This article suggests that the Internet of Things could be made more secure if large buyers of interconnected devices put into their procurement specs some fairly simple rules, e.g. *some* security to start with, e.g. an adjustable password, and patchability to respond to known or discovered threats.
Does this sound right to you? Do your clients insist, or even care?
No doubt large-scale one-off procurement contracts deal with security – well, I hope they do – but what about procurements on more of a mass scale?
I heard of a study over three years ago that found a huge proportion of IoT devices had either no security (the people who build them care a lot about cool connectivity but have no knowledge of or interest in security) or security flaws that had been known about, and even patched, for years, but the current version of the software was not used in the devices.
In any event, are large industrial or health-care users influential enough to help secure our home thermostats?
It seems to me that car manufacturers have said it will take them several years to incorporate rudimentary security into cars so the on-board computers can’t be hacked through the electronic tire-pressure sensors (which can be done now). So does anyone *really* care?