“IoT compounds every security problem ever seen and multiplies every problem of the Internet. Your toaster could be sending out spam.” -Technologist, North America
Connected devices add enormous complexity to an already complex security environment. They also raise the stakes, as with high convergence and influence of Internet into our lives, there is increased potential in cyber threats to damage physical assets and harm human life. The Internet Society 2017 report- Paths to our Digital Future identifies the root of the problem being de-prioritization of security over IoT innovation, we are adopting IoT faster than we can secure it.
The case of Mirai attack of 2016 is often taken up to prove the extent of damage mere plug-and-play remotely-managed IoT devices can have on the broader Internet. Many of these devices on the market today have very limited built-in security measures, and will not be updated through the devices’ lifetime. Furthermore, explosion in the requirement of such connected devices in transportation, health, smart homes and many other domains alter the entire landscape of cyber threats. An agreement on IoT Security frameworks and best practices is essential to safeguard safety and realize full potential of IoT.
The role of government cannot be undermined; more risk there is to critical infrastructure from connected devices, the greater the perceived need for governments to intervene. If the threats arise from something as innocent as an Internet connected light bulb, the government will be tempted to regulate the Internet. But similar to the events in the past, there is a fear that will government responsive respectful of privacy and individual autonomy. All stakeholders, apart from government, from users to manufacturers, will need to be more security aware and work together towards a more comprehensive and resilient security environment. The insurance industry, for example, may exert market influence, for example, by requiring systems or devices to have security certifications in order for their owners to be insurable.
We need to address IoT-related security issues before we can realize the full benefits of the Internet economy. A sustainable and effective long-term solution will require ongoing collaboration, and a commitment by manufacturers and service providers to incorporate privacy and security in their design processes, from initial conception to long-term support and updates.