The exciting thing about being in the technology industry is that every few years there’s a new area of huge innovation that seems to upset the established order, create previously unconceivable possibilities, and change life for the better.
In the 1990s and early-mid 2000s, it was the Web and connecting PCs and Macs to the global Internet (I still remember the first time I saw webpages from sites in Europe and how amazing that was). In the late 2000s and early 2010s it was the growth of mobile and cloud breaking the Internet away from just the Web on PCs and Macs and unlocking social networking and unprecedented sharing and connections among people as we have the Internet and resources everywhere. Now, as we are on the cusp of the mid 2010s, we’re starting to see the proverbial next big thing: the “Internet of Everything” (sometimes also called “the Internet of Things”).And while this promises to bring exciting new possibilities, our experiences from 25 years of working to protect users and their privacy tell us that innovation needs to be tempered with some forethought as well. Otherwise, we risk repeating the security and privacy mistakes that plagued the last two waves of innovation.
The common point in these three waves of innovation is the Internet. Those of us who remember life before it are like those of my grandparent’s generation who remember life before telephones or air travel was common: we can appreciate first-hand how significantly it changes everything. The Internet acts like a foundational layer under these ongoing waves of innovation. And while most people tend to focus on the advancements that these waves of innovation have brought or will bring, when we look at the Internet as a foundational element from a security and privacy point of view, we see that it brings one thing in particular to these waves of innovation. The Internet subjects the technologies attached to it to unprecedented and nearly inconceivable threats and risks. The scale and scope of damage that NIMDA and Blaster were able to cause on networks was nearly unthinkable in 1993. Few could really understand the way in which your mobile phone could be a rich target for your personal information from malware in 2001.
In both cases what happened is that technology was connected to the Internet and then the threats developed and evolved. And in many cases that technology was unable to meet those threats gracefully. Now we are on the cusp of another wave of innovation, another set of technologies will be connected to the Internet, and they will face new threats and risks.
Innovators are inherent optimists: it’s part of what drives them forward. They answer the question “what if” with a positive answer. They will answer the question “What if you could check your home security system from your phone?” with “You could make sure your cats are safe when you’re on vacation in Italy!” But unbalanced optimism is a weakness: it fails to see the malicious possibilities. Technology is value-neutral and can be used for good or bad. This is where security and privacy people like us come in with new technologies. We work to provide the additional balance so people understand the other, malicious possibilities. Our answer to the question will be “A burglar could compromise it and use it to figure out if you’re away and rob you if you are.” Both answers are right. And both answers are important.
In some places like Industrial Control Systems, the Internet of Everything is already emerging. Elsewhere, we’re seeing breakthroughs that can lead to exponential growth in this new direction. For instance, researchers in my hometown of Seattle may have just had a breakthrough that solves the power problem that makes networking some devices infeasible right now. Taken together, this means that the Internet of Everything is coming, fast.
Because of that, we here at Trend Micro are turning our attention to this new emerging area and bringing the classic security and privacy question to bear as we see these new capabilities: “what could possibly go wrong?” It’s a simple but important question that will guide our research because to protect against threats we first have to identify and understand them.
You can expect to see more research from us on this topic moving forward. We’ll be doing in-depth whitepapers and high-level blog posts. We’ll be participating in discussions with the innovators and our peers. Most of all, we’ll be looking at this question to help ensure that everyone reaps the positive benefits of the Internet of Everything without suffering first-hand the consequences of “what could possibly go wrong?”