Internet of Things

Internet of Things

News: Recently, in order to secure Consumer Internet of Things (IoT) devices, Telecommunication Engineering Centre (TEC), under Department of Telecommunications, Ministry of Communications, has released a report “Code of Practice for Securing Consumer Internet of Things(IoT)”. These guidelines will help in securing consumer IoT devices & ecosystem as well as managing vulnerabilities.

Internet of Things:
• It is a computing concept that describes the idea of everyday physical objects being connected to the internet and being able to identify themselves to other devices.
• It is one of the fastest emerging technologies across the globe, providing enormous beneficial opportunities for society, industry, and consumers.
• It is being used to create smart infrastructure in various verticals such as Power, Automotive, Safety & Surveillance, Remote Health Management, Agriculture, Smart Homes and Smart Cities etc, using connected devices.
• A smart device is a context-aware electronic device capable of performing autonomous computing and connecting to other devices wire or wirelessly for data exchange.
• IoT is benefitted by recent advances in several technologies such as sensors, communication technologies (Cellular and non-cellular), Artificial intelligence/ Machine Learning, Cloud / Edge computing etc.
• It has been projected that there would be around 11.4 billion consumer IoT devices and 13.3 billion enterprise IoT devices globally by 2025 i.e. consumer IoT devices would account for nearly 45% of all the IoT devices.According to a market research report published by Markets and Markets, the global IoT security market size is expected to grow from USD 8.2 billion in 2018 to USD 35.2 billion by 2023.

Latest guidelines:
• All IoT device default passwords shall be unique per device and/or require the user to choose a password that follows best practises, during device provisioning.
• IoT developers should provide a dedicated public point of contact as part of a vulnerability disclosure policy.
• Software components in IoT devices should be securely updateable.
• IoT devices may need to store security parameters such as keys & credentials, certificates, device identity etc. which are critical for the secure operation of the device.
• Security-sensitive data, including any remote management and control, should be encrypted in transit, appropriate to the properties of the technology and usage of the device.
• Devices and services should operate on the ‘principle of least privilege’.
• The Principle of Least Privilege states that a subject should be given only those privileges needed for it to complete its task.
• In case the device collects or transmits personal data, such data should be securely stored.
• Resilience should be built into IoT devices and services where required by their usage or by other relying systems.

Significance:
• In view of the anticipated growth of IoT devices, it is important to ensure that the IoT endpoints comply with the safety and security standards.The hacking of the devices/networks being used in daily life would harm companies, organisations, nations and more importantly people.
• Therefore, securing the IoT ecosystem end-to-end i.e. from devices to the applications is very important.
• Ensuring end to end security for connected IoT devices is key to success in this market -without security, IoT will cease to exist.There is in this data-driven future, a growing concern about the potential for increased government surveillance and the resulting encroachment of civil rights, and the suppression of dissent or of marginalised communities
• Consequences of Cyber Security Attack: Possible consequences of such attacks could include:
o Discontinuity and interruption to critical services/infrastructure.
o Infringement of privacy.
o Loss of life, money, time, property, health, relationships, etc.
o Disruptions of national scale including civil unrest.