Following the news that the UK government has announced new cybersecurity and compliance measures to protect IoT/smart devices around the UK, IT Security Experts commented below.
Ian Parker, Professional Services Consultant at Axians:
“Hopefully this is the first step to implementing industry-wide security standards for connected devices – something that is sorely needed as they begin to be part of the fabric of our daily lives. In addition, it may be the catalyst, along with incoming GDPR regulations, for manufacturers to have security at the front of their minds from the beginning of the process, not simply as an afterthought when something goes wrong.
However, IoT is only as secure as you make it. In today’s market, you cannot rely on manufacturers to produce a network-controlled device with security at the forefront. Unless the IoT device is a security device in itself, the manufacturers will want to make it as cost-effective as possible with a quick production cycle. Security, on the other hand, is time consuming, costs money and is not widely understood.
It is therefore up to the consumer or business who operates it to ensure these devices – which are essentially remote controls for the world to operate – are secure and remain accessible by authorised personnel and devices only.”
Matthias Maier, Security Evangelist at Splunk:
“The Internet of Things (IoT) presents a significant economic opportunity as well as a number of potential threats that need to be guarded against. Whether it’s Botnets utilising vulnerable devices to run massive DDOS attacks against businesses or government to bring services down, through to violations of IoT devices to spy on everyone’s private life. Such threats are no longer science fiction in our world of ever increasing IoT devices in the home.
“We need a mindset change from consumers to shift their purchasing habits from selecting the cheapest device to choosing the most trusted device. This change will happen as consumers become more educated and savvy about what they select and it’s great to see the UK Government pushing understanding further with the launch of this report.”
Ralph Echemendia, “The Ethical Hacker” and CEO at Seguru:
“Security by Design” sounds nice however the truth is business is about being first to market and when it comes to technology, and the sad reality is putting security before functionality and performance never leads to being market-first. Connected fridges, smart thermometers, intelligent heating systems – there is great potential for internet-connected devices to make our lives better, but it’s a matter of understanding the risks. There’s no doubt that IoT devices need to secure by design but it’s also about educating consumers on how to use these devices safely. Let’s take a smart toy, for example. Many parents don’t truly know and understand how these devices may be used or, more specifically, exploited by malicious hackers. The problem is consumers are often bombarded with information that moves away from how to protect themselves and focuses on the dark side of security that most don’t understand. Both consumers and technology creators need to be involved in balancing risks and functionality to create a safer connected future for all.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.