‘Connecting devices is easy, securing them is much more difficult’. This was the opinion of one expert at a recent IoT Security seminar at Mobile World Congress 2016, and neatly summarises where we are in the story of the Internet of Things.
Soaring demand for IoT solutions has resulted in a rush to deliver new connected services to market. Some, however, have not necessarily been designed to accommodate others, or are not well equipped to securely communicate with solutions that may be added to the network in future. This problem is compounded by the explosive rate at which new devices are being connected; according to a recent study by Gartner, 6.4 billion ‘connected things’ will be in use in 2016, up by 30 per cent from 2015.
As a result, points of entry are multiplying, enabling hackers and data thieves a greater opportunity to disrupt services and steal data. This has contributed to a glut of recent high profile data breaches which, collectively, have adversely impacted consumer confidence in the security and privacy of the IoT.
Earlier this month, The Drum reported polling that suggests that globally, 62 per cent of consumers are concerned about their privacy in relation to connected devices. A further 54 per cent of those questioned named IoT security as being more than twice as threatening as real-world problems such as physical safety.
Nonetheless, there are signs that the industry is turning a corner. For example, recent research by MarketResearchReports.biz suggests that compound annual growth rate (CAGR) in the IoT security market will reach nearly 55 per cent over the next year.
This is partly because companies across the industry are now hiring IoT security experts as a matter of course. Although the limited number of experts in this field will make it more difficult for smaller firms and start-ups to afford such personnel, this will change as the IoT security market grows.
As well as seeking to improve consumer confidence, companies are now considering their liability for the failures of their products. As cyber security expert Jeff Moss recently argued, ‘When Elon Musk gets told that his Tesla cars are held liable for the performance of the software that runs them, he’s going to make sure the same rules apply to the Adobes, Sun Microsystems and Microsofts of the world, too: “Why would Tesla want to compete against a company like an Oracle that doesn’t have those liability costs?” It won’t, and it will push for rules on it to apply to everyone building software’.
This issue is taking place against the backdrop of greater interest in IoT security from governments and regulatory bodies across the globe. Earlier this month, the U.S. Department of Commerce revealed that the National Telecommunications and Information Administration (NTIA) is working on a green paper that focuses on the ‘potential benefits and challenges of these technologies and what role, if any, the U.S. Government should play in this area.’
While many governments and regulatory bodies have been consulting the IoT industry on the issue of security for some time, recent pan-industry initiatives such as the GSMA IoT Security Guidelines, are likely to help policymakers develop a framework in which the IoT can flourish.
Ultimately, the security of the IoT will depend on greater cooperation between industry players, both to ensure the adoption of common standards and to assist policymakers facilitate a trusted and prosperous IoT.
On 10-11 May, key players in IoT privacy and security will be meeting at the GMSA Mobile 360 Privacy & Security event to advance a secure and trusted IoT. This two day event in The Hague will give attendees the opportunity to discover more about the GSMA IoT Security Guidelines, meet the experts behind them and learn the key practical steps on how to build-in privacy by design when developing new IoT services or products in the workshop: Applying Privacy by Design principles to the Internet of Things (IoT) – A Case of Trust.
Register for your pass today