Review: The Internet of Risky Things
About the author
Professor Sean Smith is the Principal Investigator of the Dartmouth Trust Lab and Director of Dartmouth’s Institute for Security, Technology, and Society. He investigates how to build trustworthy systems in the real world.
Inside The Internet of Risky Things
When we hear things like “The Internet of Things is predicted to reach 30 billion devices in 2020“, it’s hard for people to actually imagine the extent of IoT influencing their day to day lives. For cybersecurity experts, it’s even more difficult to imagine that the deployment of all these computerized devices could work at that scale without a hitch.
The author argues that, without a change of what the IoT infrastructure is based on, we’re looking at things like unusable patches of cyberinfrastructure, and potentially unliveable patches of real-wold infrastructure, not to mention a host of other problems.
Building the IoT the same way we built the current Internet is not a good solution, he says. IoT devices can stop working, behave arbitrarily (either because of a glitch or attack), and mess with out physical world in an way that most Internet of Computers (IoC) devices never did.
In the first chapter, the author does a good job at explaining the aspects in which IoT differs from IoC, and paints a realistic image of (IoT) things to come. With examples that translate well from the IoC to the IoT reality, readers should grasp immediately and completely the problems that have to be considered and solved (e.g. maintenance/updating, patching, complexity, sheer numbers, “invisibility”, required connectivity, etc.).
When explaining the IoT’s impact on the physical world, he had no lack of ready examples of problems we already have with IoT in homes, cars, airplanes, medicine, and so on. Also, he doesn’t shy away from describing worst-case scenarios, but without a hint of underlying desire to scare the reader.
The book will get readers familiar with a number of IoT architectures and application areas, as well as with the challenges of identity and authentication IoT is likely to encounter. Chapter 3 is particularly interesting, as it acquaints readers with some of the “smart” medicine, grid and transport solutions of the last 30-40 years, and points out the unexpected consequences they brought on. I, for example, knew about some of these, but not enough to grasp the whole picture and implications for the future.
Another eye-opening chapter is dedicated of “design patterns for insecurity” that the IoT could easily inherit from IoC, and we should avoid. Privacy, economic and legal issues get a chapter each and, again, there is much in them that I never thought about before.
The book concludes with a chapter on how the IoT, if we’re not careful, could increase class differences and effect basic human rights, and one on the interconnections between human space and cyberspace, and how IoT can change them.
Final thoughts
There is no fearmongering in this book. The author aims to make his readers be aware of the possible problems we can expect to encounter, and think about solutions. He does offer some tentative approaches we can take, but mostly as guidance.
He jumps from quote to example to theory to opinion to analogy to personal experience quickly and skilfully, mimicking the way our own brains function. I found this whirlwind easy to follow, and the book engrossing. If overarching IoT is the future – and it seems clear that it is – I think everybody should read it.