By Maryam Rahmani
Everywhere we look, devices and people are getting connected to the Internet. Gartner anticipates more than 20 billion connected devices by the year 2020. For the first time, in 2017, the number of IoT devices outnumbered the world’s population. These devices are being used by consumers, businesses and critical infrastructure to increase productivity, improve quality of life, and reduce costs. As it goes with technology, if security and privacy are not built in from the onset into the design cycle of the product, it could cause havoc in the wrong hands. A combination of automation, connectivity and expanded threat landscape increases associated risks to people, industries, and governments alike.
At the RSA Conference in San Francisco last week, there were a number of talks on the importance of securing these hard to secure devices that are scattered everywhere.
In smart manufacturing, threats are high and impacts are great. A coordinated cyberattack can cause plant disruptions resulting in millions of dollars in damages as it was seen in 2017 when several European automobile manufacturing plants were halted as the result of WannaCry ransomware attack.
Recently, a nation-state waged global cyberattacks on critical national infrastructure exploiting vulnerabilities in smart devices with weak passwords and unpatched software. The potential for future exploit remains.
Cyberattacks are also seen against hospitals throughout the world putting patients’ care and well-being at risk. Everywhere a smart thing exists is also a story about a hack, an exploit and unfortunate consequences. Status quo is not an option.
Organizations, manufacturers, and governments all must come together to make sure standards are developed and controls are put in place to mitigate the IoT-related cyber risk.
There are a number of great efforts under way.
The National Institute of Standards and Technology (NIST) is working on the development and application of standards, guidelines, and tools. If you are interested in learning more about IoT cybersecurity-related initiatives at NIST, please visit: https://www.nist.gov/programs-projects/nist-cybersecurity-iot-program.
In the UK in March, the Department for Digital, Culture, Media and Sport (DCMS) issued a report providing thirteen guidelines. Number one among them is not allowing for “default passwords” on IoT devices. The suggested guidelines are great, but it remains to be seen whether manufacturers will embrace them without regulation.
We at the Global Cyber Alliance are collaborating with our partners globally to come up with measurable actions to tackle the IoT-related risks. We are conducting a series of roundtables around the world with the objective to discuss lessons learned from various engagements, discuss concerns related to privacy and security, and provide tools and best practices for smart city deployment. We are good at tackling challenging cyber-related risks, with solutions that are highly effective, like DMARC and Quad9. We welcome collaboration and invite those who are interested in helping us with ensuring security and privacy is built in all smart city projects to reach out to us. By working together, we can make our connected world of everything a safer and more secure place.