https://www.iotworldtoday.com/wp-content/themes/ioti_child/assets/images/logo/footer-logo.png
  • Home
  • News
    • Back
    • IoT World 2020 News
  • Strategy
  • Special Reports
  • Galleries
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • IoT World 2020 News
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Video / Podcasts
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Strategic Partners
  • IOT World Events
    • Back
    • Internet of Things World: San Jose
    • IoT World 2020 News
Iot World Today
  • NEWSLETTER
  • Home
  • News
    • Back
    • IoT World 2020 News
  • Strategy
  • Special Reports
  • Galleries
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • IoT World 2020 News
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Video / Podcasts
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Strategic Partners
  • IOT World Events
    • Back
    • Internet of Things World: San Jose
    • IoT World 2020 News
  • newsletter
  • IIoT
  • Cities
  • Energy
  • Homes/Buildings
  • Transportation/Logistics
  • Connected Health Care
  • Retail
  • AI
  • Architecture
  • Engineering/Development
  • Security
ioti.com

Security


Thinkstock

The current state of IoT security is like a time bomb.

IoT Regulation: Disarming a Ticking Security Time Bomb

The safety risks of the Internet of Things grow by the day, but regulation and self-policing both have shortcomings.
  • Written by Brian Buntz
  • 11th April 2017

On the morning of September 29, 1982, a twelve-year-old girl in the Chicago suburbs woke up feeling sick. Instead of going to school, she says home and takes a Tylenol early in the morning. She dies shortly after that. Not far away, around noon that same day, a 27-year-old postal worker takes two Tylenol and is pronounced dead a few hours later. In a sick twist, his brother and sister-in-law come to mourn his death and take pills from the same bottle, and both share his fate. Within days, a total of seven people died as investigators learn that someone had tainted Tylenol bottles throughout the Chicago area with cyanide.

The drugmaker, Johnson & Johnson, responded by orchestrating an unprecedented recall of 31 million Tylenol bottles and offering free replacements. FDA established new packaging guidelines by November and, in 1989, mandated that all over-the-counter drugs be enclosed in tamper-evident packaging—seven years after the Tylenol scare.

“When it comes to regulating the Internet of Things, I would suggest that we don’t have seven years,” says Craig Spiezle, executive director and CEO of the Online Trust Alliance (OTA) and strategic advisor to the Internet Society. The risk of failing to properly regulate IoT devices could trigger long-term consequences—similar to global warming or industrial pollution, he says.

This is no longer an online security issue but an offline safety issue, so the threats of your physical life and safety are huge now, and real harm will occur.

With IoT, internet security applies to seemingly everything—from cars to airplanes to industrial facilities to home devices. Widescale connectivity, however, invites problems. It opens up, as OTA has termed it, “a treasure chest ripe for abuse by white-collar criminals, terrorists, and state-sponsored actors.” “This is no longer an online security issue but an offline safety issue, so the threats of your physical life and safety are huge now, and real harm will occur,” Spiezle explains. “Now it is the time to build security and privacy controls into products for when they ship and update through their life.” (OTA has developed what it calls “the IoT Trust Framework,” a set of fundamental requirements for IoT devices.)

Such risks invite government intervention, as has been the case with food safety, aviation, the automobile industry, household products, and financial products. “I don’t think a ‘none-of-the-above” approach to regulation will work anymore [for IoT],” said Bruce Schneier, chief technology officer of IBM Resilient earlier this year at the RSA Conference. “The physicality of the IoT will spur governments to action. My proposal in the U.S. is I think we need a new regulatory agency,” Schneier explains. “Think of 9/11 leading to the Department of Homeland Security.”

No Perfect Security, No Perfect Privacy, and No Clear Leader

“I don't believe that any system is totally secure,” declared Matthew Broderick in the 1983 Cold War sci-fi film. Those words still apply to software security. “Bad things will happen to good companies,” Spiezle says. “No matter how hard you work to develop a secure product today, in the future, there will be a vulnerability.” With the uptick in connected objects surrounding us, the same general principle applies to privacy. And already this year, there have been several reports of everything from smart TVs to digital assistants like Amazon’s Echo to smartphones surreptitiously snooping on consumers.

While there is some amount of consumer outrage around such events, it pales in comparisons to events that result in physical injury or fatalities. “If you buy an IoT toy and it explodes, there will be repercussions,” said Bruce Schneier in a session at RSA Conference. “But if it joins a botnet and DDoSes people across the planet, no one cares.”

If you are in the refrigerator industry, you likely don’t have a good sense of issues like privacy, collection of data, and the risks involved in storing data in the cloud.

When a product poses a risk to consumers physical safety, the threat of liability is clear. But applying liability to privacy is a different matter entirely. “It is very hard to prove that somebody got hurt because their data was collected and their insurance premium went up, or they didn’t get a house loan because of their behavior throughout history,” says Olaf Kolkman, chief internet technology officer with the Internet Society.

Such matters can be as difficult for policymakers as they are for vendors. The former likely doesn’t have a clear understanding of what is possible with the latest technology. The latter group isn’t likely to think about such matters. “If you are in the refrigerator industry, you likely don’t have a good sense of issues like privacy, collection of data, and the risks involved in storing data in the cloud,” Kolkman says.

“We really need some leaders to step forward right now,” Spiezle says. But many technological vendors are fearful to step up. “They are concerned that if they come out today and say that they are committed to security and privacy, they will get beat up if something bad happens tomorrow.”

Ultimately though, there is no magic bullet when it comes to Internet of Things security. Neither the industry nor regulators are up for the job alone. “There needs to be an ongoing dialog. You have to address IoT security risks in an internet-sort-of way,” Kolkman notes. There is no central leader or central place that makes all of the regulations for the internet—instead, entities from across the internet take some responsibility to improve the system as a whole. “That means you have to act locally and organize yourself locally and have a global perspective. Keep the dialog going and nurture a sense of accountability throughout that ecosystem,” Kolkman adds.

U.S. Government Taking It Slow for Now

The prospect of regulating the Internet of Things, however, is inherently difficult given the mismatch between technology and government. In addition to the fast vs. slow dichotomy, there is also the fact that the Internet of Things tends to be a silo-busting technology. Conversely, the U.S. government is organized into discrete organizations such as the FCC, FAA, FDA, and so forth. Between the agencies, there tends to be a mixture of overlapping and non-overlapping rules, and few bureaucrats tend to be tech savvy.

There needs to be an ongoing dialog. You have to address IoT security risks in an internet-sort-of way.

In the United States, another wrinkle is President Trump’s stated rule of eliminating two regulations for every new one that is enacted. Acting Federal Trade Commission chair Maureen Ohlhausen has stated that she’d rather wait until potential IoT problems show up before regulating the industry. “We’re not saying: ‘Let’s speculate about harm five years out,’ but ‘Is there something happening that harms consumers right now or is likely to cause harm to consumers?’” Ohlhausen recently said per The Guardian. “We don’t know if that risk will materialize. It may well materialize, but a solution may materialize at the same time.”

But at present, many observers are pleading that the U.S. government step in and regulate connected devices. “IoT Security must be treated by the Trump administration and regulators as a national security threat,” says Dilip Sarangan, IoT global research director at Frost & Sullivan. “Currently, there are billions of devices that communicate with each other over the Internet. While cellular carriers, network infrastructure vendors and large companies in IoT have taken measures to secure their networks, there are thousands of developers creating IoT applications and hardware that do not adhere to these guidelines. The only way to secure devices is to establish standards for developing and securing hardware coupled with stringent security measures from the various federal agencies,” Sarangan concludes.

Over the past few months, a variety of federal agencies has issued guidelines related to securing the Internet of Things. “However, it is critical for these federal agencies to move things one step further and develop regulations that put the onus of securing IoT devices on developers, networking companies, and systems integrators,” Sarangan notes. “This step would ensure that large vendors work together to develop standards that ensure IoT device security and eliminate the weak link in the chain.”

For the time being, however, there are regular reminders of the risks posed by connected devices, ranging from hacked vehicles, transit stations, airplanes, industrial facilities, and botnets that can bring down swaths of the internet. Just this past weekend, someone hacked into all 156 of the emergency weather sirens in Dallas, TX. The sirens blared for an hour and a half, kicking off 18 minutes before midnight. Though a reminder of the havoc hackers can do with connected municipal devices, it was at least a false alarm.

Tags: Article Security Technologies News

Related


  • 3d rendering of human brain on technology background
    AI Ups the Ante for IoT Cybersecurity
    Security providers in IT and OT have implemented AI, ML and other advanced technologies to make systems smarter than malicious attackers.
  • IoT security
    Protecting Your Network Against Ripple20 Vulnerabilities
    Early this year, Ripple20 wrought havoc on numerous IoT devices, given vulnerable third-party code. Here are ways to prevent your organization from the fallout.
  • IoT security
    IoT Security Trends, 2021: COVID-19 Casts Long Shadow
    While some IoT security trends in 2021 will continue trends from 2019 and 2020, COVID-19 has brought some new threats to the fore.
  • IoT security
    IoT Device Security: Risk Assessment, Hygiene Are Key
    As devices and data proliferate at the edge of the network, IT pros have encountered new challenges in securing enterprise IT systems.

Leave a comment Cancel reply

-or-

Log in with your IoT World Today account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Content

  • COVID-19 Driving Data Integration Projects in IoT
  • Intro to LynxSecure
  • Can Privacy-Preserving Machine Learning Overcome Data-Sharing Worries?
  • Cybersecurity Crisis Management During the Coronavirus Pandemic

News

View all

Private LTE Market Projected to Grow to $13 Billion

12th January 2021

IoT World Announces 2021 IoT World Advisory Board

9th December 2020

White Papers

View all

The eSIM Cookbook – Towards the Next Generation of Connected Devices

22nd February 2021

eSIM Delivers Greater Freedom for OEMs – by Beecham Research and Truphone

22nd February 2021

Special Reports

View all

Cybersecurity Protection Increasingly Depends on Machine Learning

28th October 2020

Webinars

View all

Weber’s Journey: How a Top Grill Maker Serves Up Connected Cooking

25th February 2021

From Insights to Action: Best Practices for Implementing Connected Device Security

15th December 2020

Galleries

View all

Top IoT Trends to Watch in 2020

26th January 2020

Five of the Most Promising Digital Health Technologies

14th January 2020

Industry Perspectives

View all

IoT Spending Holds Firm — Tempered by Dose of ‘IoT Pragmatism’

1st December 2020

The Great IoT Connectivity Lockdown

11th May 2020

Events

View all

IoT at the Edge

17th March 2021

Embedded IoT World 2021

28th April 2021 - 29th April 2021

IoT World 2021

2nd November 2021 - 4th November 2021

Twitter

IoTWorldToday, IoTWorldSeries

IoT Remote Monitoring Helps Enterprises Traverse COVID-19 and Beyond dlvr.it/RtZ3K5 https://t.co/owJXYf1gkO

26th February 2021
IoTWorldToday, IoTWorldSeries

Securing the Industrial Internet of Things dlvr.it/RtYfYk https://t.co/khUn79dvQD

26th February 2021
IoTWorldToday, IoTWorldSeries

📢 Announcing #EIOTWORLD sponsor, @BluetoothSIG — the global standard for simple, secure wireless connections. ➕ Le… twitter.com/i/web/status/1…

26th February 2021
IoTWorldToday, IoTWorldSeries

How IoT Devices Can Enhance the Connected Customer Experience dlvr.it/RtPcvS

24th February 2021
IoTWorldToday, IoTWorldSeries

🤝 Meet #EIOTWORLD speaker Ingo Feldner, Project Lead for Virtual #Hardware Platforms at @RobertBoschGmbH 📅 Join hi… twitter.com/i/web/status/1…

24th February 2021
IoTWorldToday, IoTWorldSeries

Developing IoT Applications with Rust: Using a Rust Development Environment dlvr.it/RtNqrk https://t.co/wOmnoz2UVT

24th February 2021
IoTWorldToday, IoTWorldSeries

Chip-Enabled Edge AI Drives Next-Gen IoT dlvr.it/RtKcMQ https://t.co/dLjBzE6Qei

23rd February 2021
IoTWorldToday, IoTWorldSeries

The eSIM Cookbook – Towards the Next Generation of Connected Devices dlvr.it/RtG5bB https://t.co/5kXa8Pnv4T

22nd February 2021

Newsletter

Sign up for IoT World Today newsletters: vertical industry coverage on Tuesdays and horizontal tech coverage on Thursdays.

Special Reports

Our Special Reports take an in-depth look at key topics within the IoT space. Download our latest reports.

Business Resources

Find the latest white papers and other resources from selected vendors.

Media Kit and Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • IoT World Series
  • Channel Futures
  • RISC-V
  • Dark Reading
  • ITPro Today
  • Web Hosting Talk

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Login/Register

FOLLOW IoT World Today ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X