The Internet Of Things: Is It Secure?
What are we doing to make sure the Internet of Things is secure?
When it comes to cybersecurity, one of the biggest areas of vulnerability is the Internet of Things (IoT), or the network of sensors attached to various pieces of hardware that are constantly amassing data about their users. Because the IoT is so embedded into daily life by design, we often overlook how much potential there is for it to be hacked. All the while, we are watching this become more and more part of our daily lives in the home, office, and beyond.
According to a recent survey, where IT experts were asked what they thought the main barriers to entry were in terms of widespread implementation of the IoT, the leading response was “data and device security.” Indeed, as NextGov notes, as we allow more of our everyday habits form our laundry machine to our refrigerator to be monitored by sensors “the most granular data about individual consumers, down to their thermostat settings, might be available to hackers who can infiltrate the wireless networks that connect hundreds of devices, or even the devices themselves.”
So while the threat is clearly large, what is not clear is just who should be regulating and monitoring the IoT and looking for ways to improve its vulnerabilities. It’s surprising that this hasn’t been taken up at a higher governmental level, given that the worst case scenario of a hacker remotely disabling a power grid, for example, would have far-reaching effects on everyday citizens whether they use the IoT or not.
As it turns out, in the US there are several bodies responsible for various facets of the IoT—including the Food and Drug Administration, the Federal Communications Commission, the Federal Trade Commission and the National Highway Traffic Security Administration—but no single authority exists. According to experts interviewed by NextGov, “the regulatory framework isn’t well defined and that agencies will likely need to work together as cases arise that expose the potential downsides of widespread connectivity.”
Part of the reason for this overlap and lack of coordination among agencies is that the very definition of IoT isn’t fully understood or agreed upon by all. In response to that challenge, the National Institute of Standards and Technology recently tried to establish an official lexicon for the IoT in order to “give technologists a vocabulary that guarantees they’re talking about the same elements when discussing parts of the internet of things.” As they wrote in their report, “There is no formal, analytic, or even descriptive set of the building blocks that govern the operation, trustworthiness, and lifecycle of IoT. A composability model and vocabulary that defines principles common to most, if not all networks of things, is needed to address the question: what is the science, if any, underlying IoT?”
Another promising sign came from the United States Department of Commerce, which in April of this year released a call for public comment from experts in the field asking “With respect to current or planned laws, regulations and/or policies,” the agency asked, “[a]re there examples that … foster IoT development and deployment, while also providing an appropriate level of protection to workers, consumers, patients and/or other users” of the internet of things? “Are there examples that … unnecessarily inhibit IoT?”
While steps like these go a long way towards building the visibility of and consensus around IoT, buy-in needs to happen among all stakeholders in order for changes to be made. It’s unlikely to come from the private sector alone, as the companies who create products in this space benefit from less regulation, not more. Although tech companies can indicate to government agencies where the biggest vulnerabilities lie and what safeguards could be helpful. It’s time for agencies to coordinate and put safeguards in place without threatening innovation in the process.