Do the advantages of connectivity in devices for home and industry outweigh the potential risks of hacking?
Last week we asked Engineer readers if they believe that connected devices – whether they’re “Internet of Things” in the domestic setting, or industry 4.0 in manufacturing – represent an advantage or an unacceptable risk.
Of the 340 responses, 61 per cent took the view that connected devices are unsafe, and 14 per cent thought otherwise, believing connected devices to be safe.
A further eight per cent of respondents were split equally between the options of connected devices being safe in the home but not in industry, and connected devices being safe in industry but not the home. The remaining 17 per cent couldn’t find a fit and chose the ‘none of the above option’.
In the debate that followed, Sandy said that each domestic application should be considered with regard for the need, adding: “No-one ‘needs’ a connected fridge or even central heating controlled from a phone. Just set the timers or switch it on when you get in…Also no-one ‘needs’ a SMART meter, particularly when it’s tied to a supplier.”
Moving into the industrial sphere, Andy Duffell wrote in to say: “There’s no technical reason devices can’t be made safely, but attitudes and practices in the industry mean that safety is generally poor. For example, one of the reasons Stuxnet was able to infect the target system was because Siemens advised their customers to not change the default password, which was hard-coded and documented. What is the point of even having a password in that case? It’s security theater. Attitudes need to improve.”
Andy’s view was endorsed by Another Steve, who said: “‘Most’ security hacks are down to users sloppy practices, unfortunately I don’t see that changing unless there is some sort of financial penalties applied.”
Nick Cole opined that any connection is inherently unsafe and that all software has flaws.
“The cost of trying to stay ahead of the game can be immense,” said Nick. “The risk needs to be evaluated in comparison with the benefits and potential costs. As with any software driven system one major risk is the likelihood of having that system out of commission and the potential mitigation measures in such a scenario.”
Discussion is still welcome on this matter, but draw commenters’ attention to our guidelines and remind readers that all comments will be moderated and may be edited if necessary.
More on these important security issues can be found in The Engineer’s May 2018 cover feature:
Safer connections: reducing the security risks of the internet of things
Safe with the proviso that there is a suitable firewall etc.. Poor security is unfortunately the reason most cyber criminals can gain access, the next is clicking on e-mails that contain viruses, Trojans etc..
The questions are too black and white. Some connected devices are safe and some unsafe. It rather depends on the skill, knowledge and diligence of the operator.
The idea that “we” “need” this technology has been oversold, and under-vetted.
There again, I am still looking for my buggy whip!
Agreed ! No-one ‘needs’ a connected fridge or even central heating controlled from a phone. Just set the timers or switch it on when you get in and put up with being a little cool for a few minutes instead of wasting heat on an empty house.
Also no-one ‘needs’ a SMART meter, particularly when it’s tied to a Supplier, but it didn’t prevent the Govt. spending a lot of our money trying to convince us they are essential. Now we have a generation of meters which are no longer SMART because the same Govt. is trying to get us to swap suppliers!
Each application should be considered with regard for the need. Smart speakers may be indispensible for the connected aged or infirm, but when the same Govt. is trying to ‘fight the flab’ why not go to the device and switch it on yourself?
They can be made safe, but many are not. There’s no technical reason devices can’t be made safely, but attitudes and practices in the industry mean that safety is generally poor. For example, one of the reasons Stuxnet was able to infect the target system was because Siemens advised their customers to NOT change the default password, which was hard-coded and documented. What is the point of even having a password in that case? It’s security theater. Attitudes need to improve.
When will it stop, so many of the new items are because we can and not because there is a real need for the item.
I am reminded of the approach taken by local authorities in the 70s -when the ambulance chasing lawyers started to sue : on behalf of folk who were unfortunate to trip up on un-even paving stones. They initiated vast expensive programmes to try to make all pavements perfect: then realised that such was quite impossible, so stopped such: and were prepared to pay the occasional claim! I have to presume that it is (as several have pointed out) impossible to absolutely protect all cyber systems: so the most cost-effective solution is to do nothing and accept the occasional ‘blip’ (trip?) “Engineers do for 10p what any fool can do for £1.00” [NSN]
None of the above. Totally agree with Andy Duffell, above.
These devices can be as secure as needed BUT it requires industry/manufacturers to provide the appropriate mechanisms and it needs the Users to set up and implement these security mechanisms. ‘Most’ security hacks are down to users sloppy practices, unfortunately I don’t see that changing unless there is some sort of financial penalties applied.
Any connection is inherently unsafe. All software has flaws. The cost of trying to stay ahead of the game canbe immense. The risk needs to be evaluated in comparison with the benefits and potential costs. As with any software driven system one major risk is the likelihood of having that system out of commission and the potential mitigation measures in such a scenario. There is rarely if any manual fallback, and invariably the system manufacturers refuse to supply sufficient information for this situation.
Yes, the options listed in the list of answers is too black and white as other respondents have stated.
There’s a slight analogy here with the introduction of electricity say on the Boston underground and trams. Many were petrified by it, work of the devil no doubt. We may be more secular in our fears today, but the same working out of the introduction of increased connectivity will address security issues – a clear role for govt here is to fund and support research and development even more.
As far as do we need it, no but progress involves creating new markets. Again like electricity, at the end of the C19, no one could have predicted the role of electricity in the C20, especially by only thinking about it by simply applying it to replacing exiting technologies at the time like gas lighting or limited ideas today such as connecting central heating to your mobile. However, such projects may spark other ideas and generally improve security etc. So more R&D to actively address security concerns and a recognition that we can’t fully predict the future and have to move forward for those unknown, unpredictable, but potentially society changing uses for increased connectivity in industry, transport and the home.