Recently, in order to secure Consumer Internet of Things (IoT) devices, Telecommunication Engineering Centre (TEC), under Department of Telecommunications, Ministry of Communications, has released a report “Code of Practice for Securing Consumer Internet of Things(IoT)”.
Who coined the term the Internet of Things?
In 1999 Kevin Ashton, then at P&G (later MIT’s Auto-ID Center), coined the term ‘Internet of Things’. It was a new term, but not a new operation. It was known as pervasive computing, ubicomp, and ambient intelligence.
What is Internet of Things (IoT)?
- IoT is the interlinking of digital devices, people, machines, appliances, and other objects with one another through wireless networks.
- It allows machines and people to be connected to each other and communicate as well.
- It is considered the future of the internet. This version of the internet is about data that is created by things.
In layman’s term:
- Any device that can be connected will be connected.
- Any device that can be switched on and off will be connected.
- Most of the connected devices will have an Internet Protocol (IP) address. With IPv6, billions of devices can be connected with ease.
- Things can be connected with IoT:
- Connected Homes: interlinking of household appliances to the network.
- Connected Wearables: smartphones, smartwatches, fitness bands, etc.
- Connected Cars: vehicles connected to the network.
- Connected Cities: smart meters that can analyze the usage of gas, water, electricity, etc.; connected traffic signals; smart bins, etc.
- Different networks would be connected to each other, like as mentioned below:
- BAN (Body Area Network) – Wearables
- LAN (Local Area Network) – Smart Homes
- WAN (Wide Area Network) – Connected Cars
- VWAN (Very Wide Area Network) – Smart City
Evolution and Development of Internet of Things
The IoT has evolved from the rapid development and boom in the wireless technologies and internet. This coupled with rapid increase and improvements in the speed of computing devices due to the developments of fast microprocessor chips has given birth to the IoT. It is filled with immense possibilities as it evolves further.
In India, the first Internet of things India Congress 2016 was organized in Bengaluru. The second Internet of things India expo 2018 will be organized between 07-09 March 2018 in New Delhi. The Centre of Excellence for IoT will be developed in Vishakhapatnam to promote excellence in the field of IoT.
Internet of Things Applications
- Daily life: IoT can be used to do small tasks in daily life such as coffee-making as soon as the owner of the house returns home, refrigerator indicating that vegetables need to be bought and/or ordering them automatically from the e-store, etc. It can also be used in offices.
- Industry: IoT can be used to reduce human error, increase efficiency, and improve productivity, etc.
- Agriculture: IoT can be used to improve overall productivity by having enhanced weather forecasting, soil nutrient content, pest infestation, etc.
- Healthcare: there are several benefits to the medical industry. Better diagnosis of diseases, wearable monitors of vitals, sophisticated connected equipment, etc.
- Transportation: IoT can be used on toll booths, traffic management, driverless cars, etc. It can also be used in fleet management, safety assistance, improved logistics, etc.
- Media/Advertising: Companies can use IoT to analyze and predict consumer behavior and apply target marketing for better ROI in advertising/marketing campaigns, etc. Big data and data mining concepts can be used in this regard.
- Smart Cities: IoT can be used to make cities better places to live. It can be applied in solid waste management, smart power grids, smart energy management systems, etc.
- Government policies and services: the government can use IoT to offer better citizen services.
Why would we want an Internet of Things?
We want it because it can offer us –
- the best possible feedback on physical and mental health.
- the best possible resource allocation based on real-time monitoring.
- best possible decision making on mobility patterns.
- the best possible alignments of local providers with global potential.
Guidelines for securing consumer IoT:
- No Universal Default Passwords: All IoT device default passwords shall be unique per device and/or require the user to choose a password that follows best practises, during device provisioning.
- Implement a means to manage reports of vulnerabilities: IoT developers should provide a dedicated public point of contact as part of a vulnerability disclosure policy.
- Keep software updated: Software components in IoT devices should be securely updateable.
- Securely store sensitive security parameters: IoT devices may need to store security parameters such as keys & credentials, certificates, device identity etc. which are critical for the secure operation of the device.
- Communicate securely: Security-sensitive data, including any remote management and control, should be encrypted in transit, appropriate to the properties of the technology and usage of the device.
- Minimise exposed attack surfaces: Devices and services should operate on the ‘principle of least privilege’.
- The Principle of Least Privilege states that a subject should be given only those privileges needed for it to complete its task.
- Ensure that personal data is secure: In case the device collects or transmits personal data, such data should be securely stored.
- Make systems resilient to outages: Resilience should be built into IoT devices and services where required by their usage or by other relying systems.
Need For Guidelines:
- Anticipated Growth: In view of the anticipated growth of IoT devices, it is important to ensure that the IoT endpoints comply with the safety and security standards.
- Cyber-Security Attack: The hacking of the devices/networks being used in daily life would harm companies, organisations, nations and more importantly people.
- Therefore securing the IoT ecosystem end-to-end i.e. from devices to the applications is very important.
- Ensuring end to end security for connected IoT devices is key to success in this market -without security, IoT will cease to exist.
- Privacy Concerns: There is in this data-driven future, a growing concern about the potential for increased government surveillance and the resulting encroachment of civil rights, and the suppression of dissent or of marginalised communities
- Consequences of Cyber Security Attack: Possible consequences of such attacks could include:
- Discontinuity and interruption to critical services/infrastructure.
- Infringement of privacy.
- Loss of life, money, time, property, health, relationships, etc.
- Disruptions of national scale including civil unrest.
Opportunities and Benefits
IoT offers us the opportunity to be more efficient in how we do things, saving us time, money and often emissions in the process.
Internet of Things can be used to tackle simpler day-to-day issues – like finding a car parking space in busy areas, linking up your home entertainment system and using your fridge webcam to check if you need more milk on the way home.
IoT offers many other benefits industrially, such as:
- Unprecedented connectivity: IoT data and insights from connected applications and devices empower organizations with the ability to deliver innovative new products and services faster than their competitors.
- Increased efficiency: IoT networks of smart and intelligent devices provide real-time data to arm employees with the information they need to optimize their day-to-day efficiency and productivity.
- Cost savings: IoT devices provide accurate data collection and automated workflows to help organizations reduce their operating costs and minimize errors.
- Time savings: Connected smart devices can help organizations enhance the performance of systems and processes to save time.
Challenges and Concerns Due To Use of Internet of Things
The application of IoT in industries can cause loss of skilled and semi-skilled jobs in manufacturing and service sectors. India has a large labour force owing to its demographic dividend. We have to manage this problem to avoid the demographic dividend turning into a demographic disaster. There can be significant unemployment issues with automation in the automobile manufacturing units.
We need to skill our labour force to deal with these challenges arising due to IoT. Skill India Mission can provide the platform for their skill development. Simultaneously there is a need to create new job opportunities in other sectors to absorb the extra labour force.
Safety and privacy issues
There has been a concern over the safety and privacy due to activities like Data mining, use of big data etc. Issues like sharing and selling of personal data without permission by IT and internet companies has become a major concern. Digital surveillance using spy cameras, hacking smart homes to spy on people in their own homes has another major concern. Further ransomware attacks and hacking of bank accounts are becoming a big safety issue. This can further increase due to the rapid growth of internet of things (IoT).
We need to have the Data privacy legislation and policy frameworks to deal with these issues. There is a need to improve the firewalls, develop software to deal with various issues arising due to growth in IoT. We need to promote knowledge and best practices among the users to reduce the associated risks arising due to IoT. Also, there is a need to improve the cyber policing by recruitment and training of professionals to deal with these issues. In our policing system, a dedicated cyber specialist personnels can be created with proper training.
What should be done?
- Policy-makers, regulators, device manufacturers, supporting industries and service providers will all have to join hands in creating a safer space online.
- The state of California in the US just passed the first IoT Cybersecurity law that holds IoT device manufacturers to higher security standards.
- The EU and the UK published guidelines and codes for IoT manufacturers.
- The Internet Society’s Online Trust Alliance (OTA) Trust Framework provides strategic principles to increase the security of IoT devices and data.
- In India, the NDCP (National Digital Communications Policy) brought alignment from critical stakeholders to advance India’s infrastructure and security around digital communications.
- The draft IoT policy seeks to establish committees to govern and drive IoT-specific initiatives.
- It is not yet clear how much access to personal data these committees get and how their actions will be monitored.
- The Justice Srikrishna Committee had recommended some provisions for personal data protection including a consumer’s right to information, consent, and right to request companies to erase their data if preferred.
- However, it leaned heavily towards greater regulations and did not specify how to protect consumer data from unnecessary government surveillance.
- Despite these challenges, India must drive full speed ahead towards IoT technology for the greater good of our citizens.
- With effective global alliances and Indian stakeholder alignment, we can work to create more secure devices and help our citizens.