Bridge Communications

Sunday, March 29, 2015

Internet of things, may be we need to pump the brakes

First some background on me.  I am not sitting in a dark house, wearing a tin foil hat I can assure you.  In my home alone there are over 300 "things" connected to my internet.  I have developed an AI for my home that talks to my security system, changes channels on my TVs, pulls and reports on my kids grades and homework etc.  My kids refer to it as "Jarvis" like in Ironman, so I even made it speak in British accent.

So what in the world am I of all people doing writing a cautionary tale about the rush to connect "things" to the internet?  Well let me explain.  I have 2 main concerns when I hear talking heads like Cisco's CEO spout off endlessly about the internet of everything.

1.  What are the things (not computers) we are going to connect to the world?

2.  What sort of computer systems are these things going to be running, OS, etc.

To the question of the things, well where does that start and end, we already have cell phones, smart watches, televisions, moving streaming devices, home security systems, thermostats and computing devices connected.  What next?  Our kitchen devices, refrigerator, microwave, stove, dishwasher? Our washer and dryer?  Our garage doors?  The locks on our homes?  Our cars?  Some of this is already happening, have any of you heard about the fridge spam bot?

The devices themselves really don't concern me as much as the second part of the question.  We all know in an effort to maximize profit and keeps things simple these things are going to be running stripped down simple versions of Linux.  The more the market grows the more we see the gaping holes and slow reaction time in the open source community.  The last couple of years have show us how vulnerable these types of deployments are.  Do any of us feel our financial information, or health care information is secure, or that inevitably some corporation will let this into the public domain?  So which Operating systems are the had the most vulnerabilities in 2014?

#1 Apple OS (Linux)
#2 Linux Kernel

Does anyone know a sysadmin who runs a weekly cron job to update his Linux deployments.  Neither do I, that person would be risking his/her job on open source component A not breaking open source component B when it updated each week.  Would anyone risk their enterprise on the stability and security of Java?  We've all walked over to look at someone's struggling computer for them, only to find the least consequential application they have running with the java runtimes, using 3GB of ram all by itself.

So what's the point Doug?  Given what we have seen in OS vulnerability the last 2 years, the revelations in the NSA spying the last 2 years, the hacking from overseas the last 2 years...  I would like to see us in the developer and engineer community take 1 year and make it the year of security.  Let's give Windows 10 a year to see what it can do running on every different type of device.  Once the operating systems are secure, then we can hook our things to them, and our things to a safer internet.  Otherwise we must ask;

What happens when 50 cars engines turn off in rush hour at 80 mph on the 5 in LA?

What happens when 4 million customers homes turn on every appliance and light in a split second, and overload the grid of a major city?

What happens when every device in you home can instantly become an eavesdropping spy device?

It doesn't take long for your imagination to go to a very dark place, once every thing in your home with an electrical cord becomes a potentially hack-able device.

Again I am very pro technology and I want to see it continue to improve the lives of every human being on the planet.  All I am trying to get across is, when there is something wrong with the foundation, you don't build a home and keep adding stories to it, without a catastrophe.  Let's fix the foundation first.

Doug Routledge, C# Lync, Skype for Business, SQL, Exchange, UC Developer  BridgeOC
Twitter - @droutledge @ndbridge