Can the Internet of Things (IoT) shake its reputation of being a festering network of insecure devices? AT&T, IBM, Symantec, and other companies plan to find out with a new IoT Cybersecurity Alliance that will work together to "research and raise awareness of ways to better secure the IoT ecosystem."
IoT products have been implicated in security problems large and small. Several IP cameras have critical vulnerabilities that could allow someone to snoop on unsuspecting people, for example, or allow them to be infected with malware. Spying on a family through an internet-connected camera is problematic; using thousands of them to attack online infrastructure can be catastrophic. We've gone from "camera obscura" to "camera destruo."
That's just one category of IoT device. So many things are being connected to the internet, whether it's a Barbie doll or a mattress, that it's not hard to imagine a future in which basically everything is part of a network. Whether that sounds utopian or dystopian will depend on your own preferences, but either way it's a problem that manufacturers continually fail to secure these newly connected products before they release them to the masses.
This new IoT Cybersecurity Alliance wants to fix that. AT&T described the group's mission in its announcement (opens in new tab):
Collaborate and research security challenges of IoT across verticals and use cases such as Connected Car, Industrial, Smart Cities and Healthcare. The IoT Cybersecurity Alliance will take use cases or business challenges in IoT cybersecurity to dissect and advance security concerns and identify ways to implement security across the value chain.Dissect and solve for IoT security problems at every critical layer of security. These include the endpoint, connectivity, cloud, and data/application layers. This Alliance includes experts at each of these layers to help educate businesses and consumers on how to protect their connections.Make security easy to access across the ecosystem. Security needs to exist across the value chain. Users will benefit from innovative IoT services and infrastructures that can withstand the ever-evolving threat landscape.Influence security standards and policies. Using each group member’s leadership and expertise will raise awareness of cybersecurity. It will engage regularly with policymakers and other organizations. IoT offers tremendous benefits and efficiencies to businesses, but security concerns often prevent businesses from adopting these emerging technologies. IoT Cybersecurity Alliance members will help the industry maximize the advantages of IoT while educating about how to keep companies and consumers more secure.
Those efforts will complement other attempts to lock down IoT. The Electronic Privacy Information Center recently asked Congress to better regulate connected gadgets; Virginia Senator Mark Warner (D) asked the Federal Trade Commission, Federal Communications Commission, and Department of Homeland Security how they can help defend against IoT-powered cyberattacks; and Google made Android Things to handle security for manufacturers.
Each of those has a common goal: making sure consumers, businesses, and essentially anything else connected to the internet won't be endangered by insecure IoT products. This isn't a small problem. AT&T said it's seen "a 3,198% increase in attackers scanning for vulnerabilities in IoT devices" over the last three years. Having the IoT Cybersecurity Alliance--which also counts among its members Palo Alto Networks, Nokia, and Trustonic--can't hurt.