Stephen Pattison, VP Public Affairs Arm & Chair of techUK’s IoT Council
The coming digital world will be all about connectivity and data. Its goal will be the collection of lots of data from trillions of devices, right across an increasingly intricate web of connections.
And, once the data has been used to provide new insights, that same complex network of communications will be used again to disseminate the insights, and to help improve the ways things are done.
Without data and connectivity, IoT is still born.
But this image of a vast web of connections pulsating with data, contains risks as well as rewards.
And just as we are on the threshold of the new digital world, the current digital world is facing a growing crisis of trust and responsibility.
At the root of this is the fear that the digital world, instead of empowering us, will do the opposite: it will make us feel less secure, more vulnerable.
The threats are real: some derive from the structure of the web itself, which makes it possible for far away hackers to poke around the network looking for opportunities to steal our data and our identities; or for bad actors to paralyse key infrastructure by taking over our IoT devices and using them to bombard other sites.
The way to protect against these threats is to drive up the general level of digital security, to make life harder for the bad guys.
The market left to its own devices may do some of this for us. Products are becoming more secure and security is increasingly becoming a major driver of innovation in the tech sector.
But the market might not deliver all of what we need, unless customers become more demanding.
And there is the problem. Customers don’t know what to demand. There are no universally recognised kite marks in this area. The capability of bad guys improves all the time. Security, generally, costs a bit extra.
And in some cases customers might not have a strong interest in paying for the best level of security. They might, for example, happily pay to protect their own data, but be less forthcoming about paying to stop their devices being used in a denial of service attack against others, a bank, or an energy company.
So Governments, industry and civil society need to come together to tackle the key problem: how to drive up the general demand for good IoT security?
Industry has already done the groundwork in this area. There is broad agreement around core principles, and key technologies.
But to ensure that this gets into the demand side, there is an important role for industry and Governments to work together to create greater public awareness of what needs to be done, of what to look for in an IoT device. We need to embed in the public consciousness the fundamental principles like no default passwords, proper authentication, and the need for clarity about provision of over the air upgrades. You wouldn’t buy a car without checking the brakes, looking at the mileage, and peering under the hood. We need to get somewhere similar with IoT security.
techUK's IoT Council welcomes the steps Government is working on in this area and stands willing to help drive this campaign alongside them.
This blog is part of a series of guest blogs on consumer facing IoT. Read techUK's response to Government's Secure by Design announcement here.
For more information on techUK's work on securing the IoT please contact: