For decades, the computer industry has been promising to make computers safe from hacking. So, does hacking still take place? Not only does it still occur, it is happening at a scale never before seen. So if after decades of tackling the problem of hacking, things are only getting worse, why would we open the physical property of the government, companies, and individuals, to be hacked, which could lead to catastrophic events such as: the shutting down of power plants; the compromising of water supplies; the remote seizure of vehicles on roads, leading to accidents on scales never before seen; the remote hacking of cameras and recording devices in people’s homes, which could be used for blackmail, etc. Some security experts say, that all you need to do is ensure that Internet of Things (IoTs) devices are regularly updated with security patches. In other words, all you need is an essentially perfect updating mechanism. Can anyone point to such a system? Can anyone point to a perfect system? I believe it is stupid and irresponsible to open people up to systems that are dangers to themselves, if they are not perfectly maintained and impervious to hacking. What happens, if for example, a consumer purchases an alarm system, based on an operating system such as Linux, and the operating system does not include an updating / patching mechanism for dealing with security gaps? What happens if the operating system includes security updates, but the company goes out of business, and no longer provides the requisite security updates? Even if an alarm operating system was to have current updates, there is still the possibility that an attacker could take advantage of an exploit that is not widely known, to hack into the alarm system, and glean information about a user, that could be used for blackmail, or to plan a burglary.
Having a system accessible from the Internet, is inherently problematic. Unless the system is absolutely impregnable to hacking – and I don’t know of any such system – you should assume it is being hacked, if you are a notable individual or organization. The only way to ensure a system cannot possibly be hacked from the Internet, is to make it physically inaccessible from the Internet. There simply is no other way.
I do believe there is a huge market for smart devices / machines that are networked. I however believe the networks these devices are located, should be private and inaccessible from the Internet.
If a non-state actor or country decides to engage in cyberwarfare with the U.S., it would be bad enough if it took out or compromised many of our information systems. Having a sizeable IoT economy would change the dynamics of the attack dramatically: not only would the attacker be able to wreak havoc with our data, it would be able destroy elements of our economy via the remote physical manipulation of things like cars and machinery, causing mass accidents and sabotage.