By Bruce Sterling
*This screed seems to come from some parallel wonderland of yore, where the NSA and Chinese cyberwar simply didn’t exist, and it’s all up the doughty, hands-on engineers of General Electric.
“Why do we say IoT requires new thinking about cyber security? Mainly because of the level of data sharing involved. This is a fast-evolving feature of the IoT, around which industrial equipment markets have not yet aligned. Note that we can trace the origins of the IoT to the early efforts by engineers in Original Equipment Manufacturers (OEMs) to find ways to monitor, objectively and in real time, how the machines they designed for customers actually performed in the real word. They tended to use the terms telematics and mobile resource management. Soon, however, it became clear how valuable such data would be to their colleagues in product marketing, and in turn to customer service and technical support. As for the customers themselves, they received some benefits, such as maintenance alerts but, generally speaking, they had access to little real-time data, and it was difficult to work with when they did get it.
“Today, growing numbers of customers recognize how that data could inform their own operations, and even feel it is rightfully theirs, leading to battles over who owns and has access to what data, who is responsible for securing it, and a long list of other related questions. What’s more, as systems built by different OEMs interact, there is infighting among them as to what constitutes sensitive or competitive intelligence. Simultaneously, everyone must address the question of how shared access to data exposes them to new legal liabilities with their trading partners.
“New approaches to cybersecurity are needed to address access to and deployment of this shared data. Participants need to guarantee each other that there will be no breach with so many moving parts across so many different networks and organizations.
“At the same time that the IoT’s shared data creates new issues for cyber security, its use in certain applications makes the need to ensure security all the more urgent. Consider that 85% of America’s critical infrastructure — electric grid, gas and oil pipelines, bridges and tunnels — are in the private sector where cybersecurity is fragmented and uneven. These markets are aggressively interested in the IoT’s proven cost savings and performance improvement potential. Yet this complex network can only be protected collaboratively as multiple stakeholders have shared interests in common assets. What’s more, government resources, with their own unique cyber security mandates, are critical. It is no exaggeration to say that the functioning of society’s infrastructure and our access to sufficient energy depend on our establishment of new cyber security regimes oriented to the Internet of Things….”