The Internet of Things (IoT) is weaving technology ever more tightly into our lives. Connecting virtually everything to the internet – from self-driving vehicles to healthcare devices such as heart-rate monitors – brings tremendous opportunities, but it also creates major safety and privacy concerns.
As the number of internet connected devices continues to rise at an exponential speed, there are sure to be more cyber-attacks which will have disastrous consequences for the general public. The recent Uber self-driving vehicle crash is a prime example of why IoT security must be an integral part of the ongoing digital revolution.
As the risks of potential cyber-attacks continue to rise, we need to ask which stakeholders have the responsibility to address security concerns. Broadly speaking, the following groups should work together to mitigate the risk of a life-changing IoT hacks:
Those making IoT devices: manufacturers will need to adopt security by design, and policy makers have a responsibility to regulate this.
Those using the IoT devices: end-user companies will need to ensure that security best practice is implemented at every level.
Developing the IoT: security by design
Developers and manufacturers
The range and sophistication of connected devices is developing at a rapid pace. Yet, many IoT developers and manufacturers are ignoring basic security best practices and protocols when designing their internet-connected devices. As manufacturers race to deliver a product to market quicker than competitors, and at a lower cost, the IoT is becoming linked to thousands of devices that have little or no in-built security.
It is essential that new products and platforms are secure by design. To protect users from harm, developers and manufacturers must make security a fundamental for the desired user experience. Security is often viewed as an add-on, instead of a core feature. Those manufacturers who prioritise cyber-security procedures into the design stage will be able to better protect their customers and end users. This will be a powerful competitive differentiator for brands as they begin to realise that their reputation can be significantly damaged as a result of basic security failures.
Governments and policy makers
Collaboration across national and international governments is vital in tackling cyber-security threats from an IoT perspective. In the UK for example, the government already holds a position of responsibility when it comes to the regulation of AI and robot technology. In fact, the Law Commission recently revealed an ambitious programme to develop legislation to promote the safe use of internet connected cars – and this is set to be ready as early as 2021. Furthermore, the government's Innovate UK agency has provided over £300,000 of funding into trials of an AI-based system designed to automate workplace safety checks.
Businesses will need to work closely with policymakers to create a dedicated framework for reliable IoT security. Once a framework is agreed, it will of course have to be policed by all IoT stakeholders. However, the challenge here will be to avoid the temptation to legislate and regulate so heavily that it hinders innovation, design and development.
Using the IoT: security in practice
With innovation fuelling more ‘smart' solutions for business, an increased number of internet connected devices are being linked to huge enterprise networks – from industrial sensors and advanced RFID tags, to beacons and connected manufacturing machines. Enterprises will therefore be major consumers of IoT devices and hugely influential in their evolution. End-user companies should implement security best practices throughout their organisations and build out strategies that make security a priority.
To achieve this, security must be a consideration at the executive and board level. Many large organisations now include a CISO, and businesses should look to further expand security expertise across leadership teams. Frequent communication between management and security personnel is essential for informed and effective decision-making among this class of stakeholder.
Securing the future of IoT
The IoT offers tremendous benefits for our everyday lives', but security has to be at the heart of this connected revolution. Failing to adopt security by design or security in practice could have catastrophic life or death consequences. Those developing and using the IoT – including hardware manufacturers, software developers, policy makers and end-user companies – all have a responsibility to achieve a safe and secure IoT. The IoT is only as strong as its weakest link, and each and every stakeholder should feel compelled to contribute what is necessary to achieve a safe and secure IoT.
Contributed by Gary Weiss, senior vice president, general manager of security, discovery, and analytics, OpenText.
*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media UK or Haymarket Media.