Steve Rogerson looks at what security means for the fast-growing IoT industry.

I cannot remember the last time I opened my inbox when there wasn’t at least one – and often a lot more – press release about cyber security. What was once a fringe activity when it came to the internet has turned into a massive business.

But security threats are nothing new. Back in the day, when I had a standalone PC and its only interactions with the outside resulted from me putting in a floppy disc (remember those?), there was still a security threat. Creepy little viruses were spread around by naive users such as me loading pirated versions of games on my computer.

Today, the threats are a lot more sophisticated and the goals a lot more sinister than just causing chaos among computer geeks. The fast-growing IoT sector has not surprisingly become a target with so many connected devices often with little security. That said, methods to stop such bad actors – why are they called that? – are also a lot more sophisticated.

The problem is, as it always has been, that too many people do not take security as seriously as they should. I had an excuse in the early days in that we didn’t really know much about it when we were playing on our old machines. But we eventually went out and bought Dr Solomon or Norton anti-virus software and got back to giving ourselves repetitive strain injuries as we tried to position quickly those oddly shaped falling blocks.

Today, we are always connected and often through multiple devices both to the wider internet and local networks. And it is not just through our computers and smartphones. The IoT has created the possibility to connect everything, from small light sensors to autonomous trucks.

But that doesn’t matter, because everything is made properly these days. Security is prioritised and nobody is going to hack into streams of data going between small connected things. Hmm, think again.

Even I was a bit surprised during a recent online cyber-security conference organised by the IoT M2M Council (IMC) when Syed Zaeem Hosain, founder of Aeris Communications, said ninety per cent of IoT traffic was unencrypted, highlighted on a slide he said was deliberately designed to scare us.

That seems a lot but does it really matter if the data stream from a thermostat to my smartphone, telling me the temperature in my living room, is encrypted or has some form of security. Why would a hacker care and what could they do with the information anyway? The answer is access.

As Ellen Boehm, senior vice president at Keyfactor, pointed out at the same conference, the weakest device is the entry point into the network, whether that is a thermostat or a small unknown-brand camera.

Hosain added: “IoT is a place where the threat is growing and has been growing for many, many years.”

One of the problems he said was that IoT devices stayed out in the field for a long time and were subject to attacks that might not have been heard of when the device was made. Boehm agreed saying that it was not about security in the device when it was manufactured but about security when it goes out in the field where it may be protecting people and systems.

Devices thus need to be updated in the field. As Hosain said, we have to adapt to changes intelligently over time. Security also must not be an afterthought, as it was once and sadly sometimes still is, but something that is designed in from the start. Build with security in mind.

The automotive industry is one area where, after some high-profile hacks, security is being taken seriously especially as we move towards more vehicles connected to each other and to the infrastructure around them. But here too are problems as this involves the different car makers collaborating in a way that was once alien to their nature. As Boehm pointed out, this won’t work unless a Toyota can talk with a Tesla.

And if all this is not enough to worry about, it could, and most likely will, get worse. Quantum computing promises new threats, said Boehm, as it will be able to break the security algorithms we have today. We are preparing for that, she said, we are in the middle of that right now.

Hosain started off this seminar by saying he was deliberately trying to scare us. Boehn’s point about quantum computing finished it by really scaring us. Maybe I should dig my old PC out of the attic and take to playing Tetris again; life was a lot simpler in those days.