For any new technology to be trusted, it must be secure. That is why privacy and security are essential to the development of new technologies from the outset. They must not be an afterthought.
This is especially so for the Internet of Things (IoT) and the plethora of devices that are now available. These devices are gradually being integrated into daily life as we enjoy the benefits they bring. In a number of cases, we are also increasing our dependence on them, such as fitness monitors and home automation.
But poorly-secured IoT devices and services can serve as entry points for cyber attacks, compromising sensitive data and potentially threatening the safety of individual users, as well others.
Attacks on infrastructure and other users, fueled by networks of poorly-secured IoT devices, can affect the delivery of essential services such as healthcare and basic utilities, put the security and privacy of others at risk, and threaten the resilience of the Internet globally.
As concerns mount about the need for regulating the ecosystem and policymakers around the world consider ways to secure it throughout its product lifecycles, it is important to consider the risks this fast-growing technology poses, as well as what steps can be taken to mitigate them.
In November 2018, the Internet Society Asia-Pacific Bureau partnered with MediaNama, an Indian technology news and analysis portal, to hold a curated workshop in Delhi to discuss the various aspects of IoT security and privacy.
A report that sums up the deeply analytical discussion is now available here (link to PDF).
Our 2018 Regional Survey on Internet Policy Issues in Asia-Pacific shows that consumers want to be informed and have more control over their security and privacy when it comes to IoT. They highly value measures to protect against security and privacy threats and believe that governments should help ensure that these measures are in place. (Close to 1000 individuals from 22 economies across Asia-Pacific answered the survey, which was done online from 1 June to 3 August 2018. It was open to the public.)
Nine in 10 respondents would like for security and privacy protections to come as a standard for all IoT devices, and a similar number indicate that they are likely to purchase IoT devices that have a security guarantee (through a trustmark or certification label).
We believe that multistakeholder discussions are an excellent way to allow all impacted stakeholder groups – including device developers, vendors, government representatives, academics, public interest groups, the technical community, and others – to weigh in and create a prioritized list of quality attributes together.
Such a multistakeholder approach allows participants to contribute their expertise to the conversation and highlight ideas or implications that may be missed by any one group on its own.
In the case of our workshop in Delhi, public interest groups emphasized what was most important to consumers, developers and vendors described what could realistically be done from a technological standpoint, and policymakers weighed in on how to encourage those standards from a policymaking perspective.
As IoT devices and services proliferate, there is an urgent need to ensure user trust and confidence in IoT products and services. There is a need for action from all parts of the IoT ecosystem, and the Internet Society’s OTA IoT Trust Framework provides a good overview of what’s required. We invite you to learn more on the OTA website here.
Explore #GetIoTSmart, which includes resources for consumers and manufacturers.