christian Legare, Micrium; and the Trusted Computing Group’s Stefan Thom focused on the hardware level, the cloud, or the communications channels in between, the general consensus was “if you’re not already heavily invested in security you’d better be, if for no other reason than that legal teams are going to require evidence at one point or another.”
Specifics of the various tiers of IoT security are better explained in previous blogs that recap sessions by Kleidermacher, Thom, and Alan Grau of Icon Labs, as well as an upcoming piece covering a presentation conducted by Red Hat’s James Kirkland. However, Byers probably best summed up the gloomy climate, saying, “the stakes could never be higher … short of implementing security measures there will eventually be data breaches that cause the loss of life or have other societal repercussions that could result in the government or the press getting involved in implementing standards. I don’t know about you, but I’d rather have control over my job than have the government telling me how to do it.” This was a sentiment echoed by the other panelists.
While industry is starting to get proactive developing minimum requirements and looking for ways to provide an ROI on security technology so it can remain contained within the private sector, the simple fact is that we’re not there yet. That said, is there a need for some measure of government-imposed security standards?
I’m interested in your take, as this is an issue that will affect us all, if it hasn’t already.