James Clapper, former director of National Intelligence of the USA, told Popular Science in 2016 that America's Greatest Threat is the Internet of Things. And the list of threats to America is not small.

The reason for this statement is that our society is so automated and optimized. Vulnerabilities in things make it possible to disrupt services, logistics, communication, energy, and the economy. It is possible to paralyze a modern society, using vulnerabilities in the systems used to make it run.

Today, hospital equipment, health devices, utilities, transport, trains, ships, cars, vans, airplanes, power plants, nuclear facilities, grocery stores, railways, motorways, harbors, and so on are to some extent automated. And they will be more so in the future, some even becoming autonomous, running without human intervention. And many of these systems contain serious vulnerabilities, sometimes known, but most often unknown to the creators, but not to cyber warriors. Many...

When the internet was created and especially the web, much effort was invested into the interconnection of machines, transmission of messages, and publication of information, and little effort was made concerning the problem of how to avoid malicious users sabotaging the network and published information. Good people will not consider the fact that bad people will share the network with them. Resilience was defined as the ability to recover from faults. This would typically mean infrastructure losses and breakdowns, which were imagined to be random events, natural disasters, or wars, which were large scale local area events. Malicious attacks, however, do not affect components randomly, or locally, but systematically and globally, and in a much more sophisticated manner. Attacks exploit vulnerabilities in the design or code, to make it do things that were never intended or imagined. As such, protection mechanisms have not naturally developed. It is difficult to develop...

So, how do we avoid repeating the same mistakes? Are these vulnerabilities and security threats an intrinsic part of the internet that we cannot counteract, and therefore we do not even try? Or are there methods that can be used to significantly improve the security in communication?

The major problem was that solutions were devised before the whole problem was understood. They wanted to find a method to transmit messages between computers in interconnected networks. They managed to do that exceedingly well. They did not consider, however, how to avoid the injection of fraudulent messages, or eavesdropping on transmitted messages. So, these were left out in the underlying protocols. As it became evident that these problems existed and posed a threat, solutions were added to solve them. But as these were aggregates, they became optional additions. They were never integrated into existing technology and made mandatory, since that would break compatibility. And...

At some point in time, you must realize that continuing this path is not a good idea. Sometimes, you must throw away the old, even though it has served you well, and begin anew. When the weight of the legacy outweighs the benefits of continuing as usual, it's time to look at new options. And with the introduction of the Internet of Things, this is happening.

We have looked at several of the new options in this book. We've looked at new communication patterns and introduced new protocols. When designing a solution, you have the option of using a new type of technology. But take care to avoid repeating the same mistakes that others have done before you: don't be satisfied with a technology only because it solves your immediate problem quickly and rapidly and hope you can always do adjustments as requirements appear. Even though modern development processes encourage this mode of thinking, erroneously calling it agile, it is not a wise choice for the long run....

Regardless of whether you want it or not, if you're designing something for the Internet of Things, you must lay the foundation for it at the beginning. At the core of the foundation lies communication (among other things). Throughout the chapters, we've seen that protocols such as MQTT and HTTP, while they are easy to use, form a very bad foundation for interconnected things on the internet. While there are applications where they can be used, such as secondary web interfaces (HTTP) and local distributions of data (MQTT), for interoperability and exchange of data between devices on the internet, they are poor options. The amount of vulnerabilities you need to protect against, as well as the lack of communication pattern support, greatly outweighs using another protocol. CoAP with LWM2M might be a good choice, but only if the topology remains fixed, and if data collection and centralized processing is your main (or only) mode of communication. It's also a very poor...

It is difficult to master all the technologies that exist concerning data protection. It is furthermore, a field that is in constant flux as new vulnerabilities are found. By choosing a good underlying foundation for your project, such as XMPP, you get a technology that helps you with many of the underlying risks — but not all. You will still need to understand the basics of data protection and cyber security. To cover this field meaningfully would require multiple books and is beyond the scope of this book. In this chapter, however, you will be presented by a very brief overview of technologies you should be familiar with, to the point of knowing how they work, what problems they solve, and when to use them.

In this chapter, you've been introduced to some of the risks involved in creating solutions for the Internet of Things. The goal has not been to dissuade you from doing so, but to prepare you, so that you know how to protect your solutions from common forms of attack. You've learned why security for the IoT is so important, how vulnerable smart societies are, and how design choices affect the security of your solutions. You've also been given an overview of some common forms of attacks and how to protect your systems from common vulnerabilities. In the next chapter, we will discuss privacy and how it affects the Internet of Things.