The exponential growth of the Internet of Things (IoT) is becoming more apparent in our everyday lives. As with any growth, this one has its share of advantages and challenges that need to be carefully considered. It’s in this regard that the Telecommunication Engineering Centre (TEC), under the Department of Telecommunications, Ministry of Communications, has issued a report titled “Code of Practice for Securing Consumer Internet of Things(IoT)”. This document offers guidelines on how to secure consumer IoT devices & ecosystems, whilst managing vulnerabilities.
Understanding the Internet of Things
At its simplest, the Internet of Things is a concept that allows everyday physical objects to connect to the internet and identify themselves to other devices. This emerging technology is experiencing fast-paced growth around the world, providing numerous beneficial opportunities not just for individuals but also for industry and society at large.
IoT is used to create smart infrastructure in a variety of sectors, such as Power, Automotive, Safety & Surveillance, Remote Health Management, Agriculture, Smart Homes and Smart Cities etc. The ‘smart’ device at the heart of it all is a context-aware electronic gadget capable of autonomous computing and connecting to other devices wirelessly or via wire for data exchange.
Recent advances in several technologies including sensors, communication technologies (Cellular and non-cellular), Artificial intelligence/ Machine Learning, Cloud/ Edge computing etc. have further benefited IoT. By 2025, it’s projected that there will be about 11.4 billion consumer IoT devices and 13.3 billion enterprise IoT devices globally. Consequently, the global IoT security market size is expected to grow significantly from USD 8.2 billion in 2018 to USD 35.2 billion by 2023.
The Need for Guidelines
The anticipated growth of IoT devices emphasizes the importance of ensuring these devices adhere to safety and security standards. Without such standards, IoT runs the risk of becoming obsolete. Securing the IoT ecosystem (from devices to applications) is crucial as security breaches could lead to major problems and damages – disruptions in critical services/infrastructure, infringement of privacy, loss of life, money, time, property, health, relationships, etc., and even civil unrest.
Guidelines for Securing Consumer IoT
According to TEC’s report, securing consumer IoT involves several aspects. Firstly, unique default passwords should be set for all IoT devices and/or the user should be allowed to choose a password following best practices during device provisioning. IoT developers should provide a dedicated public point of contact as part of a vulnerability disclosure policy to manage reports of vulnerabilities.
Furthermore, software components in IoT devices should be securely updated and sensitive security parameters should be stored securely. Devices should operate on the ‘principle of least privilege’ to minimize exposed attack surfaces. If the device collects or transmits personal data, it should be securely stored, and resilience should be built into IoT devices and services where required.
Addressing Data Security Concerns & The Way Forward
While IoT technology offers significant advantages, it also poses potential risks to privacy. This concern over data protection needs to be addressed and IoT manufacturers will need to build and sustain consumer trust in their devices. In this context, the Data Protection Bill,2019 is seen as a step in the right direction.
Moreover, there is a global need for legislators, device manufacturers, and law enforcement agencies to deliberate on how best to benefit from IoT while simultaneously mitigating risks. Therefore, securing consumer IoT forms an essential component of this rapidly advancing technological future.
