Security and Insecurity in the Internet of Everything

October 9, 2013 - 4 Comments

The Internet of Everything is a big thing, and it’s going to get bigger. As more devices, sensors, gadgets, and people get interconnected, you’ll hear more and more about it. But there’s one aspect of the Internet of Everything that I don’t hear a lot about.

That aspect is security, both in the form of actual security and the sense of security.

Let’s go back to the mid-1980s, when I got my start with computers. You could finally buy one and make it useful at home without being a programmer or a soldering wiz. Pre-packaged software was available to do all sorts of useful things, but the thing that stood out for me was financial software. You know, Sylvia Porter, Multiplan, or whatever worked with your brand of computer. (I was a weird kid; I even did mock tax returns in middle school civics class for extra credit.)

But there were a lot of people who would not think of doing their finances on their home computer, for fear of being hacked or having their identity and their money stolen electronically.

Now anyone who’s had a credit card replaced because their account information was compromised will know this is a valid concern, at times. But some of these folks using Quicken on their monochrome Macintosh 512 without any connection to the outside world were convinced that hackers would get in, perhaps through the power line (way before powerline Ethernet adapters).

It took the personal financial software industry (and the PC industry as a whole) a while to overcome the fear, uncertainty, and doubt (FUD) surrounding their products, to the point where people were comfortable storing their personal/sensitive information on a personal computer, connected or not. Fast forward to today when, according to Pew Research, over half of us bank online and about a third bank on our mobile phones.

mobile phone

As more people start to see what the Internet of Everything is about, they’re going to be excited, and eager to get involved. But they’re also going to have concerns and fears about all of this interconnectedness, and what it means for their privacy and security.

You’re not going to want hackers to make your fridge shut down, for example. But we shouldn’t cry over spoilt milk that isn’t necessarily going to happen.

There will be some genuine security issues, at least as long as humans are writing the code (and the documentation), but I expect there will be more fears of issues than actual issues. It’s like wars and rumors of wars. They can both be dangerous, but we can each take an active role in dealing with the latter.

As for me, I’m watching for where interconnectedness is growing fastest, and getting an elevator pitch ready to calm the nerves of my less-technical friends, coworkers, neighbors, the woman behind the counter at Five Guys, my landlord, etc.

Now I’m off to recharge my Pebble and Fitbit for the week, and make sure my unconnected fridge hasn’t turned itself off yet. But before I go…

What are you doing to prepare for the Internet of Everything? And where do you think the most FUD will come from? I’d love to hear your thoughts and predictions in the comments below

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.


  1. I’m glad you brought this up. When listening to the Cisco Live! 2013 keynote this year and I heard the call to move to IPv6 and connect everything on IoE I had two reactions; first I freaked out thinking about every device in the world having its own publicly accessible IP address.

    Second, I realized I had just achieved lifetime employment on the security side. It’s taken me years to grasp the limited understanding I have of IPv6 ( mostly unlearning from IPv4 )and the security implications are still unclear.

    For example, on the *latest* Symantec Endpoint Protection (12.1.3), your choices for IPv6 filtering are ON or OFF for _all addresses_. I’m unable to say ‘allow link local, block public’. :eyeroll:

    Your comment about people’s new comfort with putting everything online is interesting also. It’s like pulling teeth to get people to use two step authentication.

    To answer your question, my FUD comes from people’s unclear understanding of these implications and just ‘moving ahead’.

    • Hi John, thanks for chiming in.

      One of the things I was thinking about when plotting this post in my mind was that not everything will be publicly accessible. I have 20-30 things in my home that have their own IP addresses, and more things that have Bluetooth PAN addresses, but very little of it will be externally accessible.

      I think a lot of devices will be either proxied, filtered, or otherwise obfuscated from the Public Internet(tm), or at least I hope so.

      That’s not to say that a “trusted broker” system (similar to how things like Transporter, Pogoplug, and even Cisco Meraki wireless-based VPN work) is the perfect solution. Everything breaks, trust isn’t absolute, and some developers are lazy.

      But I’m thinking that tiers of connectivity will be involved. Either that, or routers will get to the size of an ENIAC or LEO. 🙂

  2. Great post, Robert, and the honest truth is I’ve just come to accept the risks associated with a connected lifestyle and do the best I can to adhere to security best practices.

    The sad thing is, the majority of my non-technical friends (you know, the people who only use passwords if they’re required to and in those cases, use the same ones, usually a nickname, for every application) won’t realize how much risk they’re taking until they experience a breach or worse, identity theft.

    So with all of that said, do you think we’ll eventually experience a societal divide between those that want to be connected and those that intentionally avoid it (like the remaining 20% of the US population that intentionally avoids Facebook)?

    • Thanks for the feedback, Isaac.

      I think there will always be the divide between everything-on and nothing-on… I’m always surprised when I see how unconnected some of my tech colleagues are. Ask 10 people at Cisco Live or VMworld or the like what their twitter handle is, and you’ll see what I mean. If technologists aren’t all-in, the general public will probably be the same.

      But #IoE will become more pervasive just as mobile computing and mobile data have in the last 20 and 10 years respectively… and for every one person who eschews it, two people will take it up as a given in live, and probably one will write their social network passwords on a post-it on the back of their laptop for everyone to see.

      I think that might be an important thing to take up as well, whether for Everything or even for just the Internet of Computers and Mobile Phones and Tablets (although #IoCaMPaT isn’t quite as catchy). Is instilling basic security in people’s minds enough, or at least a worthy start, to securing the Internet of Everything?