By Scott Totzke
These days, every report on the Internet of Things (IoT) reminds us that we are continuing to increase our connectivity to the Internet through everyday appliances, sensors, and wearables, despite rampant security risks. In fact, the latest report from the Pew Research Center on the steady rise in IoT use declares that already “49% of the world’s population is connected online and an estimated 8.4 billion connected things are in use worldwide.”
Many IoT experts surveyed by Pew are predicting that, by 2026, ubiquitous connectivity won’t be a choice but a necessity, with most people unaware of how connected they are or how much data they’re sharing. 2026 is the same date many quantum computing experts are predicting a quantum computer will be able to break today’s security—and that level of IoT adoption coinciding with the availability of a quantum computer to attackers could be catastrophic.
IoT Security Webinars on ITSP TV
A quantum computer attack capable of breaking public key cryptography would compromise the typical connectivity we already require in our daily lives (email, messaging, online banking, etc.) but would also expose any supposedly secure IoT-connected device. The hacking of a physical device goes beyond a data breach – it could introduce serious public safety risk. Networked home thermostats could have their settings changed to overwhelm the energy grid, causing a blackout. Home security systems could be attacked to place fraudulent calls to emergency services, tying up needed resources. Public transport vehicles and private, connected cars, if hacked, could cause serious accidents. Health-related connected machines could be altered, causing serious harm or death to patients. By 2026, if quantum-safe security has not been adopted across IoT devices, these may be the consequences.
While there are many advantages to connectivity, there are also problems when the ubiquity of data sharing means that consumers are often unaware of how exposed they are, and the onus for securing the device often rests with the consumer and the manufacturer alone. An attack on an IoT device that someone uses either purposefully or inadvertently could be devastating for that person’s privacy and for public safety, but he may have limited ability to foresee that or understand how to limit risk. Experts surveyed by Pew overwhelmingly conclude that security breaches will not cause people to question their level of connectivity, despite the safety concerns. Consumers may have faith that our security standards will eventually evolve to provide the protection that they need, but many of the now apparent risks, such as botnets, DDoS attacks, and ransomware, don’t scratch the surface of what an attack by a quantum computer could achieve.
Quantum safe cryptography solutions are already available and could protect IoT devices and networks from widespread attack. So where does the responsibility lie to protect consumers? With the enterprises and governments responsible for the infrastructure that allows the perpetual connectivity to take place. And yet, nearly half of the US companies using IoT infrastructure have been hacked. Global cybersecurity standards have not progressed to address IoT threats as they emerge. Risk from IoT use is due in part to enterprise outsourcing to third party vendors, including cloud service providers, making accountability unclear. Furthermore, partnership between governments and commercial entities is needed to resolve the issues and drive adoption of global standards to ensure we are all prepared.
The need for quantum safe security in IoT devices should be addressed now, as a matter of responsibility to consumers and the public at large, because there seems to be no slowing their rise. Likewise, there is no slowing the rise of quantum computing, and the two will eventually converge.
About Scott Totzke
ISARA Corporation’s CEO, Scott Totzke, is responsible for building the organization that is developing and implementing quantum-resistant products. Prior to co-founding ISARA, Scott was Senior VP of Enterprise and Security at Huawei where he was responsible for launching Huawei’s R&D office in Waterloo.