Chris Crosby is CEO of Compass Datacenters.
If you’ve been paying attention, you’ve noticed that everybody is pretty darn excited about IoT. Businesses, consumers, hackers, equipment companies and cloud providers are positively giddy about the ability to track anything, at any time, from anywhere. Some of you sharper readers out there are probably asking, 'But Chris, I couldn’t help but notice that you slipped hackers in there. Why would they be so enthusiastic about IoT?'.
First, thanks for paying attention, and second, because as we’ve seen, the proliferation of IoT- enabled devices increases the potential points of entry for those bent on spoiling everyone’s good time. Since no one wants their baby monitor harnessed for malevolent activities, security has become a potential speed bump on our road to IoT nirvana, and folks are beginning to demand that someone do something about it.
US Government to the Rescue?
Naturally, a small, but growing, number of interested parties are becoming adamant that there is only one group with the strength, power, integrity, selfless disregard and proven experience in dealing with sensitive manners such as this—say it with me kids—the US Government. A desperate cry for help, that can only elicit one logical response…"Wait. What?"
Yes, ladies and gentlemen, the folks on Capitol Hill are the only ones capable of ensuring a future void of the potential for some miscreant in Belarus or Pyongyang to hijack a wireless camera watching the beer fridge in the back shed that makes sure that the local teens don’t steal any twelve packs.
These are the same guys who spent four years and $600 million to build a website that didn’t work, lost a few million personnel records to the Chinese and "discovered" a few hundred more data centers every few months as part of its data center consolidation effort. If the prospect of “government regulation” of an emerging industry leaves you less than enthused, you probably understand that this phrase roughly translates into the following sequence of events:
Phase One: A bunch of guys and gals who understand nothing about the technology (we like to call them Congress) pass a law setting up a regulatory body, or if they’re feeling really efficient, give this new responsibility to an existing regulatory agency.
Phase Two: A group of people who also don’t understand the technology (we’ll call them “regulators”) and establish security rules and requirements that everyone in the IoT industry must follow. The shorthand for this is “we do what the companies that give us the most money tell us to do to make it more difficult for new companies to compete with them.”
Phase Three: The speed of technological innovation is much faster than the regulators can deal with so regulation becomes more draconian to slow things down in order to catch up.
Phase Four: What should have happened finally does, and a group of like-minded firms and interested parties get together and develop industry standards that actually work; competition abounds and everyone, except for the hacking community, benefit from lower prices for superior equipment and functionality.
Before you get the wrong idea, I don’t think all regulation is bad. I like knowing that when I buy hamburger it’s been verified as coming from a cow and not from places and members of the animal kingdom that I’d prefer not to contemplate, for example. But when you’ve reached the point that it’s estimated that Americans pay more than $2 trillion annually in regulatory costs, things have gone just a little too far, and maybe we’ve reached the point of diminishing returns.
Cheap and Secure IoT Devices
To put this issue in practical perspective, does anyone care about Energy Star ratings for data centers? I’m terrified to think how much money was spent developing that program when we already had so much industry initiative and innovation at work. And we can only imagine the impact early government intervention might have had on industries and technologies like automobiles, home video technology, and the internet in their nascent stages. Imagine driving a car that can go no faster than a horse can run in order to preserve the livestock industry; or getting home to watch the show you taped on your BetaMax; or surfing the web to review a plethora of websites that all look and sound like PBS and NPR. Not a pretty picture.
The challenge that industry must solve is how to make IoT devices cheaply yet still secure. As usual, this most likely will come from an approach that is not associated with the devices themselves (think network based, not device based). But the fact of the matter remains that there are already a few bazillion devices that have to run their lifespan since the cat is already out of the proverbial bag.
If regulation prematurely engages, it will be device based, increase the costs of the devices (since firmware security is expensive); and, thereby, cripple adoption. But without the adoption, demand won’t drive the business need to solve the problem, and industry will be discouraged about coming up with investment for solutions. Premature regulation in the tech space kills. We should let it play out within the industry since tech has always been a shark tank in which one behemoth becomes tomorrow’s chum (anyone remember my alma mater – Nortel?).
Other than creating a job's program for a few thousand federal bureaucrats, I’m a little skeptical as to the value of government regulation of IoT at this stage of its adoption curve. I say let the government do what they do well, and let the experts in the industry develop IoT that works securely and can be quickly adapted to address newly developed intrusion methods.
Once IoT falls into the “mature industry” category, then the government can go to town on it. While I’m sure all the folks calling for government regulation have the best of intentions, remember what they say about the road to hell. If you can’t remember, I’m sure that there is a federal agency that would be more than happy to tell you what you need to do to find out.
Opinions expressed in the article above do not necessarily reflect the opinions of Data Center Knowledge and Penton.