06 February 2017

#HomeAutomation 101: Avoid #FutureShock Employ Basic #IoT #Security Now - A Separate #WiFi #Network #Firewall Go #Intranet

I believe in the smart home, connected home concept. I think that basic home automation will be as common as water & power in the future, specifically because utilities will become (are becoming) the first mainstream commercial early adopters of the technology. When you move into a new residence, you'll get your utilities and by default these will be routed through smart "pipes" (monitored with smart sensors) to smart meters and controlled via interfaces like smart thermostats. This will occur, and not because of altruism, but instead because of the nature of business.

Utilities will employ (are employing) smart infrastructure because of the pinpoint data that it provides per user. Data that in turn becomes a gold mine, insuring return on investment or ROI ---data mining will generate income streams that compensate for smart infrastructure deployment and maintenance costs --- as well as the bottom line (utilities will be able to customize services by user, upsell with greater ease, more accurately predict usage patterns across the service market, and depending upon government regulations and corporate privacy policies share slices of customer data with cohorts and competitors alike for a fee).

It behooves utilities to go "smart." In example, think of what having a smart power grid means. The power grid becomes a "living, breathing thing" rife with feedback at every juncture. When the power company can say with confidence user A will bill X amount for nine months of the year and X amount times 3 for three months of the year and respond to fluctuations in real time, it changes the landscape. The amount and types of data generated by smart utilities systems will affect everything in the utility industries supply chain from energy futures to the price that customers pay. This is happening. Smart Utilities will be the standard. Unless planning to go completely off-grid, customers have little choice but to get on board. The user's option this arena is to insure the safeguard of information shared by advocating for industry regulations, verifying privacy policies and opting in or out where allowed (including changing providers, if applicable).

The second phase of home automation comprises what you allow inside your residence. The level of integration of everyday objects into the "network" is more open to individual determination. Do you want a smart bed, smart crock pot, smart blinds? These are the decisions to be made per user, though the desire to "keep up with the Joneses" may influence the decision making process. And again, it will be up to the individual to police his shared data and to protect his residence from virtual intruders (with the same alacrity he uses for the potential physical ones).

The average person looks at home security and plans obvious things like alarm systems, locks, lights, reinforced doors, burglar bars, fences, landscaping, etc., in the modern age however, nearly every one of these things can be a smart device. (The home security industry is also an IoT early adopter.) So a person may have an internet connected security system he can monitor via his smartphone in real time. He may have smart lights, a smart doorbell, smart motion sensors all potentially feeding data to commercial purveyors. (Not all home automation is internet-connected, it can be merely mechanical or operate on a closed network if the user decides. The industry advocates IoT because it wants access to your data. Remember this.)

Because the advent of IoT is so new, many people haven't thought about securing these things. People tend to lock their doors when they leave home, yet many of those same people leave the passwords for internet-connected devices set to the default. These same people often don't consider basic security for their WiFi network. It's like leaving your door wide open. Virtual intruders are all but invited to poke around, to commandeer all those unsecured IoT devices for nefarious purposes (slave devices used in DDOS attacks, for instance), to hack into your personal computer, etc..

However, taking a few simple steps could minimize the likelihood of such a breach. First, setup a basic firewall for your WiFi Network, if you haven't already. Second, make certain that any IoT devices which connect to the internet have distinct passwords, if configurable. (If you cannot set a password, then use what settings are available for the device to limit it's ability to connect online. If all else fails, simply turn off the device and unplug it when not in use. Remember that "Always On" devices equate to vunerable points in your network.) Third, consider using a separate WiFi Network reserved only for IoT devices. (Do not use your personal computer or smartphone on this IoT network.) This way if any IoT device is compromised it does not make an easy entry point to the sensitive files held on your personal computing devices. And finally, for devices that allow it, consider going full intranet allowing devices to communicate only on a local network without an internet access point.

Remember, securing your home is your responsibility. Don't lock your doors and leave all the virtual windows wide open.

No comments:

Post a Comment