Secure All The Things: AT&T, IBM, Others Form IoT Cybersecurity Alliance

Can the Internet of Things (IoT) shake its reputation of being a festering network of insecure devices? AT&T, IBM, Symantec, and other companies plan to find out with a new IoT Cybersecurity Alliance that will work together to "research and raise awareness of ways to better secure the IoT ecosystem."

IoT products have been implicated in security problems large and small. Several IP cameras have critical vulnerabilities that could allow someone to snoop on unsuspecting people, for example, or allow them to be infected with malware. Spying on a family through an internet-connected camera is problematic; using thousands of them to attack online infrastructure can be catastrophic. We've gone from "camera obscura" to "camera destruo."

That's just one category of IoT device. So many things are being connected to the internet, whether it's a Barbie doll or a mattress, that it's not hard to imagine a future in which basically everything is part of a network. Whether that sounds utopian or dystopian will depend on your own preferences, but either way it's a problem that manufacturers continually fail to secure these newly connected products before they release them to the masses.

This new IoT Cybersecurity Alliance wants to fix that. AT&T described the group's mission in its announcement:

  • Collaborate and research security challenges of IoT across verticals and use cases such as Connected Car, Industrial, Smart Cities and Healthcare. The IoT Cybersecurity Alliance will take use cases or business challenges in IoT cybersecurity to dissect and advance security concerns and identify ways to implement security across the value chain.
  • Dissect and solve for IoT security problems at every critical layer of security. These include the endpoint, connectivity, cloud, and data/application layers. This Alliance includes experts at each of these layers to help educate businesses and consumers on how to protect their connections.
  • Make security easy to access across the ecosystem. Security needs to exist across the value chain. Users will benefit from innovative IoT services and infrastructures that can withstand the ever-evolving threat landscape.
  • Influence security standards and policies. Using each group member’s leadership and expertise will raise awareness of cybersecurity. It will engage regularly with policymakers and other organizations. IoT offers tremendous benefits and efficiencies to businesses, but security concerns often prevent businesses from adopting these emerging technologies. IoT Cybersecurity Alliance members will help the industry maximize the advantages of IoT while educating about how to keep companies and consumers more secure.

Those efforts will complement other attempts to lock down IoT. The Electronic Privacy Information Center recently asked Congress to better regulate connected gadgets; Virginia Senator Mark Warner (D) asked the Federal Trade Commission, Federal Communications Commission, and Department of Homeland Security how they can help defend against IoT-powered cyberattacks; and Google made Android Things to handle security for manufacturers.

Each of those has a common goal: making sure consumers, businesses, and essentially anything else connected to the internet won't be endangered by insecure IoT products. This isn't a small problem. AT&T said it's seen "a 3,198% increase in attackers scanning for vulnerabilities in IoT devices" over the last three years. Having the IoT Cybersecurity Alliance--which also counts among its members Palo Alto Networks, Nokia, and Trustonic--can't hurt.

Create a new thread in the US News comments forum about this subject
This thread is closed for comments
2 comments
Comment from the forums
    Your comment
  • targetdrone
    First a Barbie doll mattress, or toilet have no business who so ever being connected to the Internet. NONE. ZERO reason.

    Second, Google can't ensure timely security updates for all android phones. The only way to get the latest security fixes is to buy a new phone with the latest version of Andoird.

    If the resources won't be invested to timely update $200+ smartphones there is no way resources will be spent to fix a $50 networked Coffee maker.
  • boosted1g
    Google can do timely security updates, its getting to the phone OEM and then the phone carrier that slows or ignories the update.

    Very true that no company cares about doing updates after they have your money. Once startup company gets you to buy their "smart home" gadget they in zero way care about your network security. In most cases the devices have to be designed to provide gapping holes into your network, this way the user can go on not even knowing the router has a configuraiton web page, let alone what any of it means.