The importance of the Internet of Things and how it is bound to enrich our future lives at
home and at work is clear. We are going to have frequent conversations about the security of
IoT devices as they increasingly enter our world. As is often the case with new forms of tech-
nology, individuals and media personnel want to leverage the buzz in the industry to attract
attention. In many cases, this is well and good as it informs the public and promotes fruitful
conversation. However, in this case, not only did Smith waste the time of the board of direc-
tors, but his inability to present a well-thought-out and holistic security strategy left Acme Inc.
with no clear path to shoring up its security controls until the board is able to find and hire
another CISO to replace him.
A Case of Anger, Denial, and Self-Destruction
Consumers are starting to rely upon IoT devices in their homes and offices that are manufac-
tured by a variety of companies such as Philips, Belkin, and Samsung. Organizations like
Apple, Microsoft, SmartThings, and IFTTT are vying to create unified platforms that allow
different devices to work together and provide a seamless user experience.
IoT products in the marketplace today contain substantial security design flaws, as show-
cased in the other chapters in this book. These products are already being used by consumers
at home. This situation creates the possibility of a single point of failure leading to the com-
promise of families’ IoT ecosystems. Traditionally, software vendors have been able to issue
critical patches to quickly remediate high-risk vulnerabilities. The negative implications to end
users have typically been limited to the nuisance of having to reboot their computers to get rid
of nagging software update pop-ups.
Platforms that bring together IoT devices manufactured by different vendors speaking dif-
ferent protocols have a profound responsibility to enable patching of security issues as well as
to protect their own infrastructure from being compromised or abused, whether by external
agents or their own employees. Unlike with operating systems and apps, it may not be possi-
ble for IoT platform providers to quickly implement a security fix to a known vulnerability
without disrupting services that the users rely on for their daily activities. In this hypothetical
scenario, we will go through exactly such a situation so that we’re aware of the possibilities of
disruption that can result from lapses in security.
The Benefit of LifeThings
One great benefit of working at LifeThings was the great work culture. Even though the
startup grew from 20 employees to 1,000 in a span of nine months, the CEO upheld the
promise of maintaining a flat organization where an employee’s value was measured based on
that individual’s contributions, and not on job title.
LifeThings’s business strategy was to unify the IoT devices in homes so that consumers
didn’t have to worry about downloading a separate app for each device they bought. The com-
pany’s product was a hub that would plug into the user’s home WiFi network and detect IoT
A CASE OF ANGER, DENIAL, AND SELF-DESTRUCTION 255