It’s no secret that the massive swarms of IoT devices covering the planet are woefully insecure. Unsurprisingly, device manufactures place their highest priority on profits and bringing their products to market quickly and inexpensively. Security efforts, if they exist at all, are usually mere afterthoughts.
Perhaps we shouldn’t be too quick to judge the manufacturers. With so many competitors pumping out IoT products at the speed of consumer demand, there’s little incentive for a gadget maker to spend time and money embedding security features into each smart device.
Nonetheless, the reality of the minimum viable product has created an environment of IoT vulnerability and mistrust. In fact, a staggering 80 percent of
survey respondents indicated they don’t trust their IoT devices to keep their privacy and data safe.
Fortunately, 2019 might just be the year when IoT starts becoming more trustworthy. Here are two reasons why.
Legislating Trust: An IoT Security Bill for 2019
It’s not just consumers who view today’s interconnectivity with suspicious eyes. Members of the US government have been worrying about IoT’s security dangers for quite some time. Consider the following ominous quote from the Defense Intelligence Agency’s Worldwide Threat Assessment from last year:
“In the coming year, we expect global cyberthreats to emanate from a wide array of state and nonstate actors. Our networks, systems, and information are at risk from an evolution of malicious cyberspace activities. The most important emerging cyberthreats to our national security will come from exploitation of our weakest technology components: mobile devices and the Internet of Things.”
With entire infrastructures connect by IoT, such as traffic grids, transit systems and water supplies, it’s easy to see why officials are losing sleep over carelessly-networked technology. Luckily for peace-loving citizens everywhere, the government wants to do something about the growing threat.
In 2017, congress introduced a bill called the Internet of Things (IoT) Cybersecurity Improvement Act. The bill’s goal was to require manufacturers to build minimum levels of security features into all IoT devices sold to the US government. Such features would include software-update capabilities and the option for end users to change IoT device passwords.
The 2017 version of the bill never got off the ground. But now, a 2019 version is being introduced. It again applies to devices sold to the government.
The Internet of Things (IoT) Cybersecurity Improvement Act of 2019 strives to ensure the most effective security requirements will be covered. To guarantee that the best standards will be mandated, the bill is giving the National Institute of Standards and Technology (NIST) the responsibility of deciding the required security standards. Security issues addressed by the bill include device configuration, identity management, firmware updates and other categories.
Why does this legislation apply only to devices sold to the government? Because it aims to leverage the government’s purchasing power in a way that will benefit everybody. If the bill passes, the expectation is that device manufacturers will opt to design all their IoT products to comply with the legislation’s security requirements. The more secure their products are, the more likely it will be for manufacturers to win lucrative government contracts.
While best practices such as patch management and password managers will always be crucial for connected devices, security standards would create a more trustworthy IoT environment across the globe.
Certifying Trust: A Seal of Approval
Along with members of congress, innovative businesses are also trying to make our connected world safer. Blackberry Limited is one such business.
A Blackberry survey has uncovered that most consumers are more likely to choose a product or do business with a company that has a strong reputation for data security and privacy. By providing a suite of software packages that enables device makers to build secure IoT-products, Blackberry is helping electronics manufactures differentiate themselves and gain new levels of consumer trust.
The company’s software packages are called BlackBerry Secure feature packs. By using Blackberry’s feature packs, IoT manufacturers no longer need to expend resources designing security features internally and “from scratch.”
The Blackberry survey also found that consumers “would support a ‘seal’ or ‘stamp of approval’ on IoT devices to designate a certain standard of security.” Therefore, IoT devices that incorporate Blackberry’s security technology will now come with a “Blackberry Secure” seal.
A World in Transition: What Can We Do Right Now?
Gartner has estimated that there will be 20.4 billion connected devices by 2020. Obviously, that amounts to a staggering number of endpoints for hackers and cybercriminals to breach.
As the connected world waits for secure IoT devices and the passing of new legislation, there are several ways consumers and businesses can be proactive. For example, as mentioned earlier, patching all devices that can be patched and being smart about IoT passwords are two important security practices.
Also, we should all be judicious about which gadgets we’re connecting to the internet. The fact that a smart device can be online doesn’t mean it should be. A common sense rule of thumb: if you don’t absolutely want or need a device to be connected, don’t connect it.
Another way to remain appropriately vigilant is to turn off a smart device’s UPnP (universal plug and play) feature. It’s extremely easy for cybercriminals to link to printers, routers, cameras, etc. using UPnP. The best policy is to forego convenience and opt for safety.
The good news is that upcoming advancements, legislation and awareness are ushering a new era of innovation. Although we’ll always need to be mindful, new breakthroughs are coming. Between now and the next 18 months, security enhancements are going to enable IoT to flourish in exciting new ways. And when technology flourishes, society changes for the better.
Edited by
Ken Briodagh
