Regulators around the world are increasingly concerned to ensure that security and privacy issues are taken seriously by device manufacturers.
In September last year, the Article 29 Working Party (the independent European advisory body on data protection and privacy) issued an Opinion that reviewed the IoT and the specific data protection and privacy challenges raised by it and assessed the state of the applicable law (in Europe).
It made a number of recommendations applicable to relevant IoT stakeholders including a call for IoT device, O/S and application manufacturers and developers to apply the principles of privacy by design and privacy by default, and to undertake Privacy Impact Assessments (PIAs) before any new application is launched in the IoT.
IoT is a truly disruptive technology. Miniature computers are embedded into objects and devices and connected via the internet using wireless technology to create a dynamic online network.
In this way, the physical connects to the online world. Applications include smart thermostats with the ability to remotely monitor and adjust your heating at home, and medical devices and apps that can monitor for dangerous change in a patient’s insulin levels.
According to a McKinsey report, by 2025, IoT applications could generate $6.2 trillion per year, with health care and manufacturing sectors set to reap significant benefit.
We can expect the IoT to be increasingly subject to regulatory (and judicial) scrutiny over the next few years. And for good reason – last year, a study by HP found that the average IoT device has at least 25 security flaws.
There have been an increasing number of disturbing real-life events reported, including attempts to hack web-connected baby monitors, as well as numerous hacks demonstrated by security experts and researchers on things like internet routers, smart TVs, connected fridges and driverless cars.
Of even more concern to security experts is the growth of hacking as a crime. Security experts are concerned about the vast databases being generated in an increasingly connected world.
Third parties use the cloud to host a huge amount of personal information, which, if it fell into the wrong hands, would be a gold mine. This has been seen with recent attacks on retailers such as Target, as well as the recent Anthem health insurance security breach that reportedly impacted nearly 80 million people.
Perhaps of even greater concern is that critical national infrastructure looks set to come increasingly under attack by criminals and terrorists who exploit and manipulate security flaws in connected industrial control systems. Think Die Hard 4.0 but in the real world, not at the movies.
Well-known cases in recent years include the 2012 attacks on Saudi Aramco’s computer systems and the control systems of the National Iranian Oil Company’s Kharg Island oil terminal.
More recently, and closer to home, hackers are alleged to have attacked an unnamed steel mill in Germany at the end of last year by manipulating and disrupting its control systems so that a blast furnace could not be properly shut down resulting in considerable damage.
Sourced from Tim Wright, Pillsbury Law