IoT security: mitigating the prospect of a life-threatening cyber attack

IoT manufacturers who prioritise cybersecurity procedures in the design stage will have a powerful competitive advantage

The Internet of Things (IoT) is weaving technology ever more tightly into our everyday lives, and the UK alone is expected to spend £10.8bn on smart devices in the year ahead. Connecting virtually everything to the internet brings tremendous opportunities for both consumers and businesses, but it also creates major safety and privacy concerns. Many of these connected devices extend the reach of the internet into the critical infrastructure we rely on every day: transportation, power plants, medical devices, and supply chains, for example.

With the IoT continuing to integrate more closely into our offices and homes, cyber attacks have a growing potential to cause life-threatening consequences. For example, cyber security researchers have demonstrated the ability to remotely control vehicles on the road by repeatedly hacking a Tesla's vehicle management systems, disabling the brakes and even controlling the vehicle's steering and acceleration.

As the scope and risks of potential cyber attacks grow and grow, we need to ask which stakeholders have the responsibility to address security concerns.

Broadly speaking, IoT stakeholders fall into the following categories:

How can these groups work together to mitigate the prospect of a life-changing IoT hack?

Developers and hardware manufacturers

The range and sophistication of connected devices is developing at a rapid pace. Yet many IoT developers and manufacturers are ignoring basic security best practice and protocols when designing their internet-connected devices. The pressure for manufacturers to deliver a product to market quicker than its competitors, and at a much lower cost, is reinforcing these issues.

It is essential that new products and platforms are secure by design. To protect users from harm, developers and manufacturers must make security a fundamental for the desired user experience. Security is often viewed as an add-on, instead of a core feature. Those manufacturers who prioritise cyber security procedures into the design stage will be able to better protect their customers and end-users. This will be a powerful competitive differentiator for brands as they begin to realise that their reputation can be significantly damaged as a result of basic security failures.

End-user companies

Enterprises will be major consumers of IoT devices and therefore influential in their evolution. End-user companies should implement security best practices throughout their organisations and build out strategies that make security a priority.

To achieve this, security must be a consideration at the executive and board level. Most large organisations now include a CISO, and businesses should look to further expand security expertise across leadership teams. Frequent communication between management and security personnel is essential for informed and effective decision-making among this class of stakeholder.

Policy makers

Collaboration across national and international governments is vital in tackling cyber security threats from an IoT perspective. In the UK for example, the government already holds a position of responsibility when it comes to the regulation of AI and robot technology. In fact, the Law Commission recently revealed an ambitious programme to develop legislation to promote the safe use of internet-connected cars - and this is set to be ready as early as 2021. Furthermore, the government's Innovate UK agency has provided over £300,000 of funding into trials of an AI-based system designed to automate workplace safety checks.

Businesses will need to work closely with policymakers to create a dedicated framework for reliable IoT security. Once a framework is agreed, it will of course have to be policed by all IoT stakeholders. However, the challenge here will be to avoid the temptation to legislate and regulate so heavily that it hinders innovation, design and development.

The future of IoT security

It is clear to see that there is still a major disconnect when it comes to IoT security. To ensure it is an integral part of the ongoing digital revolution, every stakeholder - from manufacturers to regulators - must ensure they understand the ramifications of an unsecure IoT. The stakes are incredibly high, and each and every stakeholder has a responsibility to contribute what is necessary to achieve a safe and secure IoT - as failing to do so could have catastrophic life or death consequences for end-users.

Gary Weiss is senior vice president, general manager of security, discovery and analytics at OpenText