Information is power, the saying goes. These days, information is also money.

So perhaps after hearing that “if you’re not paying for the product, you are the product” for a decade or more, consumers are starting to get more savvy about the reality of Big Data — that the data they generate in their increasingly connected lives is, collectively, worth very big bucks. Also that it can be very invasive to their personal privacy.

Which could explain, at least in part, why Massachusetts voters went 3–1 on Election Day in favor of an expanded “Right to Repair” law that will give them ownership and at least a measure of control over the streams of data they generate every time they use their car. …

When it comes to evaluating risk, context may not be everything, but it’s a very big thing. That has been apparent for months now regarding the coronavirus pandemic. The same virus is not the same threat to everybody. While COVID-19 can kill anybody, the risk to an 80-year-old with asthma is vastly greater than it is to a healthy high-schooler.

Context applies to risks caused by vulnerabilities in connected medical devices as well. …

That classic cliché “It’s difficult to make predictions, especially about the future,” has been attributed to a list of humorists ranging from Mark Twain to Yogi Berra.

But it’s true of just about everything, including the vast and explosively growing Internet of Things (IoT). Nobody really knows what it will look like or how it will work (or not work) a decade from now, even though the focus of this, the final week of National Cybersecurity Awareness Month (NCSAM) is: The future of connected devices.

A few things are relatively easy to predict, though. Barring some kind of cosmic upheaval or meltdown, one element of the future of connected devices is that there will be more of them — billions and billions more — as the IoT continues to morph into the IoE, the Internet of Everything. Just since 2018, the IoT has ballooned from about 7 billion devices to more than 30 billion. …

Medical devices are among the greatest healthcare achievements of modern times. For millions of people, they improve both the quality and length of life.

But when they are connected to the internet, as millions are, malicious hackers could turn those healing tools into lethal weapons or leverage for ransom or blackmail.

One of the most prominent examples of that risk is former U.S. Vice President Dick Cheney, who famously had the wireless capabilities in his pacemaker disabled due to the threat of possible assassination attempts. He told a national audience about it on CBS’s “60 Minutes,” in 2013.

But even today, while threats like that are considered rare, they still exist. That’s because most devices in use, while built to work properly for years — even decades — weren’t designed to be connected. They weren’t built with cybersecurity in mind. …

As most of us know by now, the devices in our homes and workplaces are also portals — digital windows to the world. That’s especially true for those with cutting-edge smart homes where everything from appliances to power tools, lights, thermostats, and door locks are part of the vast Internet of Things (IoT).

But even those whose homes aren’t “smart” are almost certainly connected. Most have a router through which the occupants communicate with others, get their entertainment, education, some healthcare, and who knows how many other conveniences and services through apps on their smartphones.

Unfortunately, those digital windows are, in many cases, broken. The devices that make up a smart home, or even an average home with a few computer games and a dozen or so apps on a phone, offer access to criminal hackers if they aren’t secure. …

“If you connect it, protect it.”

That is the exhortation for this, the inaugural week of National Cyber Security Awareness Month (NCSAM), the overall theme of which is, “Do Your Part. #BeCyberSmart.”

NCSAM, an initiative by the federal Cybersecurity & Infrastructure Security Agency, within the Department of Homeland Security, is now in its 17th year and, sadly, more necessary than ever.

Protecting connected devices (which remain rampantly insecure) is a laudable goal. I just have a small quibble with the Week 1 slogan — it implies that there is still an “if” about connecting. The Internet of Things (IoT), now numbering somewhere in the 30-billion range, is rapidly becoming the Internet of Everything (IoE). …

Good news: The U.S. House of Representatives just passed the Internet of Things (IoT) Cybersecurity Improvement Act of 2019.

Good because if any ubiquitous element of modern life needs improvement, it’s the security of the IoT, which is rapidly becoming the Internet of Everything and which is notoriously insecure. Blogger, activist, and author Cory Doctorow famously called it the “Internet of Sh — .”

The vast and endlessly growing IoT is the biggest attack surface in the world. And when hackers can compromise some of those devices there can be physical consequences — a “smart” home security system disabled, utility services interrupted, a vehicle or a connected medical device under the control of an attacker. …

If you’re a human, you should care about software — a lot. Which is why you should care about the Building Security In Maturity Model (BSIMM), an annual report that tracks the evolution of software security.

First a disclaimer: I write for the Synopsys Software Integrity Group, which produces the BSIMM. But I’d write about it anyway — there’s nothing like it out there that offers a free roadmap to better software security.

Which is important because software — those billions of lines of code that look like gibberish to most of us — is behind just about everything made by people. …