Chapter 9. Two Scenarios—Intentions and Outcomes

We now have a solid foundation for understanding the security issues pertaining to a range of IoT devices in the market today, as well as the impact that security vulnerabilities can have on IoT device manufacturers and the lives of people using the devices. We have also studied the process of coming up with an idea for an IoT product and building in the right security controls early on, starting from the prototyping stage. At this point, we have a good sense of how to measure risk by marrying our understanding of gaps in security controls and of how threat agents are likely to take advantage of them.

In addition to understanding security controls, it is important to realize that security incidents, when viewed holistically, are greatly influenced by the individuals who are involved and how those individuals choose to react to the situations at hand.

In this chapter, we will take a look at two different scenarios to gain an appreciation of how people can influence security incidents. In the first scenario, we will examine how an executive at a large corporation attempts to leverage the buzz surrounding the topic of IoT security with the hope that it will impress the board of directors. In the second scenario, we will look at how an up-and-coming IoT service provider chooses to engage with and respond to researchers and journalists, with the intention of preserving the integrity of its business. The goal of this chapter is to illustrate ...