At least, that's the take of Dave Weinstein, the chief technology officer for the state of New Jersey, a cabinet-level post under Gov. Chris Christie.
“By and large, the ‘Internet of Things’ is dumb, it’s really dumb, and that makes it a really valuable and attractive target for hackers,” Weinstein said.
“A truly smart device needs to be able to know when it is being used by a cyberattacker versus when it is being used for what is intended on being used for,” he said. “And, today, these devices are not discriminating between legitimate and nefarious use.”
Speaking to a group of small business owners, he said this basic lack of intelligence by smart devices is one of the top cybersecurity issues today.
And while cybersecurity issues have come to the forefront in recent years with noteworthy hacks (think Target, Yahoo! and the 2016 presidential election), Weinstein said the problem has been around since the first day of the internet for one simple reason: No one thought about security.
The internet, Weinstein said, was originally created for academic research, with the purpose of collaboration and information-sharing.
“The founders of the internet didn’t necessarily ponder a world in which the internet would grow exponentially as a global digital commons and, therefore, be leveraged or exploited by political, criminal actors for nefarious purposes,” he said.
The problems, Weinstein said, have only been compounded recently with the exponential increase in smart devices. Everything from doorbells to refrigerators to automobiles can be considered a smart device now, each vulnerable to a cyberattack.
Weinstein sparked the attention of the crowd when he revealed the total number of devices matched the human population on the planet at 7 billion ... in 2009. Today, the number stands closer to 50 billion.
Despite the growing number of products and threats, Weinstein said manufacturers of these devices still are not making security a priority. Productivity and efficiency are the primary considerations, he said, while security protocol is an afterthought.
Weinstein said there are three areas of cybersecurity: threat, vulnerability and consequence.
He talked about threats as they relate to the political, ideological and financial motivation of the perpetrator and how their tactics are constantly changing, which provides advantage over the defender.
Weinstein was just one speaker at the event.
A panel of eight cybersecurity professionals dove into a number of aspects concerning IOT.
The panel expressed how many manufacturers will not have the means or time in which to provide proper cybersecurity measures to protect certain devices especially in the medical field.
For Milone’s full story, click here.