Within the next five years, the number of people connected to the Internet is forecast to rise to over 7 billion. The number of things hooked up to the web is projected to be around 50 billion. While the Internet of Things (IoT) still has to fulfil certain promises, the base is already there. From wearable fitness trackers to office building intrusion detection, the range of items being linked to the web is already wide. The natural and growing reflex is to consider the risk involved and appropriate risk management. But which kind of risk are we talking about?
Much of the risk management discussed in terms of the IoT concerns equipment doing things it should not. Examples include fitness trackers uploading personal information to systems unauthorised to receive it, and building intrusion systems being pirated over the Internet to facilitate burglary. IT governance association ISACA lists several pertinent questions to be asked, including anticipated threats, threat mitigation, user identity management, attack monitoring responsibilities and more.
Yet the other side of risk management concerning the Internet of Things must not be neglected either. It is the risk that equipment does not do the things it should. While a fitness tracker failing to upload information may be more or less serious according to circumstances, self-driving vehicles that can no longer be controlled are a grave risk. In a business continuity sense, logistics and distribution systems may rely on RFID chips on shipments working properly to confirm delivery has been made, to trigger billing and supply replenishment. Lack of signals may disrupt normal operations.
50 billion devices and a complex communications chain to boot are too much for any reasonable hope of zero failure. Risk management is likely to be increasingly defined by probabilities about what will work, fail or be vulnerable to attack. But probabilities won’t work for everything. For instance, nuclear power stations (just in case anybody was thinking of it) will be better kept off the IoT for that very reason.