The world is experiencing an ongoing technological revolution. Digital connectivity, already essential for many parts of our lives, is rapidly increasing its reach and its benefits.
IoT and connected devices range from everyday objects; from TVs, mobile phones, consumer electronics and ‘wearables’ (Apple watches, Fitbits etc.), to more discreet devices found in buildings and vehicles. What they all have in common is their communication capabilities. Because IoT devices are connected, they allow the free exchange of data and interaction between them, encompassing AI, data analytics, machine learning and decision-making.
For consumers, the IoT offers a more personalised and customised product and service. Take the simple task of controlling your household lighting and heating. Rather than doing this manually, or remotely with a smartphone, the IoT has the potential to allow the devices in your home to ‘learn’ your habits and preferences, while simultaneously monitoring temperature and daylight, checking the weather forecast, analysing energy tariffs, and providing you with your ideal environment at the most cost-effective price.
But with the IoT comes new risks. IoT devices that should enable better lives and more efficient businesses can also be used for the wrong reasons. Once devices are connected to the internet, they become vulnerable to potential security and privacy breaches. Cybercrime is on the rise and resourceful criminals can take advantage of insecure connected devices.
The challenge for organisations, wherever they manufacture, supply or use IoT or connected devices, is to embrace the advantages of the digital transformation they offer, while protecting themselves from their inherent or evolving risks. Failure to identify IoT vulnerabilities risks breaches of security and unintended lapses in data privacy that could cause significant financial losses and reputational damage.
It is no surprise that data privacy and security are among the major concerns with regard to IoT adoption. Many manufacturers are holding back from implementing the latest digital solutions in case they compromise the security of their data or the value of their intellectual property.
Businesses must ensure digital products and solutions are safe and secure, for themselves and for those they interact with. And they must demonstrate a high level of responsibility to build trust with all stakeholders – from customers and suppliers to employees and investors.
The role of regulation
As the volume of connected devices grows, issues of data privacy, security, and consumer trust are being addressed by governments around the world. There is widespread acknowledgement of the need for better regulation to protect consumers and businesses, reduce fear and accelerate uptake.
The UK Government announced that by the end of 2021 it intends to move forward with a proposed regulation for Consumer IoT products, such as smart appliances, locks, cameras, security/fire detection systems, and lifestyle products. It’s proposed that the first three principles of the DCMS Code of Practice for Consumer IoT Security, as embodied in ETSI EN 303 645, will become mandatory. The Code aims to improve the security of consumer IoT products and associated services, with guidelines on recommended practice for IoT devices to protect consumer privacy and safety.
Raising the security bar
Regulation will always be a compromise. A healthy environment for IoT needs to combine regulatory powers with scrutiny of connected devices by ‘ethical hackers’, along with standards and voluntary mark of trust schemes to highlight good practice.
While connected devices are already delivering transformative improvements across society, organisations must do more than simply jump on the IoT bandwagon. Protecting their reputation is critical, which means ensuring that the connected devices they manufacture must deliver safe and secure solutions.
Regulation offers basic protection, it represents the bare minimum, but to be trusted, you need more. Consumers have increasingly high expectations, and you need to provide products that perform safely and securely throughout their lifetime. BSI can help find the right ‘digital vaccine’ to counter IoT vulnerabilities and cyber threats. It can’t guarantee you won’t be attacked, but it:
- Greatly reduces the chances of a security breach
- Lessens the impact if a breach occurs
- Benefits everyone – by making life tough for cyber criminals.
We can support you on your digital transformation journey. Whether yours is a relatively low risk product, or a high-risk medical device, we can offer flexible solutions to help you ensure it has the appropriate controls in place for its intended use, helping you build trust with consumers.
Read up on more articles like this one from The Manufacturer