I am preparing to speak on the topic of IoT and cybersecurity at the 2018 Midwest Legal Conference on Privacy and Security. My discussion outline is shared here.
A. IoT Areas of Risk:
i) Cybersecurity risks are magnified with the introduction of an exponentially larger threat surface.
ii) Threat surface is comprised of: (a) the number of devices (8 billion by 2020, according to Garner), (b) latent device vulnerability (security by design failures plus the device’s appeal to hackers), and (c) likelihood of misuse (caliber of user sophistication).
iii) Preserving security principles (confidentiality, integrity and accessibility) becomes more critical, though not every one of the three elements is equally important; rather, degree of importance becomes device dependent.
B. Role of Artificial Intelligence
i) AI powered IoT devices will enhance host device capabilities, but also increase tension with preserving security principles.
ii) The AI “Risk Ratio:” The greater the power of AI integrated into a device, the greater the probability the specific device will contain higher quality data, which elevates the risk of hacking (i.e., the specific device’s appeal to hackers tends to grow as it contains data deemed more valuable) and requires more effective protection mechanisms.
C. The Role of Computational Law Applications
i) Computational law applications stand to play a threat surface administration role.
ii) These applications can be regarded as additional device protection mechanisms.
iv) As these computational law applications become more efficient at protecting users, the concomitant reduction of attendant risk of use.