Have you updated your “smart toaster” recently? This might be a good idea to ensure that you don’t get hacked or that your toaster isn’t recruited to do something malicious. do it now!As Indiana University’s Scott J. Shackelford puts it in his book Internet of Things: What everyone needs to know: “We are just beginning to manage artificial intelligence with cybersecurity in mind, including in IoT contexts.” Oxford University Press’s Everyone Needs to Know series is written by experts in accessible language for the public excellent resources. Below is an interview with Scott:
We used to just have computers with things inside, but now we have computers with things inside. Can you explain why this is important?
SS: The Internet of Things (IoT) has in many ways become the Internet of Everything (IoE). It’s gotten to the point where we have to work hard, and sometimes pay extra, to find consumer devices that meet these needs. no clever. This covers a wide range of product categories and sectors, including cars, which have become little more than stylish smartphones on wheels. This revolution is having consequences ranging from making routine equipment repairs more difficult for those without a coding background to vastly increasing the attack surface that adversaries could exploit in future conflicts. No country, or for that matter an individual, is an island in cyberspace, no matter how much they wish to be so.
The explosion of internet-connected products is driven by three forces in particular. First, costs plummeted. In 2004, the average price of an IoT sensor was $1.30; by 2018, it had fallen to 44 cents and continues to fall. Second, connection speeds continue to improve, and the availability of 5G (and soon 6G) means more devices than ever can be connected together in a smaller geographical area. Third, companies can now offer a wider range of IoT-related services than ever before, from navigation and on-demand product delivery to health and well-being services, further driving demand.
Internet of Things
In the Internet of Things, what types of things should the public pay most attention to?
SS: It can be very difficult for consumers, even for those who care about their privacy and the security of their families, to know how to buy products that can manage their data well. From smart speakers to TVs to cars, there is often a black box as to what information is collected, for what purpose and who has access to it. That’s starting to change with the launch of the FCC’s new U.S. Cyber Trust Mark program, which will roll out and provide consumers with information about product privacy and security features, just as we already do with Energy Star and Energy Efficiency. Do that.
The public should first be concerned about vulnerabilities in existing products. Most people are occasionally prompted and agree to update their computers, tablets and phones – few know they need to update their smart toasters, and depending on the model, this may not even be possible. Of course, even newer software can still be attacked through the use of zero-day vulnerabilities or hitherto unknown system backdoors that can recruit your smart products to form botnets and shut down various services. This lack of awareness is exacerbated by the challenge of identifying safety equipment for yourself and your family.
Scott Shackelford
With the rapid development of artificial intelligence, what impact will this have on the Internet of Things?
SS: Artificial intelligence is already affecting smart products, such as products like Humane’s AI pin, which lets you talk to a bot at the touch of a button. On the security side, these models help defenders prevent vulnerabilities, but also enable attackers to find new backdoors into IoT systems. Most likely, this will exacerbate the threat environment, making it even more important to deal with our existing IoT technical debt (in the form of millions of insecure devices (e.g., smart light bulbs)) and not Networking makes the situation worse by imposing more stringent requirements. “Reasonable” cybersecurity.
We are just beginning to manage artificial intelligence with cybersecurity in mind, including in IoT contexts. There have been a number of efforts, including the EU’s new Artificial Intelligence Act, the extension of the Product Liability Directive to software, and the Digital Services Act. In the United States, we have seen the Biden administration recently issue an executive order focused on AI, as well as actions at the state and local levels, and push for international AI norms, but so far there are relatively few clear guardrails . Some of the more active states in the US include California, which has an IoT law requiring “reasonable” cybersecurity for connected devices – I wouldn’t be too surprised if it also takes a leading role in regulating its use, even if the federal government There is no effort to secure software, including artificial intelligence, and the same goes for the development of artificial intelligence in this context.