IoT + Security, Piracy, and Privacy = It’s Solvable

Getting IoT Ready For Future Versions 2.0, 3.0, and More

 By IoTComplete’s Jimmy Schaeffler

(September 1, 2014; Carmel-by-the-Sea, CA)

A fairly thorough review of much literature available today about challenges affecting the Internet of Things (IoT), makes clear that a better appreciation of and a better response to protecting the network — and its users! — is critical.

That said, it is merely the humble opinion of this author, that we conclude…this is very solvable.

Security Backgrounder

For background, Jimmy Schaeffler has significant history and experience delving into matters of content security, and network protection.

Jimmy Schaeffler and his firm The Carmel Group also have a deep history of involvement in studies of content-related security matters, especially white papers and similar studies, and most intensively as lead expert witness in the California federal court case of EchoStar vs. NDS, and the case of Videotron vs. Bell ExpressVu in Canada.

The Elements of Security

True knowledge of content security points early to the fact that the success or failure of piracy mitigation and elimination efforts is largely a measure of controlling the flow of money to and from the “hackers,” or pirates, themselves. That dynamic has not changed since the 1990s and the early days of the GI VideoCypher encryption process.

Thus, from the days of early Direct Broadcast Satellites (DBS), lessons surface whereby strong security required that regularly funding and regularly switching out smart cards was required in order to make piracy uneconomical for millions of would-be pirates.

It is important also to note that different businesses need different levels of protection. For example, personal security protection for an Internet-connected pill bottle cap (that reminds one to take his/her pills) will vary greatly from that of a Machine-to-Machine (M2M) security protection in a nuclear power plant.

Yet that said, one ready solution is seen in cheaper and more readily-available memory and processing (or “brains”), such that security can be built into even the less critical infrastructures, at multiple levels, meaning there are multiple “security checks” at various processing points in any IoT unit. An example would be the safety restraints in a vehicle, relying not just on one security unit for the entire vehicle or an entire subsystem, but instead relying on multiple “brains” down or up the line, meaning if one fails, there are always others to back it up. In short, IoT engineers need to back up each end device, so that the security lapse can never spread further into the value chain.

Next Steps

Traditionally, one of the better ways to move infrastructure and ideas forward is to create a trade group, which in turn has the capacity to bring competitive factions together, and ideally they then, together, create new standards, based upon longer term common interests.

Failing this intra-industry, more volunteer-like method, governments rarely become involved to set things like new security standards. This, obviously, is a far less preferable direction than that done alone by the industry members themselves.

Conclusions

Without security that minimizes piracy, you can never have privacy.

And even for today’s digital generation, who clearly have not yet learned to cherish their privacy in the way that their parents and grandparents do, a reasonable sum of piracy will become more and more important as every generation ages. That is to say, lest there be doubt: we need less piracy, and we need more privacy.

Better security can be had, we just need to keep thinking about it, keep acting on it, keep funding it, and keep building it. That sum of evil in human kind is there to stay, the hackers are not going away, and the only way to truly thwart them is to put in place security protections, which include education, technology, and penalties/incentives.

Jimmy Schaeffler has harnessed his expertise and professional forces to fully light the burgeoning worlds of IoT & M2M. By focusing on the professional consideration of news, opinion, research, and concrete tactics and strategies, his aim is to provide a top-level, one-stop resource for publication, consulting, conference and speaking needs. The IoTComplete.com business is designed toward helping companies, governments and institutions grapple with the new realities and planning necessary to thrive in the IoT & M2M era faced by every person and entity globally. Visit www.IoTComplete.com for contact and more details.