It's been estimated that by 2020, business-to-business spending on IoT technology and tools will reach $267B, half of IoT-related spending will be driven by needs in manufacturing, logistics, and critical infrastructure, and 34 billion devices will be connected and in use across all sectors and classes of devices.
Keeping pace with the growth of IoT in general is the rate at which vulnerabilities in IoT devices are shown to be vulnerable, often to trivial efforts. From cars to household appliances to surveillance cameras and now airplanes, it is clear that we might be making dumb things smart, but we’re not being smart about how we do it.
The response to this situation are calls to ‘bake in’ security and new laws. But examples like this, from a DHS effort to hack an airliner, show why any action we take now will not have an impact for years to come:
The cost to change one line of code on a piece of avionics equipment is $1 million, and it takes a year to implement. For Southwest Airlines, whose fleet is based on Boeing’s 737, it would “bankrupt” them if a cyber vulnerability was specific to systems on board 737s ... legacy aircraft, which make up more than 90% of the commercial planes in the sky, don’t have [cybersecurity] protections.
"The cost to change one line of code on a piece of avionics equipment is $1 million, and it takes a year to implement.
Forget 34 billion devices in three years; there are too many vulnerable devices and platforms out there now for any effort we take to matter today. Every device in a manufacturer's pipeline is in the same boat. A mandate to secure IoT devices that comes down today will only make a difference to those devices that haven’t even made it to the drawing board yet.
"The cost-benefit analysis favors a level of insecurity