Why IoT security standards are necessary

Beveiligings normen

Imagine the chaos that would ensue if dozens of different manufacturers and organizations decided to launch different competing protocols and systems for managing IoT security. Not only would the lack of integration be a problem, but it could also be used as an excuse for little or no security of systems and data. The fact is that it is comparable to what is happening in the IoT market right now. Many IoT hardware manufacturers have their own methods of implementing and updating security.

Of course, it’s no secret that IoT security should be a primary consideration for organizations that want to take advantage of IoT. Millions of IoT devices have already been deployed and the number deployed is expected to increase exponentially. All these new hardware devices mean an ever-increasing attack surface for hackers.

The good news is that security offerings are expanding and organizations are getting the resources they need to improve their IoT security. The bad news? Not enough organizations are taking advantage of this offer, which threatens exposure. The lack of guidelines makes it difficult for organizations to know which direction to take when it comes to securing their IoT solution.

Industry leaders, government agencies, experts and advocates must all come together to implement common security standards for IoT. Although some regional guidelines exist and some organizations are trying to create their own guidelines. But they are scarce or not yet anchored. In fact, the state of California has one of the few official laws specifically related to the privacy and security of IoT devices in the world. The GSMA (Global System for Mobile Communications Association) also supports IoT SAFE (IoT SIM Applet for Secure End-to-End Communication), which will provide a common mechanism to secure communications between IoT devices and the cloud.

But is this the solution and is it enough? While it is a step in the right direction, we need to do more. Ideally, industry leaders, government agencies, recognized experts and interest groups should collaborate on a common checklist of recommendations for IoT security. We all know how important guidelines are when it comes to IT, so IoT standards could be modeled, for example, on the US National Security Agency (NSA) or the Cybersecurity Agency of the European Union’s Cybersecurity Agency (ENISA) for mobile devices or home networks, but specifically designed around IoT security vulnerabilities.

As the regulatory landscape for IoT security evolves and guidelines are developed and implemented for the entire IoT value chain, there is still a lot of confusion. Regulations remain complex and incoherent, with no common source or body.

The good news is that new things are starting to happen in this area, so stay alert and be prepared. For more information please contact us via telephone number 085-0443500 or by mail to info@thingsdata.nl.