Consumer-Focused IoT Is the Root of Our Cybersecurity Issues
Jean-Pierre Abello leads global engineering R&D for the measurement of the Internet of Things and digital media as part of the thought leadership team at Nielsen, a leading global, independent measurement and data company for consumer goods, consumer behavior and media.
He also co-chairs the Privacy and Security sub-committee at the IoT Consortium. This year he gave talks at IoT World and IoT Security Summit, and was recently chosen to sit on the Advisory Board for IoT World 2017.
Where is consumer-focused IoT falling short?
Few doubt that the Internet of Things will be anything other than gargantuan, but in Abello's opinion the consumer side of IoT has a lot of catching up to do.
“The consumer side of the IoT industry will need to be much more secure than it is today,” he tells me, “before it can grow into a mainstream consumer market. Unlike the industrial side of IoT, consumer devices can generate vast amounts of personal data, with potentially significant financial and physical risk exposure for their users. As consumers' awareness of data breaches and other cybercrimes grows, they will increasingly demand higher levels of security and privacy protection, possibly even exceeding those in use on the web and mobile today.”
Does this mean consumer-focused IoT networks are the most problematic from a cybersecurity viewpoint?
“Because the consumer IoT industry is still in its infancy with relatively few products and customers, it hasn't experienced major security and privacy setbacks — yet. However, as market adoption grows, I expect we'll start to see IoT security breaches, leading to an erosion of consumer trust in these products.
“Already today, almost 20% of consumer IoT products are returned because of security fears. This could escalate rapidly if people's connected homes or cars start getting hacked on a large scale. I think the best solution is for the industry to prepare ahead of these events, and adopt defensive measures adopted by all manufacturers across the board. Because IoT devices are talking directly to each other, they vastly expand the attack surface for hackers, and no single company can solve this problem alone.”
Alleviating the threat
Does Abello or Nielsen have any insight into how the security issue poses by consumer IoT threats might eventually be solved?
“I think it will be critical for the various IoT standards organizations to make security and privacy a top priority and ensure the compliance of every product implementing those standards. Unfortunately there is so much fragmentation today in IoT standards and frameworks, that a coordinated approach remains elusive. For that reason independent advocacy groups like the IoT Consortium can play an important role in helping guide the industry towards common goals and best practices.
“Nielsen is participating at that level today, by being an active member of the IoT Consortium, and co-chairing the Privacy and Security sub-committee. My long-term goal is to help make the Internet of Things more measurable, like all of the other consumer markets, and this cannot happen without adequate protection of consumer security and privacy.”
The lack of any definitive solutions has led to an abundance of potential ones, and I asked Abello which he considered to be the most promising:
“I think as a first step we need to ensure that every IoT device has a minimal level of security, at least equivalent to what is expected on the web and mobile. Too many IoT consumer products today are either not secured at all or have very weak security.
“We also need more transparency around the collection and use of consumer data, either voluntarily or via regulation. This may pose a scalability problem however, as it will be nearly impossible to track billions of devices in an efficient manner. I think a very promising area worthy of further exploration is the potential use of blockchain, especially in combination with decentralized technologies like sidechain, to help alleviate the security scalability challenges of IoT.”
The price of failure
So, what will the ramifications be if we can't find a way to make the growing global consumer IoT network secure?
“The biggest risk, in my opinion, is that the consumer IoT market could continue to stagnate and fail to cross the chasm into the mainstream,” Abello concludes. “Consumers have already been holding back with IoT purchases and may continue to do so until common IoT security solutions and platforms they can trust are deployed industry-wide. This could mean the difference between having a very small consumer industry that mostly appeals to early adopters, and a trillion-dollar consumer IoT industry that will eventually completely transform the way people live.”