IoT Security, Privacy Vital from the Outset Thumbnail
Building Trust 29 March 2019

IoT Security, Privacy Vital from the Outset

By Rajnesh SinghFormer Regional Vice President - Asia-Pacific

For any new technology to be trusted, it must be secure. That is why privacy and security are essential to the development of new technologies from the outset. They must not be an afterthought.

This is especially so for the Internet of Things (IoT) and the plethora of devices that are now available. These devices are gradually being integrated into daily life as we enjoy the benefits they bring. In a number of cases, we are also increasing our dependence on them, such as fitness monitors and home automation.

But poorly-secured IoT devices and services can serve as entry points for cyber attacks, compromising sensitive data and potentially threatening the safety of individual users, as well others.

Attacks on infrastructure and other users, fueled by networks of poorly-secured IoT devices, can affect the delivery of essential services such as healthcare and basic utilities, put the security and privacy of others at risk, and threaten the resilience of the Internet globally.

As concerns mount about the need for regulating the ecosystem and policymakers around the world consider ways to secure it throughout its product lifecycles, it is important to consider the risks this fast-growing technology poses, as well as what steps can be taken to mitigate them.

In November 2018, the Internet Society Asia-Pacific Bureau partnered with MediaNama, an Indian technology news and analysis portal, to hold a curated workshop in Delhi to discuss the various aspects of IoT security and privacy.

A report that sums up the deeply analytical discussion is now available here (link to PDF).

Our 2018 Regional Survey on Internet Policy Issues in Asia-Pacific shows that consumers want to be informed and have more control over their security and privacy when it comes to IoT. They highly value measures to protect against security and privacy threats and believe that governments should help ensure that these measures are in place. (Close to 1000 individuals from 22 economies across Asia-Pacific answered the survey, which was done online from 1 June to 3 August 2018. It was open to the public.)

Nine in 10 respondents would like for security and privacy protections to come as a standard for all IoT devices, and a similar number indicate that they are likely to purchase IoT devices that have a security guarantee (through a trustmark or certification label).

We believe that multistakeholder discussions are an excellent way to allow all impacted stakeholder groups – including device developers, vendors, government representatives, academics, public interest groups, the technical community, and others – to weigh in and create a prioritized list of quality attributes together.

Such a multistakeholder approach allows participants to contribute their expertise to the conversation and highlight ideas or implications that may be missed by any one group on its own.

In the case of our workshop in Delhi, public interest groups emphasized what was most important to consumers, developers and vendors described what could realistically be done from a technological standpoint, and policymakers weighed in on how to encourage those standards from a policymaking perspective.

As IoT devices and services proliferate, there is an urgent need to ensure user trust and confidence in IoT products and services. There is a need for action from all parts of the IoT ecosystem, and the Internet Society’s OTA IoT Trust Framework provides a good overview of what’s required. We invite you to learn more on the OTA website here.

Explore #GetIoTSmart, which includes resources for consumers and manufacturers.

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Building Trust 21 February 2020

NDSS 2020: The Best in Security Research – For the Good of the Internet

On 23 February, the 27th consecutive Network and Distributed System Security Symposium (NDSS) kicks off in San Diego, CA....

Building Trust 11 February 2020

Every Day Should Be Safer Internet Day

Safer Internet Day is an opportunity for people and organizations around the world to join forces in a series...

Building Trust 28 January 2020

This Data Privacy Day It’s the Little Things That Count

Today we’re celebrating Data Privacy Day, which is all about empowering people and organizations to respect privacy, safeguard data,...