https://www.iotworldtoday.com/wp-content/themes/ioti_child/assets/images/logo/footer-logo.png
  • Home
  • News
    • Back
    • IoT World 2020 News
  • Strategy
  • Special Reports
  • Galleries
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • IoT World 2020 News
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Video / Podcasts
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Strategic Partners
  • IOT World Events
    • Back
    • Internet of Things World: San Jose
    • IoT World 2020 News
Iot World Today
  • NEWSLETTER
  • Home
  • News
    • Back
    • IoT World 2020 News
  • Strategy
  • Special Reports
  • Galleries
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • IoT World 2020 News
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Video / Podcasts
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Strategic Partners
  • IOT World Events
    • Back
    • Internet of Things World: San Jose
    • IoT World 2020 News
  • newsletter
  • IIoT
  • Cities
  • Energy
  • Homes/Buildings
  • Transportation/Logistics
  • Connected Health Care
  • Retail
  • AI
  • Architecture
  • Engineering/Development
  • Security
ioti.com

Security


Getty Images

IoT security

New International Laws Pose New IoT Security Questions

Security has long been a thorn in the side of IoT. But what are the ramifications of the uptick in nations aiming to control data flow within their borders? 
  • Written by Brian Buntz
  • 30th July 2019

In effect since May 2018, General Data Protection Regulation (GDPR) has forced companies across the world to rethink their approach to data governance. In the past year, the law has drawn fines from companies like British Airways and Google. The legislation has also had a range of IoT-related ramifications related to data storage on devices ranging from surveillance cameras to smart speakers.

Four recent laws have a similar global impact. Russia passed the Sovereign Internet Law to create an independent Russian web while also requiring internet providers to install devices to filter traffic. A new law in Vietnam requires companies to submit user data to the government when asked. It also stipulates that international companies doing business there open a local office. In addition, recent Chinese legislation also would require network operators to turn over data to the government upon request. Finally, an anti-encryption law in Australia also requires entities in Australia to hand over data if asked or face a fine of A$10 million (roughly $7.3 million USD) for noncompliant institutions. 

“All of these nations are creating new laws to control the flow of data within their borders. And as a result, we see huge global implications,” said Charity Wright, cyber threat intelligence analyst at IntSights Cyber Intelligence. “I compare it to tectonic plates. As these laws are changing, so is the broader cyber threat landscape,” added Wright, a former NSA and U.S. Army cyber threat intelligence analyst.

In the following Q&A, Wright discusses this new legislation and its potential IoT security ramifications, along with the impact of governments censoring the internet and bringing it under government control. 

What can you tell me about what is happening in Vietnam in terms of cybersecurity?

Charity WrightVietnam is quite an interesting nation to watch right now, especially with so much economic growth and government activity. 

The regime in Vietnam is an adversary of China, but I think they’re mimicking China’s method of economic growth and how to develop a cyber operations group.

In June 2018, the Vietnamese National Assembly passed a new cybersecurity law requiring tech companies to open offices in Vietnam. It also stipulates they store local user data in Vietnam, and hand over any information that the government requests. Finally, it also enforces censorship of social media. They’ve given internet companies a year to comply. We’re watching to see what big tech companies, ISPs and social media giants do. Are they going to stay in Vietnam and abide by the rules, or will they try to negotiate the rules, or are they just going to leave?

A big part of this cyber law in Vietnam is they have created this big cyber offensive unit called Force 47. And rumor has it that it’s over 10,000 members strong. Their job is to combat views that go against the government and anything the communist regime thinks is inappropriate or toxic. 

We think that Force 47 might be OceanLotus, which is a major Vietnamese advanced persistent threat group that has been very active in the past year. Force 47 has conducted cyber-espionage campaigns that serve to the benefit of the Vietnamese government. 

So one example of that is last year, Toyota was attacked with a cyber espionage campaign. [The Vietnamese private automotive startup manufacturer] VinFast is due to present its first vehicle this year. Many researchers are guessing that OceanLotus stole industry secrets because of the economic growth that it will bring to Vietnam. 

Other than the creation of Force 47, one of the implications we’ve seen is the business risk for foreign companies operating inside Vietnam. They have to weigh the risks and benefits of operating within Vietnam. Continuing business operations in the country may result in a data compromise. Such a compromise could potentially relate to internal proprietary data and also customer data, which can be subpoenaed by the government and taken at any time. 

What would you recommend to foreign businesses interested in doing business in Vietnam? 

Consider the cost of increasing data storage in the country. It’s going to be a great cost for infrastructure. Another consideration is: Will I be forced to install back doors on applications that our customers or employees are using? 

Companies should communicate clearly with legal counsel in Vietnam who understand this new law and understand the regime, and what will be expected of them. 

I would caution them to be very careful about what third parties are doing business with because the Vietnamese government has many adversaries in that region. They don’t play games when it comes to doing business with foreigners. I’d recommend paying attention to the geopolitical climate. It’s important to be cautious about third-party risk. It may increase the likelihood of the Vietnamese regime asking for data, or subpoenas of certain information for intelligence purposes. 

And the third recommendation I would make would be to always be cautious with what you post on social media. It is going to be censored by the government. Never speak out against them.

Can you shed some light on the quote “If you open the window, both fresh air and flies will be blown in” from Deng Xiaoping, Chairman Mao’s successor? How does that relate to China’s most recent cybersecurity laws?

Deng Xiaoping was the leader of China until his retirement in 1992. And he was one of the main political figures who was responsible for opening up China in many ways, especially economically. That quote about fresh air applied to the economy. But it’s very much how the Communist Party has managed their internet as well. They understand the internet is a primary source for economic growth relating to doing business and managing the data flowing in and out of their businesses.

The Made in China 2025 initiative seeks to establish China as a leader in advanced industries such as the health care and aerospace fields. What is the risk to industries targeted by the Chinese government?

I don’t have much of an opinion about their economic moves right now. They do, however, use cyber espionage as their primary source for technological development. They have never been great at developing their own or getting ahead of the competition with their technology. So they tend to steal secrets from around the world, and then they try to introduce the technology in question to the market before the competition. 

China has a plethora of engineers and science and engineering graduates, so it will be interesting to see how domestic engineering evolves as the country invests in advanced manufacturing. 

Yes, it’s incredible. China has so many very intelligent people and organizations.

Made in China 2025 is an interesting concept in its aim to produce higher quality, premium products. I’d be interested to see if they will work to make brand names stand out. In the past, they have tended to prefer highlighting the country rather than a single person or brand. That’s part of their culture.

A theme related to IoT security is China’s use of video surveillance and facial recognition. What’s your take on the use of those technologies in the country?

China has the most advanced facial recognition software in the world right now. And they’re using it specifically for securing the state. They’re saying the reason is to prevent terrorism and criminal activity. But it’s also being used to enforce laws and this new social credit system that they’ve created. 

What can you tell me about China’s social credit system? 

The social credit system is a lot like our credit system, except it has to do with following the rules. They’re using the facial recognition to track their citizens and recognize who’s following the laws and who’s not. It is very futuristic. 

From what I’ve heard, the citizens tend to have a positive outlook on this, because they feel that it will secure them as a society, and it will deter crime. But they’re also using technology for anti-terrorism efforts and to monitor the activity of certain groups of people — like minorities near the border of Xinjiang. Recently, just a couple weeks ago, they started having tourists who cross the border in Xinjiang download spyware to their phones. They’re forced to put this malware on their phone, which then scans their phone for up to 73,000 different types of files that the Chinese government finds objectionable. And they are forcing people to delete these files, give up their phones, and cease and desist that behavior by use of malware, which is unheard of really around the world. 

So they’re stepping up their surveillance efforts. And although they’re saying it’s in the name of security, and it’s enabling their law enforcement, it’s also enabling their intelligence capability. Imagine millions of cameras, all around China, monitoring everybody’s moves. Imagine tracking where they’re going, what they’re doing, if they’re showing up to work, if they’re jaywalking. They’re transmitting this data to law enforcement and the intelligence apparatus in China.

What are the most important considerations of Russia’s new Sovereign Internet Bill Putin signed into law on May 1, 2019?

Russia is very connected, and they always have been. The internet is a huge part of their lifestyle despite some pretty high levels of poverty there.  

Russians came up with the dark web in 1997, with a website called hackzone.ru. The website exploit.in, now one of the most prominent dark web forums in the world was created after that.  

As far as dark web users in the country, the Russian government doesn’t really care about that. Unless they’re using it for a malicious purpose against Russia, or a CIS country, then they don’t care. They almost encourage cybercrime against adversary nations by turning a blind eye to it. 

The government recruits the best hackers in their country to work on their behalf to disrupt political situations. It is a very complicated current, you know.

One thing I was wondering about from an IoT security perspective relates to the Russian internet giant Yandex, which has developed a smart speaker known as Alice. What are your thoughts about that as a potential portal for surveillance? 

Well, there’s a reason that the U.S. government doesn’t use Kaspersky products anymore — they found some back doors that were installed in the software. My prediction is that the Russian government will use a similar strategy within their own country as they focus on the sovereign internet. If you want to have your own internet structure within your borders, you are more likely to seek to maintain control by installing back doors into hardware. That seems to be the trend among countries that are taking more control of their internet. 

What’s your take on Australia’s anti-encryption law that passed late last year?

This really took everyone by surprise. It was passed very quickly and without a lot of detail or explanation. The Australian government can request data to be handed over. They can approach an individual. They can ask a single data engineer or an admin to provide them certain information. And they will hold that individual accountable with prison time. And companies will be held responsible with huge fines exceeding $7 million in U.S. dollars. Everyone is wondering: “What do we need to do to comply? And what does that mean for us doing business in Australia?” 

Tags: Security Q&As

Related


  • McKinsey Q&A: How Protecting Consumer Data Can Pay Dividends
    Technologies ranging from the connected home to the smartphone are generating an explosion of consumer data. 
  • IoT security
    IoT Security: A White Hat Hacker Clarifies a Fuzzy Subject
    IoT may be seemingly everywhere, but it is often poorly understood and secured. The IoT research lead at Rapid7 shares concrete advice on what is often a nebulous subject. 
  • IoT with woman using a laptop on a coffee table
    IoT World 2019 Preview: Tracks, Speakers and More
    Zach Butler, portfolio manager for the IoT World event series, previews the May event in Santa Clara, drilling down into tracks, speakers, vertical networking and the associated developers’ conference.
  • Cybersecurity monitoring
    McAfee Investigator Discusses Internet of Things Security and AI
    The head of cyber investigations for McAfee Advanced Threat Research says weak passwords are still a big problem for Internet of Things security.

Leave a comment Cancel reply

-or-

Log in with your IoT World Today account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Content

  • A10 Networks Q&A: IoT Device Security Demands Deliberation
  • Q&A: Siemens Industrial Security Exec on Cyber Priorities
  • Reaper IoT Botnet Threat: Why Enterprises Must Guard Against It
  • The IoT Is Helping Drive Interdisciplinary Research: Q&A

News

View all

Private LTE Market Projected to Grow to $13 Billion

12th January 2021

IoT World Announces 2021 IoT World Advisory Board

9th December 2020

White Papers

View all

The eSIM Cookbook – Towards the Next Generation of Connected Devices

22nd February 2021

eSIM Delivers Greater Freedom for OEMs – by Beecham Research and Truphone

22nd February 2021

Special Reports

View all

Cybersecurity Protection Increasingly Depends on Machine Learning

28th October 2020

Webinars

View all

Weber’s Journey: How a Top Grill Maker Serves Up Connected Cooking

25th February 2021

From Insights to Action: Best Practices for Implementing Connected Device Security

15th December 2020

Galleries

View all

Top IoT Trends to Watch in 2020

26th January 2020

Five of the Most Promising Digital Health Technologies

14th January 2020

Industry Perspectives

View all

IoT Spending Holds Firm — Tempered by Dose of ‘IoT Pragmatism’

1st December 2020

The Great IoT Connectivity Lockdown

11th May 2020

Events

View all

IoT at the Edge

17th March 2021

Embedded IoT World 2021

28th April 2021 - 29th April 2021

IoT World 2021

2nd November 2021 - 4th November 2021

Twitter

IoTWorldToday, IoTWorldSeries

IoT Remote Monitoring Helps Enterprises Traverse COVID-19 and Beyond dlvr.it/RtZ3K5 https://t.co/owJXYf1gkO

26th February 2021
IoTWorldToday, IoTWorldSeries

Securing the Industrial Internet of Things dlvr.it/RtYfYk https://t.co/khUn79dvQD

26th February 2021
IoTWorldToday, IoTWorldSeries

📢 Announcing #EIOTWORLD sponsor, @BluetoothSIG — the global standard for simple, secure wireless connections. ➕ Le… twitter.com/i/web/status/1…

26th February 2021
IoTWorldToday, IoTWorldSeries

How IoT Devices Can Enhance the Connected Customer Experience dlvr.it/RtPcvS

24th February 2021
IoTWorldToday, IoTWorldSeries

🤝 Meet #EIOTWORLD speaker Ingo Feldner, Project Lead for Virtual #Hardware Platforms at @RobertBoschGmbH 📅 Join hi… twitter.com/i/web/status/1…

24th February 2021
IoTWorldToday, IoTWorldSeries

Developing IoT Applications with Rust: Using a Rust Development Environment dlvr.it/RtNqrk https://t.co/wOmnoz2UVT

24th February 2021
IoTWorldToday, IoTWorldSeries

Chip-Enabled Edge AI Drives Next-Gen IoT dlvr.it/RtKcMQ https://t.co/dLjBzE6Qei

23rd February 2021
IoTWorldToday, IoTWorldSeries

The eSIM Cookbook – Towards the Next Generation of Connected Devices dlvr.it/RtG5bB https://t.co/5kXa8Pnv4T

22nd February 2021

Newsletter

Sign up for IoT World Today newsletters: vertical industry coverage on Tuesdays and horizontal tech coverage on Thursdays.

Special Reports

Our Special Reports take an in-depth look at key topics within the IoT space. Download our latest reports.

Business Resources

Find the latest white papers and other resources from selected vendors.

Media Kit and Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • IoT World Series
  • Channel Futures
  • RISC-V
  • Dark Reading
  • ITPro Today
  • Web Hosting Talk

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Login/Register

FOLLOW IoT World Today ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X