IoT: Moving to Security by DesignF5 Network's David Holmes Offers a Strategy
With the explosive growth of the internet of things, and the increasing threat posed by botnets that leverage IoT, more must be done to ensure IoT devices include security by design, says David Holmes, principal threat researcher at F5 Networks.
The Named Data Networking project can play a critical role, Holmes says in an interview with Information Security Media Group. "It's a series of protocols which are very much unlike our existing internet protocols," he says. "They are designed with internet of things in mind."
Holmes points out that device developers are "rushing to build IoT as fast as they can. Many times when that happens, security suffers." He predicts that consumer-level IoT security will continue to be "a nightmare" for at least a decade while enterprise-level IoT security will improve at only a slightly faster pace.
When devising a way to improve IoT security, as well as the security for various related "smart city" projects, Holmes says the key is to set the right priorities. "The way you prioritize these things actually falls down to a quantifiable algorithmic numeric system where you can come up with your top 100 threats to this project and here they are in order of priority." Holmes says. "Threat modeling is key." (See: Defining a Smart City's Security Architecture)
In this interview (see audio link below image), Holmes discusses:
- The challenges involved in "smart city" projects;
- The emergence of "thingbots";
- IoT security legislation pending in the U.S. that could serve as a model for other nations.
Holmes, based in Seattle, is the principal threat research evangelist for F5 Networks. In this role, he is spokesman, researcher and evangelist for F5's threat intelligence division, with an emphasis on distributed denial-of-service attacks, cryptography and firewall technology. Previously, Holmes served as vice president of engineering at Dvorak Development.