Industry losing patience as regulators fail to keep up with IoT consumer security concerns …

Cesare Garlati: What about other consumer IoT devices?

Following the FTC’s recent announcement of its intention to study security update practices within the mobile industry, there is growing frustration in some quarters that the regulations take little account of the impact on the Internet of Things (IoT). Here, Jeremy Cowan reports on reaction to the regulatory hold-up and one company’s Asia-Pacific initiative to counter cyber attacks.

Cesare Garlati, chief security strategist of the prpl Foundation, former vice president of mobile security at Trend Micro, and current co-chair of the Cloud Security Alliance Mobile Working Group, is expressing his frustration at the scope of the FTC (the USA’s Federal Trade Commission) project.

Garlati tells IoT Now, “Mobile is now just a small fraction of the devices that surround us. In the years that passed since the FTC began publicly discussing this issue in 2013, the threat landscape has changed so much to be almost unrecognisable. This effort is a good first step, but it needs to have a much wider scope in order to be effective — every connected device could pose a threat, and the hyper-focus on mobile security updates simply isn’t enough.

“Every connected device needs a clear path for receiving these critical security updates. What good is it if your phone is up-to-date if your home access gateway has been exploited? What about all other consumer IoT devices? IoT is still very much in its infancy – with people eager to get their hands on the latest and greatest connected devices and manufacturers rushing to get them to market, and security is often an afterthought,” Garlati  complains.

The FTC has announced that in order to gain a better understanding of security in the mobile ecosystem, it has issued orders to eight mobile device manufacturers requiring them to provide the agency with information about how they issue security updates to address vulnerabilities in smartphones, tablets, and other mobile devices.

The eight companies receiving orders from the FTC are: Apple, Blackberry, Google, HTC America, LG Electronics USA, Microsoft, Motorola Mobility, and Samsung Electronics America, Inc.

Among the information these recipients are ordered to provide are: The factors that they consider in deciding whether to patch a vulnerability on a particular mobile device; detailed data on the specific mobile devices they have offered for sale to consumers since August 2013; the vulnerabilities that have affected those devices; and whether and when the company patched such vulnerabilities.

The orders issued are said by the FTC to be “part of the FTC’s ongoing efforts to understand the security of consumers mobile devices, including a workshop in 2013 and a follow-on public comment period in 2014. The Federal Communications Commission is conducting a separate, parallel inquiry into common carriers’ policies regarding mobile device security updates.”

 

… as NEC sets up Asia-Pacific links to a new corporate cyber security centre

While Garlati’s focus is on the domestic consumer and the risks to smart homes, others with security concerns are focusing on the risks posed by cyber attacks against enterprise and government IT systems.

Recovering from these attacks can cost millions of dollars and cause substantial delays in critical capital expenditure (CapEx) projects. The costs can also spiral with the widespread adoption by enterprises of the smart technologies and connected devices that make up the Internet of Things (IoT).

NEC aims to offer enterprise clients enhanced cyber security
NEC aims to offer enterprise clients enhanced cyber security from a new base in Adelaide

 

 

 

Now, one blue-chip Japanese IT company has decided to take its own steps to offer enterprise clients enhanced cyber security. Responding to the challenges NEC Corporation (NEC; TSE: 6701), is establishing a new Global Security Intel Centre (GSIC) in Adelaide, the home of the South Australian Government’s Smart City initiative.

NEC, together with its regional ICT services and solutions subsidiary, NEC Australia, has announced plans to establish a AU$4.38 million (US$ million) Global Security Intel Centre (GSIC) in Adelaide, Australia to address growing global demand for cyber security. The GSIC facility will aim to ensure that better cyber security enables the adoption of new, more efficient business models that in turn translate into new business opportunities.

The facility builds on NEC Australia’s recently announced memorandum of understanding with the University of Adelaide’s Smart City initiative, under which the organisations will collaborate closely on research and development.

The South Australian government has welcomed NEC Australia’s investment as a major boost to the state’s ICT capabilities, in particular in the cyber security domain. South Australian’s minister for Investment and Trade, Martin Hamilton-Smith says, “NEC’s investment will help South Australia achieve global prominence in the cyber security field, and complement the Smart City initiatives already underway in Adelaide.”

The centre will create 50 new high-value jobs in South Australia over the next five years, making the state a more attractive destination for the ICT skills in high demand by organisations operating in South Australia, and newer entrants that have established themselves in the state.

Martin Hamilton-Smith, MP, South Australian's minister for Investment & Trade
Martin Hamilton-Smith, MP, South Australian’s minister for Investment & Trade

“Adelaide has quickly become a destination of choice for companies in the technology and creative industries space. We offer a vast talent pool through the three local universities and a competitive business environment that ensures tech companies can grow and thrive in South Australia,” adds Hamilton-Smith.

The initiative contributes to NEC’s mission to add social value through technological innovation. It also reflects NEC’s understanding that combating cyber attacks requires a global perspective. To this end, the facility will complement NEC’s investments in cybersecurity-focused facilities located globally, including Japan and Singapore.

Mike Barber, chief operating officer of NEC Australia said: “South Australia is providing NEC with a great base to bring new technologies into Australia. Adelaide is a recognised hub for new technologies and we’ve worked with a lot of local partners with great intellectual property delivering innovative technical solutions.”

“This isn’t just about the creation of 50 new high-value jobs in South Australia over the next five years – this is a major global investment in a growth sector,” Mr Barber said.

“We see the cyber security demand in Australia and the Asia-Pacific region as a huge opportunity aligning with the company’s global vision.”

 

 

RECENT ARTICLES

What Matter? – The newly smart home standard

Posted on: December 2, 2022

Matter is an industry-unifying IoT wireless network standard that still needs to be released. It strives to become a reliant, frictionless, safe communication basis for connected objects. The project was announced and started in 2019. By utilising a specific collection of IP-based networking technologies, initiating with Thread, wi-fi, and Ethernet, Matter is a platform built

Read more

Ericsson, Thales launches IoT accelerator device connect with eSIMs for enterprises

Posted on: December 2, 2022

Ericsson’s Internet of Things (IoT) business, in partnership with Thales, launches IoT Accelerator Device Connect, a service offering generic eSIMs unbundled from pre-selected Service Providers. For the first time, enterprises have the flexibility to select one or more Service Providers easily and instantly at the time of device activation. This new business model dramatically accelerates

Read more
FEATURED IoT STORIES

The IoT Adoption Boom – Everything You Need to Know

Posted on: September 28, 2022

In an age when we seem to go through technology boom after technology boom, it’s hard to imagine one sticking out. However, IoT adoption, or the Internet of Things adoption, is leading the charge to dominate the next decade’s discussion around business IT. Below, we’ll discuss the current boom, what’s driving it, where it’s going,

Read more

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into a more switched-on place to live.

Read more

What is IoT?

Posted on: July 7, 2019

What is IoT Data as a new oil IoT connectivity What is IoT video So what’s IoT? The phrase ‘Internet of Things’ (IoT) is officially everywhere. It constantly shows up in my Google news feed, the weekend tech supplements are waxing lyrical about it and the volume of marketing emails I receive advertising ‘smart, connected

Read more