Clapper doesn’t mention any particular intelligence agency as involved in monitoring. However security experts take the notion of Internet of Things in general and prove that the US and other surveillance services will intercept the signals the newly networked devices emit.
“Smart devices incorporated into the electric grid … can threaten data privacy, data integrity, or continuity of services. In the future, intelligence services might use the [internet of things] for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials,” Clapper said.
Michael Rogers, director of the National Security Agency, touched this problem last month while speaking at a Washington thinktank. He said that it was time to consider making the home devices “more defensible”, but did not address the opportunities that increased numbers and even categories of connected devices provide to his surveillance agency.
Clapper’s statement follows multiple complaints of poor security standards included in smart-home products. Recently smart houses were sent into a chill in the very middle of winter. Woke up at night, users found out that their Nest Learning Thermostat had been out of order.
Google-owned Nest explained the problem – a software bug was affecting some of the smart thermostats causing the high-profile internet of things device to stop working. The bug actually drained the battery of the thermostat despite the fact that the device was plugged in. As a result it got disconnected from boilers and air conditioning systems, turning them off before it shuts down. Nest Thermostat was later fixed but much more efforts are needed to fix the trust.
Thus information provided by microphones and motion sensors embedded in IoT products can be of great value. According to survey conducted by Auth0 more than 52% of consumers and about 85% of experts don’t think the technology is secure.
Most experts agree that encryption of information is the best possible way for on-device protection. The solution is already used by many companies including Apple and Microsoft, which are implementing default disk encryption on their new mobile operating systems.
The IoT Security 2015 conference in Boston resulted in some new useful ideas for safety improving:
- Context-aware security, new gateways, and middleware are three measures that can help facilitate the “chain of trust” necessary to support IoT.
- All smart devices can be manufactured with factory wipe options and “good processes” to transition smart products like cars and homes to new owners can be developed.
- Creation of a new class of performance metrics that focus on resiliency, for example, Mean Time Between Recovery versus Mean Time Between Failure.
- Provision of manufacturer-provided security subscription services.
Of course Clapper’s report doesn’t focus on Internet of Things as on the main threat to US security. He pays much attention to such problematic points as China, Russia, Iran, North Korea, Iraq, Afghanistan, ISIL, etc. as well.