As more gadgets in the home and enterprise get connected with the web, the digital security of the internet of things is turning into a developing concern. With every one of those smart devices connected with edge gateways or cloud platforms, IoT won’t just produce a bigger amount of data than any other technology, it will also create the fastest data streams, constantly flowing through the sensors.
IoT, IIoT and edge computing are growing at an incredibly quick pace. A report estimates that overall IoT spending will reach $745 billion in 2019 and get passed the $1 trillion mark by 2022. As everything from smart assistants to self-driving cars, and from smart meters in factories to healthcare devices, the extension of the IoT market reflects that of a booming business sector.
With such a high level of device connectivity comes a potential hazard to data security. Episodes like hackers shutting down IoT gadgets, the Mirai botnet, which cut down a great part of the web on the US east coast; and targeted attacks against enterprise infrastructure, including electrical grids, dams and even nuclear offices have come to light in the past. It seems that IoT security may not just be about enterprise data security but also national security.
Why IoT Devices Are More Vulnerable
IoT devices interact with the web in ways conventional IT devices usually do not. The effectiveness of cybersecurity and privacy features are often different for IoT devices than conventional IT devices as they may run on different (or no) operating systems. IoT security is one of those features that is still thought to be a costly add-on or idea in retrospect in the development of both chips and frameworks associated with systems.
The IoT’s security difficulties are especially overwhelming in light of the fact that they require shielding devices outside of conventional enterprise boundaries. Additionally, these endpoints are intended for lightweight information transmissions – not enterprise-grade security norms.
What India Is Doing To Enhance IoT Standardisation
As part of the Digital India initiative, the government of India has already planned to give IoT a push in the country. There is a ₹7,000-crore fund allocation for the development of 100 smart cities powered by IoT devices to control traffic, efficiently use water and power, and collect data using IoT sensors for healthcare and other services. According to Nasscom, the Indian IoT market is expected to reach $15 billion by 2020 and constitute 5% of the global market. Yet, IoT standardisation has not yet been fully implemented in the country.
Nonetheless, the Department of Telecom has asked its technical body — Telecom Engineering Centre (TEC) to finalise standards for IoT and machine-to-machine technology as the country is embarking to introduce 5G services. Ministry of Electronics and Information Technology (MeiTY)’s draft IoT policy also aims to create committees in order to govern and take IoT-specific security tasks forward, although the creation of the committees and specific guidelines related to IoT has not come to life yet. Other than that, the NDCP (National Digital Communications Policy) under the Department of Communication has asked important stakeholders to enhance security around India’s infrastructure and digital communications which includes IoT.
What Other Countries Are Doing For IoT Standardisation
In the US, the National Institute of Standards and Technology (US Department of Commerce) has been working to establish IoT standards for a long time. It gives a rundown of six prescribed security characteristics that manufacturers can incorporate with IoT gadgets and that clients can search for: device identification, device configuration, data protection, logical access to interfaces, software and firmware updates, and cybersecurity event logging.
In fact, the state of California in the US passed the first IoT Cybersecurity law that holds IoT gadget makers to higher security standards. Having faced an attack by Russian hackers, the US government is also in progress to initiate a Federal law too on IoT devices.
In Europe, ETSI Technical Committee on Cybersecurity (TC CYBER) has also released ETSI TS 103645, a standard for cybersecurity in the Internet of Things, to build up a security baseline for web-connected devices, while also give a premise to future IoT certification plans. TS 103645 requires implementers to renounce the utilisation of all-inclusive default passwords, which have been the source of numerous security issues. It additionally requires vulnerability disclosure policy so as to allow security specialists and others to report issues.
What More Needs To Be Done
The IoT landscape is chaotic and risks to enterprises utilising IoT networks go from run-of-the-mill cyberthreats all the way to cyber espionage and national security threats. So, we certainly need a more specific approach when it comes to IoT standards. This is critically important for India as the country is one of the biggest targets for IoT attacks in the world, according to a recent report.
The potential advantages of IoT will be accomplished if IoT devices are structured with trust, data privacy and security worked in. Devices need to be designed with the standards from the beginning, not as an afterthought. How might we address these worries without hampering innovation? It will require a more elevated amount of collaboration between countries on a worldwide scale. Policy-makers, regulators, device manufacturers, relevant industries and service providers will all have to come together in formulating a safer IoT ecosystem.
While IoT innovation is a great resource to people and companies around the world, IoT manufacturers should gather their client’s trust in their devices. Owing to the device and edge-networking limitations, vendors need to layer security deeply into the IoT networks. Here, embedded security hardware is an important component in making IoT devices more secure. Research estimates total worldwide shipments of embedded hardware equipment to twofold by 2023, outperforming the 4 billion mark. There is quickening interest seen for embedded security, particularly in industrial verticals, which according to research is driving the market for advancements, for example, secure microcontrollers and trusted platform modules.