In today’s digital era, serious cyber-attacks have unfortunately become a daily occurrence. It is estimated that by 2020, 25% of cyber-attacks will target IoT devices.
With the number of IoT or connected devices set to cross 31 billion by the end of this year, future attacks hold the potential to dwarf what we’ve seen to date.
Today, worst-case scenarios for cyber-attacks are hackers 'merely' taking the opportunity to steal a victim’s identity or expose sensitive company information. However, in the not-too-distant future, connected devices will include the fundamental infrastructure we rely on every day: transportation, power plants, supply chains, and even medical equipment.
This has unfortunately created major safety and privacy concerns, and there’s potential for cyber-attacks to move beyond posing a financial risk and into the realm of life and death consequences.
Serious threats
Frighteningly, these concerns are already moving towards reality in the connected car space. In an infamous example, automotive cybersecurity researchers demonstrated the ability to remotely control vehicles on the road by repeatedly hacking a Jeep Cherokee, disabling the brakes and even controlling the vehicle’s steering and acceleration.
In another example, Chinese security researchers successfully hacked a Tesla for the second year in a row, turning on the brakes remotely and getting the doors and trunk to open and close while blinking the lights in time to music streamed from the car's radio.
A hacker poses a far more serious threat if they gain control of your autonomously driven car than they do by gaining access to your bank account – and things get even more serious when you start to consider power and supply chain infrastructure.
To craft an effective response to this new breed of IoT-based threats, we first need to understand how the IoT is shifting the security landscape. The IoT is changing the profiles of vulnerable targets from traditional endpoints – back-end computer systems, laptops and so on – to ‘edgepoints’ operating at the network edge.
Security efforts must now shift from simply safeguarding traditional endpoints to also protecting “edgepoints”, including mobile phones, tablets and connected televisions, but also connected cars, smart forklifts, and even implantable cardiac pacemakers.
With the boundaries between networking, storage and computing blurring, security can no longer be an afterthought. While security concerns with IoT are widely acknowledged, adoption rates do not show any signs of slowing. In fact, recent research indicates that 90% of UK consumers are aware of the risks associated with IoT devices, yet 50% already own at least one connected device.
Worryingly, a large majority (90%) of consumers believe it is important that IoT devices have security features built into the product. However, too often security is an afterthought for IoT manufacturers under pressure to deliver devices to the market. If industry and consumer pressure alone do not steer the IoT industry toward effective security, governments may well need to intervene in the name of public safety.
Ensuring public safety in the era of smart things
As cyber threats become more serious and raise public safety concerns, policymakers will need to work with the private industry to create a framework for reliable IoT security that actively protects privacy without hindering innovation. For example, the government already holds a position of responsibility when it comes to public transportation and the regulation of connected and autonomous vehicles.
Members of the government with a background in technology and security would be a welcome sight in helping to craft effective legislation around IoT security. In Europe, the General Data Protection Regulation (GDPR) will soon take effect, requiring businesses to utilize ‘security-by-design’ practices – including in the development of IoT devices.
In the USA, voluntary IoT security guidelines have been issued by the Food and Drug Administration, National Institute of Standards and Technology, and the Department of Homeland Security. Whilst these are positive steps forward in securing the future of IoT, more oversight and enforcement from governments is sorely needed as the number of connected devices continues to rise.
Looking ahead
The IoT is weaving technology ever more tightly into our everyday lives, and connecting virtually everything to the internet certainly brings tremendous opportunities for convenience, efficiency, and growth. It also creates major safety and privacy concerns – which raises the question, which IoT stakeholders should we turn to if this situation is to be effectively addressed?
As IoT devices continue to appear in our homes and offices, ensuring public safety will be a critical challenge for governments over the coming years. The stakes will be incredibly high, and each and every government body across the globe should feel compelled to contribute what is necessary to achieve a safe and secure IoT for its citizens.