“The internet is no longer a web that we connect to. Instead, it’s a computerized, networked, and interconnected world that we live in. This is the future, and what we’re calling the Internet of Things.“
Bruce Schneier, Security Technologist and Author
The Internet of Things (IoT) is considered to be one of the most important emerging subject matters in technology that is thought to reshape the cybersecurity and data privacy landscape for consumers and businesses as well. The significant challenge of adopting connected devices has positioned IT specialists, organizations, and businesses to question the safety of this new technology. Advanced attacks such as cyber-invasions, sophisticated malware and immense data breaches are constantly increasing. This technological transformation compels us to ask: ‘’Can we trust interconnected external devices? And what can we trust them for?’’.
The Internet of Things
To simplify the explanation of the Internet of Things, let us break down the building blocks of what exactly is this new technology that is expected to become the lifeline of our data-driven world. How does it work? And is it safe?
As its name indicates, the Internet of Things is a collaborative system of interrelated computing devices; an ecosystem of connected physical objects that are embedded with an IP address and built-in sensors that help them transfer data over a network without manual assistance, intervention, or the requirement of human-computer interaction. Its function is to empower devices or objects to observe precisely, identify and understand the circumstances of a situation without being dependent on human help.
This technology is recognized as an innovation that will bring about a transformational change to organizations in all different sectors. Imagine a device which is capable of representing itself digitally and is able to control the information it receives autonomously. The connection of devices to various systems would help capture accurate data to ensure more ways of improving company performance, reducing cost through process efficiency and increase productivity in the working environment. Smarter decisions would produce real-time insights and analytics that would improve the convergence of data and create more opportunities for consumers and businesses.
The IoT will inevitably propel our lives into the Fourth Industrial Revolution. The possibilities will be enormous when implementing its capabilities to the various industrial sectors, smart homes, and businesses. The development of our soon-to-be IoT smart city is not as far off as it may seem. By 2020, the analyst firm Gartner has reported that over 20 billion connected devices will exist. That’s almost one-third of our entire population on this planet. As we transition into the IoT era, how will traditional IT security systems change as the scale of our digital presence continuously evolves?
Cybersecurity and Privacy Concerns
The IoT has brought about a lack of harmonization and shared vision when it comes to the response to the security challenges this technology brings. As of now, ISO has published standards for the interoperability and architecture of IoT, but there are no published international standards for security and privacy regarding the IoT. At an international level, there is only one standard on IoT security and privacy, part of the ISO/IEC 27000 family, the ISO/IEC 27030, but it is still in its early stages of development. But even ISO/IEC 27030 is a standard that offers guidelines rather than requirements, and as such, it is not a standard that organizations that deal with IoT can get certified against.
This lack of accordance has impeded the standardization and the implementation of effective regulations on IoT security and privacy, such as Privacy By Design. Cybercriminals are becoming more sophisticated by the day and are discovering different methods of attacking security systems. This raises the concern that a lack of coherence can cause security risk analysis, risk assessment, and countermeasures to become difficult tasks. For this reason, it is important to create secure solutions that would aim at protecting the ever-increasing number of ‘’things’’ which are interconnected through the World Wide Web.
Data ownership and cybersecurity are the main matters of concern regarding IoT’s future. The security and control of all physical objects that have become ‘smart’ require the right level of protection without compromising the consumers’ private data or allowing data breaches which could cause significant damage to recognized enterprises. Marc Goodman, a professional in law enforcement and technology who is the author of the book Future Crimes, says that better security measures should be made against “connecting everything insecurely”. Hardware security is more important than ever, as device identity, secure network scales and physical security become crucial challenges towards assuring that platforms and operating systems that communicate with devices and core channels are encrypted and safe for private use.
Reliable Standards
The expansion of the IoT will elevate the complexity of the current cybersecurity global discourse. It will fundamentally question liability, critical infrastructure, and the effect of foreign acquisition of critical technologies. Current security frameworks, privacy regulations and security design principles will need to be enhanced in order to embody this technological revolution that will shape how we control private or sensitive information. It’s only been one year since the GDPR came into effect and we already are preparing for the biggest transformation in cybersecurity since the internet was invented and made accessible for the masses. The development of ISO/IEC 27030 marks a positive sign regarding the achievement of a global consensus on the standardization, unification and strategized response to the IoT security and privacy. However, in a future where interoperable devices and “things”, which will know your every move, preference, action and deed, will independently act upon such information, structured responses, systematic security approaches, regulated protocols should reflect the massive proportions of the presence and effect that this technology will have in the lives of each and every one of us.
