Anything connected to the Internet can be hacked. With the Internet of Things (IoT), everything is being connected to the Internet. Therefore, everything will eventually become hackable. This is how Bruce Schneier starts his newest book, Click Here to Kill Everybody: Security and Survival in a Hyber-connected World. As he puts it, everything is, or will be, a computer. A car is a computer on wheels, a plane is a computer in the air, a smartphone is a computer that makes phone calls, a fridge is a computer that regulates temperature.
The market for the Internet of Things is booming. The research firm Gartner recently issued a statement that approximately 8 billion IoT devices are already circulating and in use. By 2020, that market could rise to 20.4 billion. Networking giant Cisco estimates that the number of connected devices worldwide will rise to 50 billion by 2020. Intel estimates higher numbers claiming that over 200 billion devices will be connected by then.
According to Schneier,
The explosion of IoT devices means more software, more lines of code, and even more bugs and vulnerabilities. Keeping IoT devices cheap means less-skilled programmers, sloppier software development processes, and more code reuse—and hence a greater impact from a single vulnerability if it is widely replicated.
The consensus amongst researchers, developers, technologists, and policymakers is that the IoT creates a significant risk to privacy and cybersecurity. This risk could lead to physical harm. As Schneier posits, the IoT has the potential to result in more hacks that will inevitably cause physical injury.
We have already seen a class of 220,000 people sue Jeep after hackers remotely deactivated the brakes of a moving vehicle. To see a YouTube video of hackers slowly shutting down the SUV, click here. There might be a day when someone hacks into every car of a certain brand that leads to mass hysteria, recalls, and physical harm. And with the promise of autonomous vehicles (computers on wheels transporting people) such an event is on the horizon.
At some point, hopefully in the near future, the legislature and regulators will enact rules and laws to regulate the development and manufacture of IoT devices. Until then, attorneys and the court system may have to deal with these issues first (the Jeep lawsuit is a prime example).
Innovation despite litigation
We do not want the fear of disastrous events and litigation to stifle innovation in the areas of interconnected devices and the IoT. Remember, the Internet and connected devices have already changed society for the better, e.g., email, e-commerce, universal access to information. With the IoT, interconnected devices already help to manage the energy grid, traffic, logistics and manufacturing. It has the promise of changing advertising and consumer spending. The coffeemaker will tell you when it is running low, suggest your favorite coffee brand, and then order it online.
Many other aspects of life will benefit through IoT devices. The wearable device tracking your vital signs can send a 911 alert to law enforcement or a hospital in the event of an emergency. The smart home, in theory, should lower utility costs.
The IoT has the promise to promote the most effective and efficient use of scarce resources. In other words, the benefits of the IoT should outweigh the risks.
If only we could manage the risks by implementing reasonable cybersecurity and regulatory standards, then like everything in life, we can live with the risks (driving a car is risky, but we have learned to manage the risk).
As I mentioned before, attorneys and courts will tackle many of the harmful aspects of the IoT before the legislature and regulators catch up. Like so many other industries -- automotive, pharmaceutical, healthcare, environmental -- it's not until attorneys start suing developers and manufacturers, and juries render multi-million dollar verdicts against corporations, that security and safety become a priority in the IoT.