In Conversation With... The Experts
Governments are paying more and more attention to the idea of regulation, because they worry that with the growth of the Internet of Things, there will be a huge increase in the risk to the digital infrastructure
Stephen Pattison, VP Public Affairs, Arm
Back in the 2010s, IoT security was considered the "Wild West". Memorable hacks included the car that could be compromised and driven off the road, connected video cameras that could be turned into a botnet to take out parts of the internet infrastructure, the casino fish tank that was used to spy on sensitive network data, and hacked tracking watches.
Today, there are more IoT devices than ever. Just a few years ago, researchers exposed vulnerabilities inside a brand of smart light bulbs. By 2035, governments, companies, and consumers will live with one trillion IoT devices on the market. This growth is fueling another, bewildering challenge - a lack of cohesive, global regulations.
Navigating Disparate Security Requirements
While governments acknowledge cybercrime as a huge threat, with 5,400 attacks per month on average targeted at IoT devices worldwide, globally defined regulations for IoT security still don't exist. As a result, many governments and regulatory bodies struggle to keep up with the ever-changing IoT and evolving attack surfaces.
In response to the attack issue, governments and regulatory bodies around the world are taking action and introducing a number of regulations, guidelines, and laws, such as ETSI EN 303 645 and NIST 8259A. However, these local guidelines and regulations typically mandate a baseline of critical IoT security and varied wording and requirements bring new challenges. In a global economy, companies are forced to navigate regional differences in regulations and create global solutions with local conformance.
Ensuring Compliance Throughout the Value Chain
The speed at which IoT products and new IoT-based companies are developing also presents a further challenge to regulatory bodies in tracking and mandating adherene to guidelines. Too often the onus is placed on OEMs, original equipment manufacturers, despite the large and hyper-connected value chain they rely on. This introduces the need for baseline security criteria for components within a product, which can provide critical security throughout the value chain.
"Varying governmental security regulations in different parts of the world have added to the complexity of addressing security in IoT devices"
Jason Lin, Vice President Nuvoton Microcontroller Application Business Group
Common Goals, Aligning a Foundation of Best Practice Security
Today, many requirements remain voluntary and vary by country, even though strong security principles could have addressed the common vulnerabilities that allowed the hacks back in the 2010s. The good news is that the regulatory baselines are in fact well defined and aren't drastically different beneath the semantics. They share common goals: the adoption of good security practices, trust, and to assure consumers their devices are built upon security foundations.
Value Chain Compliance Will Become Increasingly Important to Business Success
The requirement to demonstrate that products meet the baseline security criteria outlined in current regulations puts the responsibility for security onto sellers. This is going to drive compliance further down the value chain and lead to more scalable solutions. Companies and developers that succeed in these markets are those that adhere to these requirements, build in foundational security, and expand their knowledge in vertical-based requirements.
"I think that you have to be able to say that your product is better than the competition. And to me in the IoT space a major part of that is employing security standards that allow you to say 'Hey, I made you a secure product, therefore I'm going to charge you a couple more dollars than the other guy who didn't make a secure product that will eventually get hacked and leak all your data"
Svein-Egil Nielsen, Chief Technology Officer at Nordic Semiconductor
Navigate disparate requirements and ensuring compliance across the value chain.
The Cost of Insecurity
Cybercrime is anticipated to cost six trillion dollars by 2021. How can you protect your investments?
Balancing Security Risks
How much security does your device need? Tackle the cost vs. innovation debate.
Reducing IoT Fragmentation
Overcome discrepancies between standards and frameworks for IoT security solutions.
05 A Holistic Solution
Embrace innovation and digital transformation with a holistic security framework