Security vs. Innovation

Carnegie Mellon's exploration of new Internet of Things technologies pairs innovation with security research.

technology abstract

Last month, Carnegie Mellon University announced it would lead an expedition to explore new technologies for the Internet of Things (IoT). The Google-funded venture will "saturate the CMU campus with sensors and infrastructure, recruit students and other campus members to create and use novel IoT apps, and eventually expand these efforts to the wider Pittsburgh community," according to a university statement.

The project is geared toward innovation and openness, encouraging the deployment of IoT sensors across the campus and allowing anyone to participate in their use. "An early milestone will include the development of our IoT appstore, where any campus member and the larger research community will be able to develop and share an IoT script, action, multiple-sensor feed, or application easily and widely," said Anind Dey, lead investigator of the expedition and director of CMU's Human-Computer Interaction Institute. For example, researchers have already created an app called Snap2It, which allows users to connect to a printer or projector by taking a photo of it with their smartphone, and Impromptu, which accesses apps as needed for a particular location (such as a public transit app when the user is at a bus stop).

The flip side of all that innovation is the need to manage security and privacy. A second team of CMU researchers will develop "personalized privacy assistants," technology that will "help users configure the many privacy settings necessary to ensure that they retain adequate control over their data," said Norman Sadeh, a professor of computer science at CMU.  

But will that be enough? "Smart" IoT devices are notoriously dumb when it comes to security. In a recent conversation with me about cybersecurity issues in higher ed, a CISO from a major university recalled nixing a proposal for a networked vending machine because it processed credit card transactions yet did not have adequate security tech in place. The device may have seemed innovative to students, but could not stand up to PCI compliance requirements. Overall, a lack of standardized security protocols and the sheer variety of devices and sensitive data make for a complicated IoT security landscape — one the average user is ill-equipped to navigate.   

Users' lack of awareness about cybersecurity issues is a perennial problem that goes beyond the Internet of Things, as discussed in this month's feature, "Data Security in Higher Ed: A Moving Target." Not only are universities a tempting target — with "huge repositories of monetizable data," as CDW Director of Security Solutions Sadik Al-Abdulla noted — but faculty, staff and students often fail to realize that the information they have access to may be sensitive.

"People don't think a class roster is sensitive data, but it can be," Jessica States, information security officer at Fort Hays State University, told us. "They look at a list and think that nobody cares about all these names and addresses, but I look at it and think, 'Oh no!'"

With a campus full of IoT sensors and a heck of a lot of data flying around, CMU's security researchers certainly have their work cut out for them.

About the Author

Rhea Kelly is editor in chief for Campus Technology, THE Journal, and Spaces4Learning. She can be reached at [email protected].

Featured

  • Stylized illustration showing cybersecurity elements like shields, padlocks, and secure cloud icons on a neutral, minimalist digital background

    Microsoft Announces Security Advancements

    Microsoft has announced major security advancements across its product portfolio and practices. The work is part of its Secure Future Initiative (SFI), a multiyear cybersecurity transformation the company calls the largest engineering project in company history.

  • glowing futuristic laptop with a holographic screen displaying digital text

    New Turnitin Product Brings AI-Powered Tools to Students with Instructor Guardrails

    Academic integrity solution provider Turnitin has introduced Turnitin Clarity, a paid add-on for Turnitin Feedback Studio that provides a composition workspace for students with educator-guided AI assistance, AI-generated writing feedback, visibility into integrity insights, and more.

  • illustration of a football stadium with helmet on the left and laptop with ed tech icons on the right

    The 2025 NFL Draft and Ed Tech Selection: A Strategic Parallel

    In the fast-evolving landscape of collegiate football, the NFL, and higher education, one might not immediately draw connections between the 2025 NFL Draft and the selection of proper educational technology for a college campus. However, upon closer examination, both processes share striking similarities: a rigorous assessment of needs, long-term strategic impact, talent or tool evaluation, financial considerations, and adaptability to a dynamic future.

  • futuristic AI interface with glowing data streams and abstract neural network patterns

    OpenAI Launches Its Largest AI Model Yet in Research Preview

    OpenAI has announced the launch of GPT-4.5, its largest AI model to date, code-named Orion. The model, trained with more computing power and data than any previous OpenAI release, is available as a research preview to select users.