Interview: DarkMatter’s Brennan discusses IoT snooping
DarkMatter’s Stephen Brennan discusses recent revelations that IoT-enabled devices could snoop on us
Earlier this month, the US director of national intelligence, James Clapper, revealed there is a distinct possibility that agencies could possibly use smart household devices to increase their surveillance abilities, in other words, spy on you.
Security specialists have warned for years that the influx of smart devices entering the home is problematic, as most Internet of Things enabled devices lack passwords and encryption features.
"Smart devices incorporated into the electric grid ... can threaten data privacy, data integrity, or continuity of services," he said. "In the future, intelligence services might use the [Internet of Things] for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials.
"Commercial vendors, who aggregate the bulk of digitised information about persons, will increasingly collect, analyse, and sell it to both foreign and domestic customers."
Speaking to Stephen Brennan, senior vice president of cyber network defence at DarkMatter, he discusses his view on IoT snooping and what effect his may have.
ITP.net: Should we be alarmed by James Clapper's revelation?
SB: Governments have always used all methods available to protect the safety and interest of their citizens, and ‘spying', with all of its ethical implications is just one of those methods. However, it is all built on trust. Our lives are now lived online, our communication is via phones and email, but who has access to this data, what data is available and what will they do it, are all crucial questions.
The trust required to access this data has been significantly eroded through recent revelations that intelligence agencies (not just the US) have moved from highly targeted campaigns against known or suspected threats, towards systematic, broad reaching mass surveillance touching everyone, including the people they are designed to protect - the citizens.
ITP.net: Will this change consumer attitudes to buying such devices?
SB: People have an incredible appetite for risk at an individual level, they will give away huge amounts of data just for the right to access ‘free-to-play' games online. However consumers are increasingly aware of security and privacy, even if they are not completely abreast of all the details.
This means that while IoT "smart" features used to be a differentiator amongst the highly competitive consumer market, security and privacy is now the main differentiator. This places the emphasis on manufacturers to prove their devices are secure and consumers will vote with their wallets.
ITP.net: Should this be a concern for organisations adopting IoT-enabled devices?
SB: Organisations need to consider security and privacy as a top priority, from small businesses right through to multinational enterprises. Companies that have embedded security into their DNA will have a strong understanding of their core information assets and their value.
From there, decisions can be made in addition to process people and technology reviews to protect these assets from spying through IoT devices. One way to do this is to standardise to a smaller set of approved IoT devices and run them through a qualified Testing and Validation lab, similar to Common Criteria, but focused on security risks such as surveillance (government or otherwise).
This is where a company like DarkMatter can assist in helping businesses establish a cyber security programme incorporating policies, procedures, and personnel, developing a cyber security strategy that will give them visibility into their environment and deploy defensive technologies and methodologies.
ITP.net: As the UAE develops into a smart city, what can governments do to ensure citizens feel safe?
The region has always prided itself on developing centres of excellence and showcasing the future where ever possible. This includes demonstrating to citizens and consumers that IoT devices that surround their smart systems are safe and secure from undisclosed surveillance and are intended and capable of delivering on their promise of safer and smarter cities and lives.
This includes settings standards then testing and validating across those standards. It also requires transparency into this process as well as strong educational campaigns to allow citizens, or their trusted advisors such as the media, to understand how these risks have been addressed and how to best protect themselves and their privacy in their daily lives.
Related: IoT devices could snoop on you, says US Intelligence