Foreword
I was overjoyed to hear that my friend Nitesh Dhanjani was writing a book about the Internet
of Things (IoT). It’s a field that equally excites and terrifies me.
Major security breaches are near-daily events in the news. The frequency and scale of
these breaches has made us somewhat numb. As modern societies, we have come to accept
that the benefit we receive from adopting innovative technologies exceeds their cost and risk
(at least in the short term). Our collective failure to fundamentally “do something” to change
this pattern of insecurity is prima facie evidence that we value benefit over risk.
The key to this “benefit is greater than risk” equation is that the historical risks that have
manifested themselves are mostly of an intangible nature. They involve information and
money. Now, suppose the consequences were to become tangible: cities plunged into dark-
ness, medical devices killing patients, refrigerators spoiling food, drivers losing control of
cars, airplanes falling from the sky, and on and on. Would we still be as tolerant of technology
failure as we currently are?
I suspect that our concept of risk has evolved with a strong bias toward physical conse-
quences over intangible, abstract risk. This is perhaps one of the reasons that information
security risk is difficult for most people to conceptualize. I also suspect that, as information
security breaches manifest themselves physically, we will rethink the risks of the IoT.
In “the real world” there are many construction codes that define requirements for physi-
cal infrastructure, and licensed engineers and inspectors to ensure compliance and accounta-
bility. When will we reconsider what security should mean in a world saturated with billions
of connected devices?
xi