IoT security: are we
finally turning the corner?
Better IoT security and
data protection are long overdue. Will they go grom an afterthought to everyone’s
priority any time soon?
Tony Anscombe
This growth, in part, can be attributed to increased availability of bandwidth and new generations of mobile connectivity. The implementation of 5G networks provides superior reliability with negligible latency and will extend and empower a new wave of opportunity and innovation for connected devices. The impact is likely to be witnessed in every industry: healthcare, agriculture, logistics, transportation, you name it… in fact, it’s difficult to think of an industry that will not benefit from the advanced communication that 5G offers.
Internet and Things
Today though, take a walk
down the street; the growth of consumer connected devices is there to
see, connected
doorbells, home-security
systems, connected cars and people jogging past with their smart
watches and fitness trackers, through to solar panels with real-time energy efficiency monitors. It
is not only consumers automating and adopting technology for convenience
though; the cities we live in are also turning to technology to offer services, bike and scooter rental
stations, automated visitor kiosks and such like.
Industry and infrastructure are also on board. Industrial washing machines, pumps, carts, traffic monitoring and pollution sensors demonstrate that devices once considered off-grid are now being connected with sensors to gather real-time data to monitor environment, functionality and performance. Connected device innovation is at the heart of virtually every industry.
RELATED READING: Privacy by Design: Can you create a safe smart home?
This overwhelming use of
technology in every industry and every corner of life creates a massive
opportunity for cybercriminals to take advantage of, as was demonstrated in
2016 by the Mirai botnet that used hundreds of thousands of IoT devices to
launch a distributed
denial-of-service (DDoS) attack on the DNS servers, bringing large parts of the internet to a
standstill. As the number of connected devices grows, then the opportunity for
abuse unfortunately grows with it.
If a device is connected, it’s most probably collecting data. In the case of consumers, this could be personal sensitive data about sleeping habits, health, eating and the resulting need to secure the wealth of data being collected by all devices needs to be at the forefront of users’ thoughts when purchasing devices and vendors when developing them.
Getting ahead of the curve
Legislators and governments
are taking action to help ensure privacy and security, the European Union’s
General Data Protection Regulation (GDPR) and the California Consumer Privacy
Act (CCPA) are examples requiring vendors to seek permission to collect data
and to provide adequate security to protect it.
There’s also regulation starting to appear that requires some minimum security standards for IoT devices. California, for example, requires every device to have a unique password out of the box and for it to only collect the data required to complete its advertised function. The UK government has also unveiled a proposed law to secure IoT devices, including by mandating that manufacturers state clearly for how long security updates will be made available.
As regulators attempt to grapple with the fast-moving environment of connected devices technology, it also falls on us as either the direct or indirect consumer of these services to ensure that our privacy and security are maintained and respected throughout. In the last year we have seen public pressure pause the implementation of technologies like facial recognition when implemented in public places as part of this vast connected devices rollout, with the reason being racial bias and inaccurate results.
It’s our duty as the gatekeepers for the next generation to ensure that future technology, including connected devices, is used in an acceptable way.