The IoT devices came as a blessing for humans as the devices dutifully and efficiently performed tasks from trivial to important as part of the daily schedule. The IoT space is becoming more widespread with each passing day. Statista research suggests the total installed base of smart devices, such as smart TVs, smart locks, IP cameras, home assistants and their associated services, in homes around the world, will reach 75 billion units by the end of 2025, a five-fold increase in ten years.
For people, these devices appeared as the J.A.R.V.I.S when they were Devils in Disguise. While being thrilled about the alluring capabilities IoT devices offer, one should also consider the access you give to all personal information for a virtual personal assistant. Certainly, Alexa is always listening! Does that mean one should not rely on IoT technology? No, the technology has showcased vast potential to revolutionize many sectors. What needs your attention is how much transparency the technology providers hold. Currently, not many people realize that their smart devices might be invading their privacy but soon this will change, and there will be clamoring for more regulation.
The ability of IoT technology to let devices interact with each other independently without human interference undeniably opened fresh revenue sources, fueled business models, and augmented a new method of how prevailing services are offered across numerous diverse industries and sectors, but with more items connecting to the internet daily, the public and the government regulators should start to take note of. As governments develop interest and invest hefty funds in proprietary software to improve the existing services, awareness of the security challenges that one can face with large quantities of data, all needing to be processed and analyzed in real-time, is necessary.
It is software that runs society and its everyday operations; however, the proprietary software code is hidden without any accountability. The hidden codes increase more dependency on the owners of the software and offer little scope to tackle the evolving problems of society. Thus, governments fail to serve the public interest with inflexible software solutions from vendors. Proprietary software leveraging technologies like IoT are more vulnerable to cyber-attacks and data breach issues as this software are slow to upgrade and offer almost no control over them.
The Ripple20 vulnerability explains the widespread adoption and risk that is associated with IoT devices.
With typical IoT devices, it is difficult or impossible to identify and patch every weak point; and most devices do not follow industry-standard protocols, including security best practices. IoT devices are leading the change in important sectors like healthcare, physical security and manufacturing. and thus, ensuring and monitoring the security risks associated with the IoT solutions becomes even more crucial for governments.
The acceleration in IoT solution development is driving growth in the usage of IoT tools in governments and enterprises to develop, deploy, and manage services.
With the likelihood of security breaches in the IoT space, legislation around it seems like a good idea to governments, but some feel that government regulations cannot be sufficient; and can be burdensome to the involved parties (manufacturers and consumers), as the stringent rules inevitably increase cost and restrict innovation. IoT devices burdened by regulations are going to cost more to design, make, and maintain.
It might be worth mentioning that some governments in countries like the U.S. and Europe tried to bring regulation to the IoT ecosystem. In Europe, most IoT devices processing a large amount of personal data fall under the scope of the European Union General Data Protection Regulations (GDPR). Data subjects using IoT devices ought to be accorded heightened privacy rights and their data processed according to principles of data protection. In this endeavor, several states in the US, including California and Oregon, have already passed the IoT Cybersecurity Improvement Act of 2020. Also, Australia is attempting to improve the security quotient of IoT devices − the Department of Home Affairs, in partnership with the Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), developed and introduced the “Code of Practice”, wherein the ACSC defined 13 cybersecurity principles for consumer IoT devices, as per global industry standards and the perceived needs of the Australian people.
The impact and effect of these laws in protecting data seems ineffective in the IoT ecosystem because the producers can modify or restrict IoT devices even after purchase. Thus, consumers can be unaware of security vulnerabilities that might be introduced in later updates in the products, nullifying the effect of the laws and their safeguarding of the privacy of the citizens.
Another challenge for regulation is that significantly more parties are involved in the IoT ecosystem as compared to conventional services, for example, sensor manufacturers, hardware manufacturers, IoT software vendors, mobile operators and device manufacturers. This scattered nature of the IoT ecosystem makes the enforcement of regulations more difficult.
If governments want to leverage IoT in their societies, open-source IoT projects can offer a more viable option. Open-source software will give ownership to the people who have a vested interest in improving the system (consumers). Owen Miller, the founder of the Non-Human Party, proposed the idea of citizens contributing to the software systems of their nation. The involvement of government is necessary for many aspects of the software ecosystem, especially in critical industries. People rely on their legislative representatives to provide a safe and secured environment with the most evolved and advanced services. Thus, government authorities should also play a role in maintaining a safe space for the new parallel world, the Internet.
Hence, leaders should focus on creating open-source software that can be used freely by the people as contributors – who can make changes to the open code. The idea of an open-source software society where citizens can become a part of the system and constantly guard their privacy will improve the transparency and trust in the IoT system.
By building an open-source society, governments can take charge of fundamental public services and offer more visibility and accountability to the citizens than the dominant tech giants currently providing such services. With open-source software, developers and cyber security experts can conduct security audits, to spot any vulnerabilities.
IoT attacks can have an unmanageable impact because a single attack can infect hundreds of millions of connected devices. Thus, governments need to know how the IoT ecosystem works i.e., how IoT devices interact within the entire network, including the services required for functioning.
The time is near when citizens will start questioning the government for the inefficiencies in incorporating standard privacy safeguards and protections. Four years after NotPetya, a cyber catastrophe that overwhelmed numerous businesses in Ukraine and more than 60 other countries, many organizations remain as vulnerable as ever to similar attacks. The magnitude of the NotPetya attack highlighted the importance of learning the new way and practices of securing networks. In the case of open-source software, the authors, who might be the consumers themselves, have visibility and accountability in contrast to typical proprietary software, with its hidden source code.
It is high time that governments acknowledge that proprietary software leveraged in technologies like IoT is offering less flexibility and more restriction, in contrast to open-source software that can bring more transparency and customization for an evolved society. As communities evolve and awareness sweeps in, citizens will be clamoring to demand security and customization at will in daily operations. Thus, governments cannot keep standing back, issuing guidelines (in practice, suggestions) for security − citizens need them to play an active role in spurring on open-source projects that will implement best practices for security, and allow citizens to take charge of their privacy.