Dr. Richard Waters is an entrepreneur and a former Google Senior Staff Hardware Engineer. Previously, he was co-founder and CTO of micro-electromechanical systems (MEMS) inertial sensing developer Lumedyne Technologies Inc. before he and his team sold the company. Dr. Waters also held numerous technical positions at the Space and Naval Warfare (SPAWAR) Systems Center, San Diego, focusing on advanced electronics and sensor design. He currently has 24 issued patents and 25 pending patents in the area of device physics and MEMS.
“Secure key management, such as the technique used by FHOOSH, is critically important at the sensor level.”
Q: What drives your interest in cybersecurity as it relates to IoT and sensor information?
A: Having been involved with sensor / device development for the past 20 years, I have been keenly aware of the desire to proliferate the deployment of a plethora of sensor types into both commercial and military applications. The end goal is the creation of an environment where a deployed sensor, representing itself by a unique IP address, becomes greater by connecting to surrounding objects / sensors and the extensive data flowing around it. This environment, the so-called Internet of Things or IoT, creates an intelligent framework to use simple data and create useable intelligence. IoT includes not only laptops, tablets and phones but also other sensor types that may include a “smart mode,” thus allowing local points of intelligence based on internal states and the external environment. These other sensor types may include, but are not limited to, acceleration / vibration, acoustic, chemical / gas, electric / magnetic, pressure, temperature, motion / velocity / displacement, position / presence / proximity and flow sensors. As the IoT grows there will be more personal information, business data, and data of importance to National Security that is stored in the cloud that could be accessed and/or manipulated by others. How all of this data will be protected has always been a key question in my mind as both a developer of sensors and as an individual interested in securing my own personal data.
Q: What is your take on integrated security at the endpoint / device level?
A: Including integrated security at the device level is a must-have. Security is something that must be built into every level of a secure system and protecting data at its origin, i.e. the sensor, is key. If data were not protected at the device level, the job of would-be hackers is made that much easier by exploiting vulnerabilities on the outer layer of the “presumed” secure system. Once a hacker has access to fundamental data originating from the sensor, the data could be manipulated and/or the sharing of data controlled such that local “smart” systems are arriving at inaccurate decisions, thus compromising not only security but also safety. As the IoT continues to expand this may include the ability for hackers to control/manipulate the nation’s food supply, flow of traffic including not only traffic lights but vehicles themselves, and the flow of electrical power to the grid to name just a few. Protection of data from the IoT becomes not only a personal or business-related concern, but also one of National Security.
Q: What do you see as the biggest opportunities for FHOOSH?
A: Secure key management, such as the technique used by FHOOSH, is critically important at the sensor level. Key management goes beyond who can access your personal information such as medical and bank information, credit history, etc. Key management also extends all the way down to the “smart” sensor level where it becomes critically important that any given “smart” sensor is sharing/receiving information with/from only other verifiable and trusted sensors or objects within the IoT. Creating a widely adopted security standard at the sensor level that includes both data and key management security is absolutely critical as the IoT continues to expand to over 50 billion connected devices by 2020.