The term Internet of Things (IoT) is defined as a network of “things” (devices) that are connected to the internet, meaning devices such as your household dishwasher are able to transmit data across a network.
Hopefully as a result of this process it improves your efficiency, allowing you to automate tasks, forecast needs, and so on.
But the process of transmitting data through the internet poses a cybersecurity risk since this data can be intercepted, or the network leveraged, to inject harmful data into the device—rendering it useless. Manufacturers that are creating these devices must therefore follow certain regulations in order to minimize security risk. An article in SecurityBoulevard warns that:
“Many manufacturers that understand the security risks of their devices still refuse to allocate budget to properly develop security protections, because it is seen as a cost they can’t recoup. Without monetary incentives for device manufacturers, there is nothing to motivate them to change their practices and design and build cybersecurity protections into their products”
As described later in the article, these regulations are to be imposed by government. Some have already enacted them:
“California’s new IoT Cybersecurity Law will require manufacturers of connected devices to produce them with “reasonable” security features. We’ve also seen data privacy protection from the European General Data Protection Regulation (GDPR).”
While IoT cybersecurity standards are already being developed by the governments of various countries, it will be interesting to see who will be developing the automation standards: laws deciding who is responsible for automated actions placed by these devices.
Furthermore, narrowing down to purchase automation, and with another layer of technology involved in the payments process, who will be responsible for an unauthorized purchase automated by a device? Also important is who would guide the settlement process identifying fraud?
It will interesting to see how these questions are resolved in the coming months and years as IoT devices become more ubiquitous.
Overview by David Nelyubin, Research Analysts at Mercator Advisory Group