Why is IoT security still such a problem?
Research reports illuminating the poor security of Internet of Things (IoT) devices appear with what might be described as alarming regularity. We hear tales of poor password control, read descriptions of security breaches, and then we often hear calls for regulators and governments to do more to stop devices with poor security getting onto the market. With security problems so widely publicised,
why isn’t the problem getting fixed, and where does the responsibility lie for taking action? Why does the problem persist? John Moor, managing director of the IoT Security Foundation, tells IT Pro there are three why IoT device security, or lack thereof, is still such a prevalent issue. The first is market economics; vendors are reluctant to invest in ongoing security support for devices that might have a life of ten years or more in a business or industrial setting. Another is lack of regulation. “The general consensus is that regulation is needed, however it is very difficult to get right,” he explains. “Set the bar too low and it weakens the intention and may give a false sense of security. Set the bar too high and it will stifle markets and innovation.” Moor’s third reason was, sadly, ignorance. “Some vendors do not understand the security implications of adding connectivity to their products,” he says. Vendors aren’t the only ones with skin in the game, though. Governments can choose to take on a regulatory role, and those buying IoT devices also have a measure of choice in how they make purchases and in which devices they decide to buy. The role of governments A significant challenge for governments and regulators is the international nature of purchasing. Even in a business environment, an IoT device is quite likely to be bought off the page from an online seller. The device may have been made in a country with a different regulatory framework for IoT devices – or none – and the online seller may not be based in the same country as the purchaser. SEE MORE Why the Internet of Things needs security by design SEE MORE What is the Internet of Things (IoT)? SEE MORE IoT coffee machine hacked to demand ransom While it has been argued this complexity makes regulation nearly impossible, Moor disagrees, saying: “This is challenging but doable. Governments can mandate responsibilities for domestic markets regardless of the source or point of purchase. For example, an importer of products can be regulated to ensure basic security features exist before making them available for domestic markets.” Kevin Curran, IEEE senior member and professor of cyber-security at Ulster University, takes this point a stage further, arguing for a baseline of security compliance. “As the industry evolves, the need for consistency becomes more important to ensure interoperability and security for the system as a whole,” he says. “Tackling this issue at the root is key, so enabling manufacturers to ensure all devices meet basic security requirements in the development phase will help to allay fears that an organisation can be easily exploited through a single point of vulnerability.” The UK Government’s proposed new law, sets a baseline. It’s aimed at manufacturers of consumer IoT devices, but, says Paul Stone, security delivery manager at Context (part of Accenture Security): “Nearly all elements of the Code of Conduct apply equally to consumer and business IoT devices.” Despite this he is sceptical about take-up, saying: “I have yet to see any manufacturer publicly commit to the guidelines even though it could be in a manufacturer’s interest to do so, as a way to differentiate themselves from competitors.” What should end users do? Moor believes that businesses should be proactive, ensuring the suppliers of IoT devices have good security practices in place and demonstrate an acceptable level of commitment to security. Stone also puts the onus on business buyers, saying: “Businesses purchasing IoT equipment should demand evidence that the manufacturer is taking product security seriously. This could include requiring products to undergo testing by a third party and public commitments to follow standardised security guidelines, such as those published by the UK.” He thinks such action is powerful, adding: “Ultimately a business demand or requirement for good security will be more effective in driving up standards than intermittent enforcement by a regulator.” It’s possible that if this kind of behaviour became widespread it might force industry change. Indeed Curran was optimistic that we will see a change before too long, saying: “the standardisation of IoT security will need to catch up with other already developed technologies, but with the rapid adoption by businesses due to increased remote working, this will most likely happen at a significant pace.”
Date: 2020-11-13
URL: http://feeds.itpro.co.uk/~r/ITPro/Today/~3/bFKIiWZ2cf8/why-is-iot-security-still-such-a-problem
itpro.co.uk
RBS challenger bank Bó aims to fightback against Monzo and Starling (2020-11-17) | Traditional banks are looking to beat new digital-only rivals at their own game with RBS launching its own version of a challenger bank called B So-called challenger banks have cropped up over the past few years thanks to the ubiquity of smartphones new open banking standards and efforts by regulators to boost competition in the retail banking sector Thats given rise to a wave of challenger banks .. RBS challenger bank Bó aims to fightback against Monzo and Starling |
Top security tips for employees working from home (2020-11-30) | Its safe to say that 2020 has been an unusual year As the coronavirus pandemic forced countries around the world into lockdown many people found themselves experiencing long-term remote working for the first time in their professional lives Theres a lot to adjust to when working from home but one of the biggest challenges is the potential impact that it can have on security There are however a num.. |
Microsoft warns of growing “digital divide” between state and private schools (2020-12-04) | Just 1% of public primary schools are able to provide hardware for pupils to take home compared to 38% of private schools according to a new surveyby Microsoft The figures were only slightly better for secondary level with just 7% of state schools able to provide devices for students against 20% of private schools SEE MORE The coronavirus pandemic has transformed the workplace more than any disrup.. |
UK data laws after Brexit: Your questions answered (2020-06-29) | This article originally appeared in Mays edition of IT Pro 20/20available here To sign up to receive each new issue in your inboxclick here One of the most turbulent aspects of the Brexit debate was the uncertainty it created for businesses across the UK While we now have a slightly better idea about what the regulatory landscape will look like after the transition period ends questions remain abo.. |
5G will reach more than one billion people by end of 2020 (2020-11-30) | 5G coverage is expected to reach 15% of the worlds population more than one billion people by the end of this year according to a new report by Ericsson The Swedish telecoms companyhas raised its year-end 2020 estimate for global 5G subscriptions to 220 million out of which 175 million of those - almost 80% - will be based in China This is due to the faster-than-average 5G uptake in China where th.. 5G will reach more than one billion people by end of 2020 |
Chrome 87 arrives with bolstered performance and security (2020-11-18) | Google has released the final Chrome update of 2020 with a slew of new performance enhancements and some tighter security controls The update includes changes to the search bar power-savingtweaks for tabs and faster bootup times SEE MORE Google almost broke the web with its latest Chrome update SEE MORE Chrome OS Lost in the cloud? SEE MORE Whats next for Google Chrome? Today were offering up our .. |
What is digital transformation? (2019-08-07) | Digital transformation is one of those phrases you may dismiss as business jargon but its so much more than that It can play a crucial role inevolving and growing your business Most organisations will have gone through some sort of digital transformation in their lifetime The right technology is often key to staying competitive and during this challenging and uncertain year adding digital capabili.. What is digital transformation? |
Brother HL-J6100DW review: An excellent choice - if you’re not in a hurry (2020-11-04) | The HL-J6100DW is larger than your average desktop inkjet but thats because it can turn out A3 prints just as happily as A4 Thats a handy trick and while the 322 price tag isnt the lowest weve seen its a lot cheaper than most A3 lasers Running costs are low too: the printer ships with standard high-yield ink cartridges which print a mono page for a penny and a colour one for 5p When these are exha.. |
Cyber crime costs predicted to hit $10.5 trillion per year by 2025 (2020-11-13) | Cybersecurity Ventures a trusted resource for cyber security statistics and predictions predicts global cyber crime costs will reach $105 trillion by 2025 This would more than triple the $3 trillion in cyber crime in 2015 and represent a 15% annual increase for each of the next five years The projected total represents the greatest transfer of economic wealth in history and is a huge risk for inno.. |
Best ransomware removal tools (2018-12-07) | Ransomware a type of malware that encrypts and threatens to publish a victims data until a ransom is paid is on the rise The threat has become especially prevalent during the COVID-19 pandemic as hackers take advantage of mass remote working Research from Check Point shows that the number of ransomwareattacks in the UK increased by 80% between June and September 2020 while the global average of ra.. |