Intellifridge terror: Internet of Stuff kit must fend off hackers of the FU-TURE-TURE-TURE

Internet of Stuff gadgets need to have security with a 10-year lifespan if they are to offer any kind of decent protection to people and national infrastructures, according to a new report.

Beancounters at Beecham Research have been the latest to warn that the much-vaunted Internet of Things is going to run into security issues, saying that right now, there are insufficient measures in place.

“While we may have some visibility of potential attacks over a few months, we need to protect IoT devices in the field for ten years or longer,” said Professor Jon Howes, tech director at Beecham.

“Devices must be securely managed over their entire lifecycle, to be reset if needed and to enable remote remediation to rebuild and extend security capabilities over time.”

Ever since the phrase Internet of Things started being bandied about the tech industry, it’s been accompanied by dire warnings of what having hackable cars, fridges and central heating systems could do to folks, and Beecham has the same message.

“We have all become familiar with computer malware but the impact of equivalent IoT attacks could be to turn off a heating system in the middle of winter or take control of other critical IoT systems, which could be potentially life threatening,” Howes said.

The study said that some work was already been done to secure IoT by industry groups, such as the AllSeen Alliance and the Open Interconnect Consortium. Yet government organisations such as the US Department of Homeland Security and the UK’s Centre for the Protection of National Infrastructure were demanding more.

Haydn Povey, a technical associate and former Director of Secure Products at ARM Holdings, said that IoT gadgets at least had to be ready for the future threats outlined in the “20 Critical Security Controls” developed by the Council for Cybersecurity for regular IT projects.

“There is an urgent need to deliver cost effective solutions that enable robust security but also to retain the flexibility to deliver real benefits in the face of expected threats. This requires well-architected and interoperable frameworks across vendors and technologies, integrated at an IP and silicon level to enable the evolution of security services the whole industry can leverage.” ®