The rapid expansion of Internet of Things (IoT) technology without a strong focus on security will leave devices increasingly open to attack and exploitation, according to John Moor, director of the Internet of Things Security Foundation.
"If we are not careful we could be sleepwalking into a lot of problems, some of which may not have been seen before. There's lots of focus on the innovation opportunities around IoT, but there has been relatively little on its dark underbelly to date," he said.
Moor was speaking at a roundtable event organised by Telefónica, attended by V3, set up to discuss a Telefónica IoT report entitled Scope, scale and risk like never before: Securing the Internet of Things.
The report, published in collaboration with Telefónica's ElevenPaths cyber security unit, explained that the pace of IoT innovation will put an increasing strain on security.
"With the IoT, the application of existing standards, and the creation of new ones, has come up against a hectic pace of innovation. Businesses need to safeguard their intellectual property as they are making and selling things no-one else can," the report stated.
"The irony is that, in order to reap the benefits of IoT devices and services, hardware and software need to be open. Security at the device, application and network is vital. But as the pace of adoption increases, so do the levels of complexity."
This combination of progress and weak security could lead to the need for regulation and industry collaboration, according to Moor.
"There are a lot of things that we should look at and try to encourage progress. Obviously, regulation is one and I think there will be regulation that comes in. I think depending on where you fit in the supply chain you may be more motivated to be secure," he told V3.
"We have to try and encourage manufacturers to at least adhere to some basic guidelines, and certainly one of the things we are doing in the Foundation is to look towards some form of self-certification. There's a clear roadmap there.
"On the demand side we need to start encouraging people who are actually specifying and buying IoT equipment to start asking for security assurances so that vendors that don't want to play are forced to play because [if they don't] they won't have a market."
Garter predicted recently that the IoT will reach 20.8 billion connected devices by 2020, and Moor warned that it is moving into "unknown territory" and that "things are going to go wrong".
"There are things we can do but we can't just fix one part. We have got to have everybody understanding that we share the security problem. Whether you are a manufacturer, a consumer or a business reliant on the IoT, everyone has a role to play. Unless we get security right, it will stall because the risks involved will slow people down."
The big brands will drive innovation initially, according to Moor, as long as they can offer security. "The big brands will be the IoT winners because society has to be able to trust something and I think it will put its trust in brands that are seen to be concerned about security," he said.
However, he added that influential entrepreneurs and startups will lead the industry in the long run and pioneer the most exciting new technology. But he stressed the need for a security-first approach to development.
"Look at what's going on right now. There are lots of startups and they are being acquired. It is important that we move ahead at a rate consistent with the risk and the benefits that are on offer," he told V3.
"It's all too easy to rush ahead and leave gaping [security] holes that will only create a bunch of problems in the future."
Chema Alonso, chief executive of ElevenPaths, explained that the physical and digital worlds are becoming increasingly combined.
"It is precisely the blurring of the line between the digital world and the real world that represents the challenges introduced by the IoT," he said.
"In the next few years our lives will be surrounded by devices connected to the internet that will digitalise every step we take, convert our daily activities into information, distribute any interaction throughout the network and interact with us according to this information. Let's understand the problem before it's too late."
Darktrace pushes machine learning to take some of the pressure off of IT and security teams
Google also gets its hands on HTC's IP in a non-exclusive deal
Microsoft, Google and Samsung all targeted as Avast admits to the scale of the CCleaner compromise
Not all loose ends tied yet, admits Bain backer SK Hynix