I’ve been designing secure embedded systems for a long time. I want to share what I have learned.
Most of the problems with IoT security are not specific to IoT. They’re problems that have been around for a long time. If you’re well-versed in general cyber, software and cloud security, you’re most of the way there.
IoT security is different because:
It’s multidisciplinary; security covers hardware, software and online elements
The business model makes it difficult to implement good security
There’s no security culture or training among most IoT vendors
IoT devices probably never receive security updates. You probably don’t even know that the devices exist!
I want to focus on what makes IoT security different.