https://www.iotworldtoday.com/wp-content/themes/ioti_child/assets/images/logo/IoTWorldToday-mobile-logo.png
  • Home
  • News
    • Back
    • Roundups
  • Strategy
  • Special Reports
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Podcasts
    • Strategic Partners
    • Latest videos
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Editorial Submissions
  • Events
Iot World Today
  • NEWSLETTER
  • Home
  • News
    • Back
    • Roundups
  • Strategy
  • Special Reports
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Podcasts
    • Strategic Partners
    • Latest videos
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Editorial Submissions
  • Events
  • newsletter
  • IIoT
  • Cities
  • Energy
  • Homes/Buildings
  • Transportation/Logistics
  • Connected Health Care
  • Retail
  • AI
  • Metaverse
  • Development
  • Security
ioti.com

Security


Thinkstock

The current state of IoT security is like a time bomb.

IoT Regulation: Disarming a Ticking Security Time Bomb

The safety risks of the Internet of Things grow by the day, but regulation and self-policing both have shortcomings.
  • Written by Brian Buntz
  • 10th April 2017

On the morning of September 29, 1982, a twelve-year-old girl in the Chicago suburbs woke up feeling sick. Instead of going to school, she says home and takes a Tylenol early in the morning. She dies shortly after that. Not far away, around noon that same day, a 27-year-old postal worker takes two Tylenol and is pronounced dead a few hours later. In a sick twist, his brother and sister-in-law come to mourn his death and take pills from the same bottle, and both share his fate. Within days, a total of seven people died as investigators learn that someone had tainted Tylenol bottles throughout the Chicago area with cyanide.

The drugmaker, Johnson & Johnson, responded by orchestrating an unprecedented recall of 31 million Tylenol bottles and offering free replacements. FDA established new packaging guidelines by November and, in 1989, mandated that all over-the-counter drugs be enclosed in tamper-evident packaging—seven years after the Tylenol scare.

“When it comes to regulating the Internet of Things, I would suggest that we don’t have seven years,” says Craig Spiezle, executive director and CEO of the Online Trust Alliance (OTA) and strategic advisor to the Internet Society. The risk of failing to properly regulate IoT devices could trigger long-term consequences—similar to global warming or industrial pollution, he says.

This is no longer an online security issue but an offline safety issue, so the threats of your physical life and safety are huge now, and real harm will occur.

With IoT, internet security applies to seemingly everything—from cars to airplanes to industrial facilities to home devices. Widescale connectivity, however, invites problems. It opens up, as OTA has termed it, “a treasure chest ripe for abuse by white-collar criminals, terrorists, and state-sponsored actors.” “This is no longer an online security issue but an offline safety issue, so the threats of your physical life and safety are huge now, and real harm will occur,” Spiezle explains. “Now it is the time to build security and privacy controls into products for when they ship and update through their life.” (OTA has developed what it calls “the IoT Trust Framework,” a set of fundamental requirements for IoT devices.)

Such risks invite government intervention, as has been the case with food safety, aviation, the automobile industry, household products, and financial products. “I don’t think a ‘none-of-the-above” approach to regulation will work anymore [for IoT],” said Bruce Schneier, chief technology officer of IBM Resilient earlier this year at the RSA Conference. “The physicality of the IoT will spur governments to action. My proposal in the U.S. is I think we need a new regulatory agency,” Schneier explains. “Think of 9/11 leading to the Department of Homeland Security.”

No Perfect Security, No Perfect Privacy, and No Clear Leader

“I don't believe that any system is totally secure,” declared Matthew Broderick in the 1983 Cold War sci-fi film. Those words still apply to software security. “Bad things will happen to good companies,” Spiezle says. “No matter how hard you work to develop a secure product today, in the future, there will be a vulnerability.” With the uptick in connected objects surrounding us, the same general principle applies to privacy. And already this year, there have been several reports of everything from smart TVs to digital assistants like Amazon’s Echo to smartphones surreptitiously snooping on consumers.

While there is some amount of consumer outrage around such events, it pales in comparisons to events that result in physical injury or fatalities. “If you buy an IoT toy and it explodes, there will be repercussions,” said Bruce Schneier in a session at RSA Conference. “But if it joins a botnet and DDoSes people across the planet, no one cares.”

If you are in the refrigerator industry, you likely don’t have a good sense of issues like privacy, collection of data, and the risks involved in storing data in the cloud.

When a product poses a risk to consumers physical safety, the threat of liability is clear. But applying liability to privacy is a different matter entirely. “It is very hard to prove that somebody got hurt because their data was collected and their insurance premium went up, or they didn’t get a house loan because of their behavior throughout history,” says Olaf Kolkman, chief internet technology officer with the Internet Society.

Such matters can be as difficult for policymakers as they are for vendors. The former likely doesn’t have a clear understanding of what is possible with the latest technology. The latter group isn’t likely to think about such matters. “If you are in the refrigerator industry, you likely don’t have a good sense of issues like privacy, collection of data, and the risks involved in storing data in the cloud,” Kolkman says.

“We really need some leaders to step forward right now,” Spiezle says. But many technological vendors are fearful to step up. “They are concerned that if they come out today and say that they are committed to security and privacy, they will get beat up if something bad happens tomorrow.”

Ultimately though, there is no magic bullet when it comes to Internet of Things security. Neither the industry nor regulators are up for the job alone. “There needs to be an ongoing dialog. You have to address IoT security risks in an internet-sort-of way,” Kolkman notes. There is no central leader or central place that makes all of the regulations for the internet—instead, entities from across the internet take some responsibility to improve the system as a whole. “That means you have to act locally and organize yourself locally and have a global perspective. Keep the dialog going and nurture a sense of accountability throughout that ecosystem,” Kolkman adds.

U.S. Government Taking It Slow for Now

The prospect of regulating the Internet of Things, however, is inherently difficult given the mismatch between technology and government. In addition to the fast vs. slow dichotomy, there is also the fact that the Internet of Things tends to be a silo-busting technology. Conversely, the U.S. government is organized into discrete organizations such as the FCC, FAA, FDA, and so forth. Between the agencies, there tends to be a mixture of overlapping and non-overlapping rules, and few bureaucrats tend to be tech savvy.

There needs to be an ongoing dialog. You have to address IoT security risks in an internet-sort-of way.

In the United States, another wrinkle is President Trump’s stated rule of eliminating two regulations for every new one that is enacted. Acting Federal Trade Commission chair Maureen Ohlhausen has stated that she’d rather wait until potential IoT problems show up before regulating the industry. “We’re not saying: ‘Let’s speculate about harm five years out,’ but ‘Is there something happening that harms consumers right now or is likely to cause harm to consumers?’” Ohlhausen recently said per The Guardian. “We don’t know if that risk will materialize. It may well materialize, but a solution may materialize at the same time.”

But at present, many observers are pleading that the U.S. government step in and regulate connected devices. “IoT Security must be treated by the Trump administration and regulators as a national security threat,” says Dilip Sarangan, IoT global research director at Frost & Sullivan. “Currently, there are billions of devices that communicate with each other over the Internet. While cellular carriers, network infrastructure vendors and large companies in IoT have taken measures to secure their networks, there are thousands of developers creating IoT applications and hardware that do not adhere to these guidelines. The only way to secure devices is to establish standards for developing and securing hardware coupled with stringent security measures from the various federal agencies,” Sarangan concludes.

Over the past few months, a variety of federal agencies has issued guidelines related to securing the Internet of Things. “However, it is critical for these federal agencies to move things one step further and develop regulations that put the onus of securing IoT devices on developers, networking companies, and systems integrators,” Sarangan notes. “This step would ensure that large vendors work together to develop standards that ensure IoT device security and eliminate the weak link in the chain.”

For the time being, however, there are regular reminders of the risks posed by connected devices, ranging from hacked vehicles, transit stations, airplanes, industrial facilities, and botnets that can bring down swaths of the internet. Just this past weekend, someone hacked into all 156 of the emergency weather sirens in Dallas, TX. The sirens blared for an hour and a half, kicking off 18 minutes before midnight. Though a reminder of the havoc hackers can do with connected municipal devices, it was at least a false alarm.

Tags: Article Security Technologies News

Related Content


  • Caltech campus
    Robots Could Gain Sense of Touch, With New Artificial Skin
    New design can help businesses determine the presence of hazardous materials, offer greater safety for workers
  • Clearview AI Fined $9.4M Over Facial Data Scraping
    The company was ordered to delete any data it held on U.K. citizens.
  • Microsoft Ramping up Cybersecurity Service Offerings
    Three new managed services will boost the company’s presence in the security space
  • IoT Product Roundup
    IoT Product Roundup: PTC, Nokia, Arm and More
    All the latest Internet of Things products

Leave a comment Cancel reply

-or-

Log in with your IoT World Today account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest News

  • Microsoft Extends Secured-Core Program to IoT Devices
  • Spot the Robot Dog Helps Police Ahead of Boston’s Fourth of July Celebration
  • Unmanned Robotic Combat Vehicle Being Tested
  • Image shows a Close up of lens on black background
    Carnegie Mellon Researchers Invent System to Find Hidden Cameras

Roundups

View all

IoT Product Roundup: Canonical, InfluxData, Wiliot and More

23rd June 2022

IoT Product Roundup: Cisco, Telit, Draganfly and More

9th June 2022

IoT Deals, Partnerships Roundup: Google, Arm, Senet and More

26th May 2022

White Papers

View all

The Role of Manufacturing Technology in Continuous Improvement Ebook

6th April 2022

IIoT Platform Trends for Manufacturing in 2022

6th April 2022

Latest Videos

View all
Image shows Unilever's Alberto Prado at AI Summit 2022 in London

AI Summit 2022: Unilever’s Alberto Prado

Prado talks about how Unilever is using AI to accelerate the speed of new discoveries and gives them access to more breakthrough innovation

Image Shows John Lewis' Barry Panai at AI Summit London 2022

AI Summit 2022: John Lewis’ Barry Panayi on AI in Retail

Panayi talks about data and AI in retail and how individuals and the technology can work together

E-books

View all

How Remote Access Helps Enterprises Improve IT Service and Employee Satisfaction

12th January 2022

An Integrated Approach to IoT Security

6th November 2020

Webinars

View all

Rethinking the Database in the IoT Era

18th May 2022

Jumpstarting Industrial IoT solutions with an edge data management platform

12th May 2022

AI led Digital Transformation of Manufacturing: Time is NOW

9th December 2021

Special Reports

View all

Omdia’s Smart Home Market Dynamics Report

7th January 2022

Cybersecurity Protection Increasingly Depends on Machine Learning

28th October 2020

IoT Security Best Practices for Industry and Enterprise

20th October 2020

Twitter

IoTWorldToday, IoTWorldSeries

IoT Product Roundup: Nokia, Energous, Dashbot and more dlvr.it/STRKDh https://t.co/YgTAI5SXSB

6th July 2022
IoTWorldToday, IoTWorldSeries

A new #IoT bug monitoring system from @CENSIS121 is helping the UK’s #forestry industry fight pests, and save money… twitter.com/i/web/status/1…

6th July 2022
IoTWorldToday, IoTWorldSeries

NHTSA Boss Hints at Federally Regulating Autonomous Vehicles dlvr.it/STQrrw https://t.co/Yjp1UKuaE5

6th July 2022
IoTWorldToday, IoTWorldSeries

Nvidia Powered Driverless Three-Wheelers Set to Debut dlvr.it/STQq0H https://t.co/RrYyVPgFzB

6th July 2022
IoTWorldToday, IoTWorldSeries

New Drone System Aims for Full Autonomy dlvr.it/STQnvV https://t.co/S4O8hb6gQh

6th July 2022
IoTWorldToday, IoTWorldSeries

Bosch, VW Approved to Develop Automated Driving dlvr.it/STQllD https://t.co/neI30dVmC6

6th July 2022
IoTWorldToday, IoTWorldSeries

🤔 Looking for 3 Strategies to Avoid IoT Key Theft? We’ve got you covered! As tech companies continue to develop an… twitter.com/i/web/status/1…

5th July 2022
IoTWorldToday, IoTWorldSeries

AI Summit 2022: Unilever’s Alberto Prado dlvr.it/STMpRN https://t.co/1dyLREr8N6

5th July 2022

Newsletter

Sign up for IoT World Today newsletters: vertical industry coverage on Tuesdays and horizontal tech coverage on Thursdays.

Special Reports

Our Special Reports take an in-depth look at key topics within the IoT space. Download our latest reports.

Business Resources

Find the latest white papers and other resources from selected vendors.

Media Kit and Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • IoT World Series
  • Channel Futures
  • RISC-V
  • Dark Reading
  • ITPro Today
  • Web Hosting Talk

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Login/Register

FOLLOW IoT World Today ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X