Jake Sprouse, Director of Software Engineering at Synapse, responds to the new California cyberbill on IoT security as follows:
“Legislation requiring security measures in IoT devices can do little harm, but it’s a half measure at best. New exploits to existing security protocols are found on a regular basis, so those responsible for building IoT devices need to make sure those devices can be patched and upgraded to address new security flaws after they’ve been shipped.
But this is a big shift in management: manufacturers can no longer “ship and forget”. Instead they need to invest, continually improving their embedded software after launch and for the lifecycle of their devices.
And there’s a looming iceberg. For IoT devices at or beyond the edge, security updates can be orders of magnitudes larger than the data payloads the system was designed to transmit. The industry cannot afford to let this get in the way of securing the IoT.
The IoT security breaches we’ve seen so far really represent the early stage of the IoT market – These are growing pains. If we look at the consumer experience, although it took some time, consumers are familiar with looking for the green padlock in the URL address bar before proceeding with secure web services. But this level of user friendly authentication simply does not exist in the IoT.
Consumers must rely on their IoT device manufacturer or service provider for authentication but have no obvious way to understand the security in place.
However, there are measures the industry can take to improve security by pushing browser authentication into the app world. A simple approach is to enable browsers to access more peripherals and apps, adapting the API to allow access via Bluetooth. Longer term, standards bodies may need to increase focus on IoT security and look at how consumers can be provided with clearer security indicators.
Increasing security and providing a more user-friendly way of communicating this is essential for the IoT to mature and for the industry to fully benefit from its clear potential”.