Negative consequences of IoT could extend beyond cybersecurity

Last week, the U.S. Government Accountability Office (GAO) published a 78-page technology assessment of emerging Internet of Things (IoT) technologies and their implications.

Internet of Things: Status and Implications of an Increasingly Connected World was conducted at the request of Congress, and involved a review of current literature and expert input.

Report authors named information security as the top concern for IoT.

“The IoT brings the risks inherent in potentially unsecured information technology systems into homes, factories, and communities. IoT devices, networks, or the cloud servers where they store data can be compromised in a cyberattack,” the report states.

The Mirai attack was cited as an example of how poorly protected and designed IoT devices can wreak havoc.

Another issue — and one I think is too often overlooked — is the impact connected IoT devices will have on physical safety.

“Researchers have demonstrated that IoT devices such as connected automobiles and medical devices can be hacked, potentially endangering the health and safety of their owners. For example, in 2015, hackers gained remote access to a car through its connected entertainment system and were able to cut the brakes and disable the transmission,” the report states.

Another challenge is the privacy issues surrounding IoT. There have been many stories about smart TVs, digital assistants and similarly connected devices eroding personal privacy.

“Smart devices that monitor public spaces may collect information about individuals without their knowledge or consent. For example, fitness trackers link the data they collect to online user accounts, which generally include personally identifiable information, such as names, email addresses, and dates of birth. Such information could be used in ways that the consumer did not anticipate. For example, that data could be sold to companies to target consumers with advertising or to determine insurance rates,” it states.

And still another realm that could be impacted is the economy, as in jobs. While IoT will be a driver for economic growth in industry, it also has the potential to disrupt or eliminate the need for many types of jobs. The report finds the potential to reduce the need for “certain types of businesses and jobs that rely on individual interventions, including assembly line work or commercial vehicle deliveries.”

With all of these issues raised, the report offered little in the way of recommendations to prevent or minimize negative effects. It did note one prescriptive measure in the call for standards: “IoT devices and systems must be able to communicate easily. Technical standards to enable this communication will need to be developed and implemented effectively,” it states.

Mitigating digital risks that derive from IoT devices isn’t easy, authors conceded, citing long-standing advice such as:

  • Entice device makers to design, prioritize and build security into their devices
  • Conduct risk assessments at the beginning
  • Test security defenses before devices are sent to market

The GAO also reiterated advice long offered to enterprises deploying IoT: Implement role-based access controls to limit what devices can do.

RELATED LINKS

The IoT lesson you should have already learned

Getting your enterprise ready for IoT

What you need to know about IoT hacking and medical devices

Comments

  1. Logan Wilt says:

    The advancements in IoT excite me, though they also give me pause for many of the same reasons listed in the article. However, that didn’t stop me from taking an extra walk last night just to appease my FitBit…

    In a way, I think we are a reincarnation of the second industrial revolution when the world grappled with a rapid rise in technological capabilities without a common understanding of how they would affect society. Today, we expect manufacturing to be safe, we expect our products to be as advertised, and we are savvier about identifying sham goods – even though we are not manufacturing experts – and we reward companies that we deem good with our dollars.

    But, like our predecessors in the early 20th century, society is only in the nascent stages of understanding the implications of IoT. We must mature our understanding to expect security, expect privacy, and suss out poorly designed products without degrees in computer science. Then, as we reward companies we deem good, that creates a market driver to continue to improve protections around security and privacy.

    Like

Trackbacks

  1. […] Negative consequences of IoT could extend beyond cybersecurity […]

    Like

  2. […] Negative consequences of IoT could extend beyond cybersecurity […]

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: