- Thierry Spanjaard
Is fear the best IoT driver?
During Smart Security Week, earlier this week, many speeches focused on the IoT Security topic. However, most of the presentations still revolve around the same old model:
IoT is booming,
Attacks increase in size and damages,
Security is lagging,
Here is my security solution,
If my security solution is not adopted fast enough, then chaos will be inevitable,
Adopt my solution!
This is just the latest implementation of the old FUD communication strategy, originally designed by IBM in the past century. The idea was to instill Fear, Uncertainty and Doubt in the mind of IBM prospects if they decided not to choose IBM solutions.
The issue with this rhetoric is that it no longer convinces anyone in the secure transactions industry. We all have been accustomed to the same techniques for selling security as for selling insurance: using only negative and frightening arguments. Unfortunately, human brains do not process efficiently negative statements, making these methods generally ineffective.
In addition, many of these presentations focus on a single aspect of the issue. Some praise specific chipsets, TLS, SSL protocol, SIM chips, obfuscation, white box cryptography, TEE (Trusted Execution Environment), eSE (Embedded Secure Elemnt), strong authentication, device and application authentication, Group Theoretic Cryptography, PUF (physically unclonable function), Verifiable Identity-Based Encryption (VIBE), and more ….
Standardization remains an issue, as the industry is currently more suffering from too many standard attempts than from a lack of standardization.
At the end of the day, the only common recommendation is to follow the three established basic security principles: end-to-end security, security by design and privacy by design.
Only if the industry is able to unite and implement these basic principles, IoT Security will become an opportunity for each of us. What is at stake is a EUR 21.5 billion revenue for the secure transactions industry generated thanks to the security needs of the Internet of things. More information is available from http://tinyurl.com/yc3al2zt