Society and the global economy are witnessing an unparalleled level of innovation being brought forth from the introduction of thousands of new Internet of Things (IoT) connected devices. They are providing significant benefits to the home and office, while wearable devices offer the promise of enhancing one’s personal lifestyle and health. Yet to date, the level of commitment to device security, privacy and sustainability is unclear. Many within the security community believe industry is not adequately addressing fundamental security, privacy and life-safety issues. All too many IoT devices appear to be designed primarily for convenience and functionality while long-term security is conspicuously absent. Many of these “smart” devices are often not as smart as suggested.
In the absence of adoption of security norms and responsible privacy practices we are reaching a crossroads where regulation may be required. Yet in reality legislation by itself will not be effective. Passing regulation will take too long and will never keep pace with the evolving threat landscape. One promising alternative is an inclusive, multi-stakeholder effort that recognizes the need for change and expresses a willingness to adopt self-regulatory frameworks. Self-regulation is not without its own challenges. While well intended, it is often the case that decision makers are not committed and the consensus-driven process results in little if any impactful results.
Much like global warming or industrial pollution, there will be long-term consequences resulting from inaction with IoT threats. The impact of these threats have jumped to the physical world, ranging from unlocking doors, turning on cameras, shutting down critical systems and theft of personal property. The door has been opened. The lack of action has created a treasure chest ripe for abuse by white collar criminals, terrorists and state sponsored actors as IoT devices become weaponized. Left unchecked we may realize a “digital environmental disaster”.
