Insider Brief
- Arthur Herman argues in National Interest that the Internet of Things (IoT), while enhancing connectivity and convenience, poses serious cybersecurity risks and potential national security threats.
- Herman highlights concerns over IoT devices from foreign manufacturers, suggesting that their vulnerabilities could allow adversaries to collect data or disrupt infrastructure.
- To address these risks, he recommends a multi-layered security strategy, combining conventional cybersecurity with distributed ledger technology (DLT) and emerging quantum cryptography to protect IoT networks from future attacks.
In September 2024, Israel made headlines when a covert operation targeted Hezbollah operatives by exploiting their electronic devices. Thousands of pagers and walkie-talkies, used by Hezbollah members, were rigged with explosives and detonated remotely, resulting in significant casualties. The operation also globally raised concerns about the security of interconnected devices.
Arthur Herman, Senior Fellow at the Hudson Institute, points out in a recent piece in The National Interest that, from smartphones to power grid sensors, IoT is a double-edged sword, enhancing convenience while presenting significant cybersecurity threats. With billions of IoT devices projected to be online by 2030, the concern is whether these gadgets could turn from helpful tools to sources of cyber vulnerabilities.
Herman argues that managing IoT risks will require a combination of conventional cybersecurity, distributed ledger technology (DLT) and — as each headline of quantum advances indicate — the latest in quantum cryptography.
The Expanding World of IoT and Its Risks
IoT includes everything from “smart” home appliances to industrial sensors, drones and GPS systems in vehicles, according to Herman.
Herman writes: “Businesses have learned to use interconnected devices to track goods moving from inventory to customers. Factories use them to monitor production, and farmers use them to automate irrigation and check on livestock. They’ve become a daily part of our lives, from “smart” heating and air conditioning and Pelaton workout gear to robot vacuum cleaners—not to mention commercially made drones.”
With connectivity comes the risk that each device could be compromised and used to collect sensitive information or disrupt critical services. While IoT devices streamline daily operations in businesses, agriculture and even security, Herman warns that they are often deployed with minimal built-in security features. This lack of security makes them easy targets for cyber-attacks, particularly if they originate from companies with ties to foreign powers.
The Potential Threat from Adversarial Nations
Herman cites Israel’s recent exploit targeting Hezbollah discussed above as an example of the vulnerabilities of using devices that are sourced from foreign manufacturers that may have direct or indirect ties to governments with adversarial intentions. Herman mentions that Chinese-made drones, widely used in the U.S., have raised similar concerns, prompting the House of Representatives to pass restrictions. He notes that the risks of unmonitored IoT devices could go beyond data leaks, potentially allowing bad actors to cause physical harm or even chaos on U.S. soil.
Three Key Strategies For Strengthening IoT Security
Herman outlines three priorities that the U.S. government and private sector should consider to manage IoT risks. First, he stresses the need to monitor where IoT devices are produced and where their components come from, suggesting that “reshoring” production to trusted countries could help mitigate security concerns. Secondly, he calls for a comprehensive IoT cybersecurity strategy focused on defending the networks supporting these devices. While standard cybersecurity methods are essential, Herman warns they may be insufficient to handle the ever-increasing number of IoT connections.
Finally, to address the IoT security challenge more effectively, Herman suggests using DLT-based encryption (similar to that used in cryptocurrencies) as a potential layer of defense. While DLT provides a secure way to insulate users, its encryption needs significant data storage capacity, which can be challenging for smaller IoT devices to support.
Quantum Technology as the Next Frontier
However, the ultimate future of IoT security, Herman argues, may lie in the emerging field of quantum cryptography. Quantum technology, which uses principles of quantum mechanics, offers new ways to secure communications. Quantum-based encryption could create communication links that are nearly unhackable, offering a critical layer of protection for IoT networks. Herman points to developments like quantum random number generators, which are small enough to be incorporated into devices and capable of creating constantly changing encryption keys. This approach would enable secure, real-time communication that is extremely difficult for hackers to breach.
As Herman notes, Samsung has already integrated a quantum random number generator into its 5G smartphones, showing that this technology is becoming feasible on a commercial scale. The hope is that widespread adoption of quantum cryptography could make IoT networks much safer by adding a layer of physical security to data encryption. This approach would give the U.S. an edge in protecting its data networks, Herman explains, especially as China has already begun to adopt similar technologies.
Quantum’s Advantages and the Path Forward
While quantum technology is promising, Herman emphasizes that there is no “one-size-fits-all” solution to IoT security. Conventional cybersecurity methods remain necessary, as do emerging tools like DLT and the latest quantum-based encryption. Herman advocates for a multi-layered approach combining these methods to create a resilient security framework.
As Herman suggests, moving IoT networks to a multi-layered security model could help prevent scenarios where these devices, designed to improve our lives, instead become threats. He warns that without serious attention to security, the IoT could become a cybersecurity “nightmare.”
“The fact is, there is no single solution to dealing with the future security risks associated with IoT,” Herman writes. “Instead, government and industry will require a multi-layered approach, from conventional cybersecurity to DLT and quantum cryptography, in order to avoid having the IoT universe become a cyber nightmare. Connectivity in the age of the Internet is a blessing, but it’s also a risk—a risk we don’t want, like the Hezbollah pagers, to blow up in our faces.”
Arthur Herman, in addition to being the Senior Fellow at the Hudson Institute, serves as the Director of the Quantum Alliance Initiative. He is the author of numerous books, including Freedom’s Forge: How American Business Produced Victory in World War II.