Security for the Internet of Things remains a challenge
In our recent survey of Trends in Online Security & e-Identity, considerable attention was devoted to the rise of the Internet of Things (IoT). A small majority of surveyed consumers feared that connecting 'things' to the internet would make it less secure. And subsequent events have demonstrated that their concerns were well founded.
Risks from the Internet of Things Q: How does the Internet of Things influence the security of the internet in the Netherlands? (n=2095)
More security incidents
Researchers recently discovered that many expensive Bluetooth-enabled door locks could easily be opened using a smartphone. Consumers often forget to secure their devices by setting a password. In many cases, manufacturers do take steps to address the issues, but are reluctant to stress potential problems, for fear of losing customers. The commotion caused by Samsung deleting a warning tweet earlier in the year is a good example of such thinking.
European legislation is in its infancy
For some time, the Dutch government has been pressing for European regulation of the IoT. As part of its campaign, the government has linked up with the business community to produce the Roadmap for Digital Hard- and Software Security and is actively lobbying within the EU for stricter controls. One of the measures sought is the introduction of pan-European minimum security requirements for smart devices from 2020.
Smart devices become insecure with age
Whether the IoT can in fact be regulated is debatable, however. It's a complex market offering a huge variety of devices, from solar panels to toys. To complicate matters further, devices usually become insecure only with age. Because, for example, the product has been discontinued, and the manufacturer no longer offers security updates. Against that backdrop, how can the proliferation of smart devices be kept secure? And can consumers and businesses be expected to constantly check whether all their devices are up to date?
More security checks needed
Legislation alone is not the answer. The management of IoT-related risks depends on vigilance as well. One obvious way forward is to look at the router that connects devices to the owner's home or business network. A scan of the router -- using our specially designed SPIN software, for example -- can quickly identify any suspicious behaviour.
Nevertheless, stricter European regulation is indeed desirable. If only to get consumers and businesses to open their eyes to the risks, and to raise awareness of cybersecurity.