The Price of Security

The next big part of the IoT is security, and cost.  To illustrate what I mean, let’s go to Apple Inc for an example.  Apple currently sells IoT light bulbs.  A pack of 4 is over $100.  That is, to say the least, insane.  Why on earth would you pay so much for light bulbs?  Granted, it’s Apple.  They have a reputation for being overpriced.  But they don’t actually manufacture these bulbs.  Another company entirely makes them; Apple just sells them.  Maybe everything in the store is overpriced?  Perhaps, but it turns out there’s a very good reason that they’re so expensive.

You can buy an entire computer for less than $5.  With a minimum of knowledge and reasonable Google skills, you can program this computer to turn on a light, or a thermostat, or open a garage door, or just about anything else.  Surely if one can buy a computer for so little then big companies can get bulk discounts and make specialized versions for just a few dollars.  Well, they can, but there is a major problem with this strategy.  The whole point of a device being on the Internet of Things is that it is on the Internet.  Meaning that anyone looking can connect to it.  Meaning that anyone anywhere in the world with a ten year old laptop and a decent internet connection can do things like open and close your garage door at will.  They can also hijack the device and use it to attack other things entirely, concealing their own involvement in crimes.  If you have a security camera then you can be spied upon.  A car and it can be crashed.  Clearly, security is a major concern.  This directly impacts price.

Normally, when a new product comes to market, it’s expensive, then the price drops quickly.  This is especially true with computers.  Moore’s law guarantees that a given amount of computer power will roughly half in price every two years or so.  So shouldn’t IoT devices get cheap pretty quickly?  Not so much.  Because if you are using old, inexpensive equipment then it will be necessarily less powerful than newer devices, which means that your equipment will not be able to be secured against attackers using newer, more powerful computers.  You always need to have up to date equipment in order to secure yourself against criminals.  Meaning that you will miss the benefits of Moore’s law.  So IoT light bulbs will always be a lot more expensive than regular bulbs, unless you don’t care about security in the slightest.  I don’t recommend that.

This same kind of a thing happened with computers in general.  The first computers had no security to speak of.  Even the first Internet connected computers were wide open to anyone who cared to use them.  It was only after a number of security breaches did people begin to invent and use things like firewalls, virus scanners, and security updates.  This was ok for what computers were.  If a bank’s computers were breached, well, they would shut them off for a day or two while they patched the breach, and any money stolen would be reiumbursed by the government.  An inconvenience, at best.  But if people die as the result of IoT breaches, how tolerant will we be of that?  So far no car has been crashed by malicious hackers, but it is entirely possible that they could be.  How will we respond when that happens?  I honestly don’t know.

We accept a certain level of risk in order to get the benefits of living in the modern world.  What risk will we accept with the Internet of Things?  This is largely uncharted territory.  I have no idea what will happen, but I wouldn’t be surprised in the slightest if we saw a large backlash the first few times people died as the result of hackers.  


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s