IoT needs regulation if consumers are to trust products and services
December 15, 2016
The Internet of Things (IoT) refers to the ever-growing network of physical objects that feature an IP address for Internet connectivity and the commu...
The Internet of Things (IoT) refers to the ever-growing network of physical objects that feature an IP address for Internet connectivity and the communication that occurs between these objects and other Internet-enabled devices and systems. Conservative estimates suggest that by 2020 over 200 billion connected sensor devices will be in use. Gartner states that IoT product and services suppliers will generate incremental revenue exceeding $300 billion by 2020. However, consumer trust in the IoT is starting to waver due to recent headlines regarding security hacks on IoT devices, and questions on whether they can be safely allowed into our day-to-day lives.
IoT devices will generate new types and unprecedented quantities of data regarding every second of our interaction with the physical world. However, this will in turn mean an increased level of intrusion, as tracking our lifestyle also allows criminals to monitor our every move, even as far as when we leave the house and when we return. Without clear regulation, IoT products are being developed with minimal security and quality considerations that leave them wide open to critical faults and security flaws. In a recent survey by HP, more than 70 percent of IoT devices and sensors examined were found to be susceptible to one or more of the vulnerabilities listed on the OWASP Internet of Things Top 10.
The recent Dyn botnet attack occurred when hackers hijacked millions of Internet-connected devices (such as IoT Wi-Fi routers and home cameras), which they then used to aim vast amounts of junk traffic at DNS services. Consequently, hundreds of very popular websites were made inaccessible, including Netflix, Twitter, GitHub, and Airbnb. There was also the very public example of Osram Lightify smart bulbs in which security experts found that both the Home and Pro versions could be commandeered to breach home Wi-Fi networks, and even activate the lights.
The IoT needs to ensure quality and security within its products and services if it is to start the slow process of rebuilding consumer trust, leaving the industry with three options:
- Government regulation – As consumers and manufacturers are only focused on cheap products and not concerned about quality and security, increased regulation is required if the IoT is to succeed. The only way to break this cycle is for governments to increase regulation that ensures manufacturers meet quality and security criteria before launching a device.
- Trusted industry organizations certify IoT-enabled devices – For example, consumers place a lot of trust in the Kitemark ‘quality badges’ established by the British Standards Institute (BSI). Products with such a Kitemark would reassure consumers that the device had been through rigorous quality analysis & security verification.
- Formal, structured independent testing regimes for IoT devices and services – Such regimes would enable a manufacturer to demonstrate compliance to the latest standards or IoT/internet guidelines, such as BITAG’s IoT security and privacy recommendations. It also means that manufacturers connecting devices to the Internet do not have to invest in complex testing procedures, equipment, and staff.
Trusted testing for IoT systems
Recently, Test and Verification Solutions (TVS) established an IoT lab and certification process that ensures IoT-enabled products conform to the latest industry standards, QA, and security best practices. The lab facility is capable of recreating real-world scenarios in a controlled manner, for example, simulation of a wide range of network conditions including RF testing, cell handovers, low signal strength, protocol analysis, and transitioning between 2G, 3G, and LTE or Wi-Fi (Table 1).
[Table 1 | These and other less common IoT protocols, such as SIGFOX, Z-Wave, 6LowPan, can be verified.]
IoT certifications include network end2end connectivity & security (Table 2). The process verifies products against selected key standards, with a three-tiered certification structure (gold/silver/bronze) that is based on a risk assessment of IoT products in their target application domain (e.g. smart car versus pet food dispenser). Continuous security analysis is also available to keep manufacturers and end users abreast of new and emerging security threats to devices deployed in the field.
[Table 2 | These TVS certifications ensure that IoT-enabled products conform to the latest industry best practices.]
Restoring consumer trust in IoT
The IoT will undoubtedly change the way we live our lives, but without proper testing of connected devices and the services they offer, the future may be frustrated by security breaches, intermittent services, and device failures. Short of government regulation, testing and certification are the only options for restoring consumer trust in IoT devices and services.
TVS will be hosting an interactive demo of their IoT lab from March 14-16, 2017 at Embedded World in Nuremburg, Germany. To schedule an appointment, contact TVS: