Is IoT just a fashion trend or technology of the future?
The Internet of Things is a new round of the penetration of digital technologies into the everyday life of man. The Internet is becoming more accessible, things become smarter. The modern fashion to “digitize” everything plays an important role in the development of IoT. Its origin is associated with real demand, and the development of technology has made it possible to translate it into reality. This is a logical stage in the evolution of automation of processes in industry and household life.
The Internet of Things has quickly increased its coverage, but it is not too late to think about possible violations of current legislation, privacy, and other human rights in case of uncontrolled penetration of such technologies into all spheres of our life.
The rapidly developing IoT, which does not implement proper security rules threatens both soulless machines and living beings. All different types of connected devices can be used as attack platforms. Time zones, state borders, and international law will not pose a serious problem for cyberattacks without proper implementation of protection functions. Modern conveniences and fashion for digitalization are not so bad, but it is necessary to remember about security.
Is IoT better for B2B or B2C?
The Internet of Things is applicable in both spheres, but security requirements for smart things in B2B, of course, must be higher than for B2C devices. There are numerous use cases. A home user, who decides to put a web camera in his garage to monitor it from a PC or smartphone; a hypothetical local TransService LLC, which uses GPS to monitor the location of its trucks, or hypothetical NetMediaGroup JSC with sensors and cameras throughout the country – all will use the Internet of Things, but the requirements for their equipment and infrastructure will differ greatly.
A home user with a high degree of probability will not even think about the possibility of securing the traffic traveling between the smartphone and the web camera, except for changing the default password. TransService LLC at best will install special sensors and SIM cards into its trucks. It will also possibly get the cellular provider to set up a separate network through a dedicated access point (APN). NetMediaGroup JSC, in addition to the APN, will also require a separate VPN to ensure secure cross-platform interactions of its infrastructure components and in order to protect the transmitted data from interception or modification, as well as from unauthorized access.
Is it safe to use IoT at home?
The security of household IoT, judging by the number of compromised devices participating in DDoS attacks, is not a priority either for manufacturers or for consumers themselves. The end user does not think about security issues and prioritizes his own convenience. The manufacturer wants to avoid damage to user-friendliness that influences sales. World technological associations and standardization institutions have only recently developed methodological recommendations for the security of the Internet of Things, such as the GSMA IoT Security Guidelines, NIST, and SANS publications.
Given the growing interest of the industry in building a secure Internet of Things, let’s hope things will change over time. We all remember the case of the first Wi-Fi routers, where by default Wi-Fi was open with the PSK key value set to 12345678. Today modern Wi-Fi routers are often shipped with a unique SSID and its own hard-to-guess key. A similar development path awaits other IoT devices in the mass market.
Are consumers ready for smart cities, cars, homes?
As mentioned above, consumers who put emphasis on convenience, and manufacturers who just started conquering the market are ready for IoT quite formally. Users may enjoy the new functionality, maybe sell and buy things, but only on condition that the Internet to which things are connected will be a trusted environment.
Are we ready for smart cities?
Critical infrastructure interfaces can be safely connected to the Internet only if there are no cybercriminals. But it is impossible to eliminate all crooks. To limit the threat coming from them, you need to use dedicated network segments, access to which is strictly controlled. This way you can be less afraid of scenarios in which the city is paralyzed by an attack from the outside.
What are the main problems of the faster introduction of the Internet of Things?
The main problem is the lack of a common integrated approach ensuring the safety of devices. This approach should list rules and regulations, which would be followed by all parties involved: manufacturers of IoT devices, consumers of smart city technologies, communication providers, etc.
What steps should vendors make to better protect their IoT device and us?
- Marketing materials and user manuals should include instructions on necessary information security measures and explain the risks of connecting the device to the Internet.
- Device Hardening: disabling unused services and functions in order to reduce the vulnerability surface.
- Enforce the default password change. Implement password policies that prevent the use of simple passwords.
- Implement software code security control.
- Conduct thorough security testing of devices and applications before mass production.
- Enforce auto updates that fix security issues. Develop user-friendly and fast software update process.
In addition to the obvious benefits to the consumer, the manufacturer can use the above steps as a competitive advantage. The implementation of such measures will not solve all the problems, but it will make the world of IoT and the real world connected to it much safer.