Even Congress Is Worried About Internet of Things Security

Source: Wikimedia and Piktochart

There is a discussion around the Internet of Things that started years ago as a muted murmur and is now growing into a loud uproar. At the core of it is the fact that in just five years, 50 billion devices and things that were never connected to the Internet will be.

And all of those devices need some level of security.

While the Internet of Things, or IoT, is mostly unknown to the majority of Americans, the U.S. government is quite focused on it. Last month, Federal Trade Commission Chairwoman Edith Ramirez said in her Consumer Electronics Show keynote:

In the not too distant future, many, if not most, aspects of our everyday lives will leave a digital trail. That data trove will contain a wealth of revealing information that, when patched together, will present a deeply personal and startlingly complete picture of each of us -- one that includes details about our financial circumstances, our health, our religious preferences, and our family and friends.

And just last week, the U.S. Senate held its first meeting on the Internet of Things with Senator Bill Nelson of Florida saying that IoT security issues are, "not the stuff of TV drama -- these are real threats not only to our nation's cybersecurity but also to our physical safety."

If that was not enough, Representatives Darrell Issa and Suzan DelBene recently formed a new Congressional Caucus on the Internet of Things to help their counterparts understand the pitfalls and potential of this tech trend.

This is not a case of Congress overreacting to something they do not understand but rather the U.S. government acknowledging that the IoT is far from secure.

The threat is real but so are the solutions
Last year, HP released a report showing that 70% of the top IoT home devices used unencrypted network services, and 80% of them had serious security problems.

Cryptographer and security expert Bruce Schneier told the Harvard Business Review last year that IoT security is essentially an afterthought -- "These are devices that are made cheaply with very low margins, and the companies that make them don't have the expertise to secure them."

But despite the current problems with Internet of Things security, there are tech companies taking this very seriously. 

Just last week, ARM Holdings (ARMH) purchased Dutch IoT security firm, Offspark. ARM says it will use the tech in its embedded software to offer security and cryptography for IoT device makers. Right now, Offspark tech is used in sensor modules, communication modules, and smartphones. ARM said it will keep the software open to developers who want to use it for commercial purposes.

Source: Intel

ARM rival, Intel (INTC 0.55%) is knee-deep in IoT security as well, and the vice president of its Internet of Things division, Doug Davis, spoke at the Congressional meeting. In prepared remarks, Davis told the Senate group, "We believe that security is the foundation of IoT, and it is fundamental to Intel's roadmap planning."

And the company is doing more than just talk. Back in December, Intel launched a new Internet of Things platform with Accenture, SAP, Dell, and others -- and baked security right into the software.

FTC headquarters. Source: Wikipedia

A touch of government intervention
But lapses in security and privacy are sure to plague IoT connections for some time. Just last week, it was revealed that Samsung smart TVs are listening to private conversations. The company warned users not to have sensitive conversations in front of the television as the recordings could be sent to third parties.

Clearly, the Internet of Things needs a bigger security push, and creepy, eavesdropping televisions are a prime example of companies failing miserably to protect consumers.

And that is why the FTC and Congress are starting conversations around the Internet of Things.

The FTC argued that it is still premature for Congress to set any legislation, and some congressional leaders are reluctant to do so as well. Senator John Thune of South Dakota had this to say on the matter:

Let's tread carefully and thoughtfully before we consider stepping in with a "government knows best" mentality that could halt innovation and growth. Let's treat the Internet of Things with the same light touch that has caused the Internet to be such a great American success story.

For now, it is up to ARM, Intel, and others to build the necessary security to make the IoT safe for consumers. While security in and of itself may not be a lucrative business, getting the technology right -- and grabbing an early foothold -- could be. IDC estimates the Internet of Things will be worth about $7 trillion by 2020, and Cisco Systems says revenue and savings from the Internet of Things will top $19 trillion by 2025.

With consumer privacy issues, massive revenues, and potential government regulation looming, it is clear tech companies do not have a choice but to take Internet of Things security seriously -- let's just hope they all do so very soon.