The $6trn importance of security standards and regulation in the IoT era

Digital encrypted Lock with data multilayers. Internet Security

We live in an era of digital transformation where more and more devices are connecting to bring new and innovative levels of service and efficiency. This transformation spans across all markets and the rate of progress is breath-taking, says David Maidment, director, secure device ecosystem at Arm.

This change brings huge benefits, but it also brings threats in the shape of an expanding cybercrime footprint. Every connected device is a hack potential. Rather than attacking traditional IT equipment, the cybercrime threats start to move to all aspects of our lives.

$6 trillion (€5.37 trillion) cybercrime

It is predicted that by 2021 there will already be US$6 trillion (€5.37 trillion) of cybercrime damage (Source: Cybersecurity Ventures Official Annual Cybercrime Report), which is a staggering number pinned against financial loss for businesses, without considering the damage to reputation and other harder-to-measure statistics.

When you pair this with an estimated average of 5,400 attacks on Internet of Things (IoT) devices every month (Symantec Internet Security Threat Report 2019) it’s clear to see why security standards have been rapidly evolving in the last 12 months. The cost of inaction is huge and ignoring security requirements isn’t an option. Governments, businesses and consumers across the world are starting to pay attention to this and look to the electronics industry for solutions.

As 5G connectivity expands, and we move towards a world of a trillion connected devices, government and industrial bodies are looking to implement preventative measures to protect against security vulnerabilities. It is now fundamental that every device is being designed securely from the outset and business processes have security in mind. Whether you have already embraced IoT, you’re exploring implementing it into your business, or you’re building the devices that will power this movement, there are crucial steps you should be taking to build assurance with customers, while also protecting your finances and brand.

 Security laws and standards

A number of governments have taken action to protect businesses and consumers, with laws and standards in place such as ETSI 303 645 (Cyber Security for Consumer Internet of Things)California State Law (SB-327) and NISTIR 8259 (Core Cybersecurity Feature Baseline for Securable IoT Devices). All of these provide guidance on how devices should be protected, from good password practice, all the way down to cryptography, audit logging and other security protocols.

This means that industries that have historically been unregulated are moving towards more self-regulation, which in turn is slowly becoming law. If you’re naive to these standards and are creating, or deploying, insecure devices into your business, you could find that the devices are pulled from operation hindering the way your business is running, but also cutting the revenue streams you depend on.

How can you protect your business?

With all this in mind, how can you successfully navigate the regulations that may impose rules for your business in the future? First and foremost, you should follow advice from a trusted source. All the regulations coming to market use different wording, have slightly different requirements and guidance. You’ll need an approach that is scalable and understandable, especially if you’re a worldwide business that works in multiple markets.

David Maidment

This is where many experts agree that a common framework of security best practice is really important, offering technical support to companies, but also a common language that everyone can understand and execute against. Independent schemes are already available and seeing fast adoption, such as PSA Certified which is being recommended by government guidelines, including the National Institute of Standards and Technology in the US.

It offers a framework to secure devices and an assurance scheme to check it’s being implemented correctly. A key element of what is offered is a mapping across key standards in various geographical locations. This gives you a checklist to implement security against if you’re creating devices, or to be looking out for when you’re procuring devices for your company.

Adopt a security framework

Whatever your approach, it’s critical that a framework for security best practice is adopted in your business and that security is never forgotten. Security isn’t a ‘one-and-done’ endeavour and companies must stay vigilant as the threat landscape continues to change. It’s positive to see security standards and regulations already in place, but for the IoT to really take off, we need to combat the lack of security validation of IoT devices and ensure trust is built in at the heart.

The author is David Maidment, director, secure device ecosystem at Arm.

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow


Scality and HPE GreenLake accelerate on-prem cloud services to keep data sovereign

Posted on: May 24, 2022

London, UK. 24 May 2022 – Scality has announced the availability of its Scality S3 Object Storage on the HPE GreenLake Cloud Services platform to accelerate on-prem cloud services for customers who want to retain their data sovereignty, scale easily and manage costs. The two companies are committed to solving the greatest data challenges across the

Read more

Welbilt KitchenConnect launches the smart restaurant ecosystem for the foodservice industry

Posted on: May 24, 2022

Welbilt, Inc., a provider of commercial equipment and cloud device management for the foodservice industry, is proud to announce the launch of the Smart Restaurant Ecosystem. The ecosystem is powered by the digital companies in the Internet of Things (IoT) space that will empower its homegrown cloud platform for connected restaurant equipment, KitchenConnect.

Read more

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into a more switched-on place to live.

Read more

What is IoT?

Posted on: July 7, 2019

What is IoT Data as a new oil IoT connectivity What is IoT video So what’s IoT? The phrase ‘Internet of Things’ (IoT) is officially everywhere. It constantly shows up in my Google news feed, the weekend tech supplements are waxing lyrical about it and the volume of marketing emails I receive advertising ‘smart, connected

Read more