What door locks teach us about IoT cybersecurity

Security learning from my discussions with a locksmith.

1 2 Page 2
Page 2 of 2
  1. Find and strengthen the weakest link – Brute force techniques, whether physical or digital, will look for the easy weak link. A flimsy door lock controlled by a FIPS-140-2 standard, dual factor smartphone app is just more expensive, not more secure. Designers must keep a full systems perspective and get help from experts in both assessing and strengthening all parts of the system — particularly in areas that are new additions to either the developer or the user. 
  2. Find ways to make new protections possible. Enabling mechanical lockouts from the outside is an example of using technology to make the previously not-possible possible. Biometrics, physical proximity, and real-touch systems are already good solutions to cyber security. The opportunity for developers in both areas today is the convergence of the technology ecosystems and the new ways to work together. As Singh told us in The Code Book, the battle of code makers vs. code breakers is ongoing just as it is with locksmiths vs lock picks.  Combining the disciplines with good security fundamentals has the opportunity to give the protectors the advantage again.
  3. Add security at points where the user is not involved. “The best use of technology is the one that is invisible to the user” was a phrase my designer friend Brad Lohrding used to always say. Mechanical installation, data encryption/decryption and digital behavior tracking are good examples of security adds that are invisible to the user. The weakest link in both mechanical and information security systems is eventually the user. Users will make things convenient at the expense of security. Good security design, like good product design, uses the most appropriate technology in ways that users don’t even know.

Locksmiths and code-makers have been fighting their battles against unwanted access mostly in parallel for over six thousand years. The IoT is driving new products that are bringing the two together in the mass market worlds of door locks and smart phones.  Each can learn from the other, but consumers need the two groups to work together to make both the physical and digital worlds more secure.

Copyright © 2016 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
Learn how leading CIOs are reinventing IT. Download CIO's new Think Tank report today!