The “Internet of Everything” is coming — but what about security?

The invention of the transistor changed everything. And the subsequent development of microprocessors has transformed our lives in more ways than can be catalogued. We now take for granted that huge numbers of manufactured products have microprocessors built in — and that those microprocessors make it easy to connect to the “internet of things.”

From smart fridges that tell you when it’s time to buy milk, to cars that receive software updates via the cloud, you might think that pretty much everything that could have a microprocessor built in, does.

But you’d be wrong, of course. The fact that microprocessors are built on a substrate of rigid silicon means that they can only be mounted on rigid, flat surfaces, which is really a pretty significant limitation.

Flexible microprocessors: Coming soon

In 2021, chip maker Arm Technology announced that it had produced a microprocessor printed onto a substrate of flexible plastic. While this technology is still a long way from being commercially viable, the range of possible applications is breathtaking.

Imagine labels on food products that adjust their “best-by” date based on how the product is handled. Or chips on water pipes that detect vibrations that indicate leaks — which account for 32.6 trillion liters of lost water per year. Medical patches that adjust the rate at which they release drugs based on real-time biometric data. Packaging, products, and components that can be automatically sorted and returned to manufacturers for reuse or recycling. The possibilities for this “internet of everything” (IoE) are truly endless.

New vulnerabilities, new threats

For IT security professionals, however, all the excitement about possible applications is tempered by the question of how bad actors will seek to exploit new security vulnerabilities — and what security measures will be required to prevent such attacks.

• Data theft­ — Many IoE applications will rely on the collection and transmission of private or personal data that can be stolen and monetized by threat actors. How will we extend existing technical protections and regulatory structures to minimize this risk?
• Supply-chain attacks — Software supply-chain attacks have emerged in the past few years as a major technique for compromising applications across a broad range of targets. The possibility of hackers gaining access to a flexible-chip supplier that delivers billions of chips per year opens up vast new opportunities for mayhem, theft, and fraud.
• Sabotage — IoT attacks that target infrastructure, operational technology, and utilities via their internet connections have already become quite common. As many new categories of thing are made to interact via the internet, What new opportunities for mayhem and disruption will arise?

There’s time to prepare. Will we?

There is a general consensus that it will be quite a few years still before the IoE becomes a reality. Not only does the technology of flexible chips still need to be perfected, but it also has to become so cheap that incorporating them into existing manufacturing processes is nearly free.

That means that there is time to establish basic principles, practices, protocols, and processes for security in this coming age of ubiquitous connection. The question is, will we use the time wisely? Or will we rush headlong into the Internet of Everything and hope that new security issues can be addressed on the fly as they emerge.

History strongly suggests the latter option.